Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.12.2012, 11:33   #1
Laschmunzel
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



Hallo! Ich habe heute unter msconfig mein Startmenü ausmisten wollen weil mein Rechner so lange braucht um hoch zu fahren und habe dabei oben genannte Datei entdeckt (tbhcn). Nach Nachforschungen im Internet muss ich wohl davon ausgehen das ich einen Trojaner habe. Norton Commander und Microsoft Security Essential haben nichts gefunden. Ich habe mir dann aber nach dem durchlesen der Themen auf trojaner-board laut Anweisung Malwarebytes installiert und wie von euch vorgegeben einen Quickscan durchgeführt und die insgesamt immerhin 24 Funde gelöscht. Ich wurde zu einem Neustart aufgefordert, den ich auch durchgeführt habe. Dieser hat extrem lange gedauert und die Datei tbhcn ist jetzt danach noch immer im Startmenü unter msconfig aufgelistet und auch mit Hackerl versehen gewesen. ich habe mir bereits Defogger und OTL auf den Desktop installiert und bitte Euch nun um genaue Anweisung was ich machen soll. Danke schon mal im Vorraus für die Hilfestellung.

Hier mein Malwarebytes-Log, welches VOR dem Neustart des Systems, aber NACH dem Scan mit Malwarebytes erstellt wurde:



Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Aktiviert

16.12.2012 09:54:51
mbam-log-2012-12-16 (09-54-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250950
Laufzeit: 4 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 2
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Löschen bei Neustart.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 24
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 121
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\278ca6909ef78d151c6c6c41b6f15d23 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\FlauschBlausch\AppData\LocalLow\bbrs_002.tb\content\cache\278ca6909ef78d151c6c6c41b6f15d23_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\3af4ce1557b1a149f1152d20999bb58f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\3af4ce1557b1a149f1152d20999bb58f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\7280305f8fa54e91e8d9e86bfbc540fd (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\7280305f8fa54e91e8d9e86bfbc540fd_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\80dab00fc41869399311767d96bac5a2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\80dab00fc41869399311767d96bac5a2_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\86368b19a9893d4957db02536017019b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\86368b19a9893d4957db02536017019b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\9c208a2c5e63a13b20878bcc8acd5c61 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\9c208a2c5e63a13b20878bcc8acd5c61_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\a0c99e173d5992660760d2a013e61e5f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\a0c99e173d5992660760d2a013e61e5f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\a17dc23ae3688792b90e390b47cefdc8 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\a17dc23ae3688792b90e390b47cefdc8_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\a66abe1a8b8e266beb67fa45bb6a240c (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\a66abe1a8b8e266beb67fa45bb6a240c_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\adbb013efd3fd71cf048206629fae313_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\b35fa66fdb0d42629eedac7834a3d97d (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\b35fa66fdb0d42629eedac7834a3d97d_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\F***\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\b5bc7084382de95cb69790e5d10db338 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\b5bc7084382de95cb69790e5d10db338_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\b6003e4f932763daa8e785630af3098c (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\b6003e4f932763daa8e785630af3098c_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\bb83300c55ea30e3184a353755d1e7d7 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\bb83300c55ea30e3184a353755d1e7d7_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\ce04b7f9cf5e904e9e1158db27e81a27 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\ce04b7f9cf5e904e9e1158db27e81a27_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\cfb8ea10f4c9444a28a2d2914e0b689f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\cfb8ea10f4c9444a28a2d2914e0b689f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\de5faa912bc1a6ba22ee4e88cb02dbec (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\de5faa912bc1a6ba22ee4e88cb02dbec_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\de8b329902e8d6582a12339b79ae9972 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\de8b329902e8d6582a12339b79ae9972_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e3bad56a20fdc593d1bc90d7dc95e8b4 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e3bad56a20fdc593d1bc90d7dc95e8b4_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e540b94a2146f0ca0c90722e0525c579 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e540b94a2146f0ca0c90722e0525c579_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e754a16457d10094d677c3d5b29098fb (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e754a16457d10094d677c3d5b29098fb_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_AT (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


PS: Ich hoff ich hab soweit alles richtig gemacht! (?)

Alt 16.12.2012, 15:04   #2
t'john
/// Helfer-Team
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.



Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe


  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

__________________

__________________

Alt 16.12.2012, 18:43   #3
Laschmunzel
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



Hallo, hallo! Zunächst mal danke für die schnelle antwort am sonntag und entschuldigung das ich so spät zurück schreibe - bin vorm Fernseher eingeschlafen. Aber ich habe alle Schritte ohne Probleme ausgeführt. ich hätte eine Frage: Hab ich das richtig verstanden das OTL nur Files die unter 30 Tage alt sind gescannt hat? Es könnte nämlich durchaus sein, das das Problem schon länger besteht. ich hatte eine Menge programme im Systemstart drinnen und habe lange nicht hinein gesehen. ich dachte mir auch nichts dabei, bei zwei Virenschutzprogrammen die regelmäßig scannen dürfen. Jedenfalls bin ich mir deshalb nicht sicher was den Systemstart zu welchem Zeitpunkt verlangsamt hat. Bevor ich mich mit der tbhcn Datei beschäftigt habe, habe ich nämlich den Systemstart bereinigt und das starten ging tatsächlich ein paar mal - trotz angeklickter tbhcn - schneller. Müsste ich dann den Scan wiederholen, wenn der Virus schon länger drauf ist?


Es folgen nun die einzelnen Log-Files:

Adwcleaner:

# AdwCleaner v2.100 - Datei am 16/12/2012 um 18:17:07 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : xxx - xxx
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Gelöscht mit Neustart : C:\Users\xxx\AppData\Local\Smartbar
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files (x86)\kikin
Ordner Gelöscht : C:\Program Files (x86)\Vuze_Remote
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\xxx~1\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\xxx\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\xxx\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gelöscht : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\xxx\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\xxx\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\xxx\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\xxx\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\xxx\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\xxx\AppData\LocalLow\Vuze_Remote
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\kikin
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Freecause
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Vuze_Remote
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Schlüssel Gelöscht : HKLM\Software\Vuze_Remote
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39F3F1E1-BC43-4086-9377-9C794E54F820}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40DBE11C-1CF6-452B-AD1B-A32BFE6AB6BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9951D9E0-9C2A-4180-BBF1-8A99120F96C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7D61187-080E-4FB0-81EA-006BFCF52280}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=cc3632a7-44a1-425b-bf47-8b01b3853680&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=cc3632a7-44a1-425b-bf47-8b01b3853680&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=cc3632a7-44a1-425b-bf47-8b01b3853680&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=cc3632a7-44a1-425b-bf47-8b01b3853680&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.8] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=cc3632a7-44a1-425b-b[...]
Gelöscht [l.12] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&user[...]
Gelöscht [l.371] : homepage = "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=cc3632a7-44a1-425b-bf47[...]
Gelöscht [l.643] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=[...]

*************************

AdwCleaner[S1].txt - [21073 octets] - [16/12/2012 18:17:08]

########## EOF - C:\AdwCleaner[S1].txt - [21134 octets] ##########

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.12.2012 18:34:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 71,90% Memory free
16,00 Gb Paging File | 13,77 Gb Available in Paging File | 86,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 509,57 Gb Free Space | 85,49% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 456,08 Gb Free Space | 97,92% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 251,37 Gb Free Space | 17,99% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 465,66 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - F:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.2.0.19\wincfi39.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (MCLIENT) -- C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- F:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ogmservice) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AntUpdaterService) -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symds64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_MCLIENT) -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnets.sys (Symantec Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\drivers\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\drivers\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\drivers\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\drivers\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\drivers\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\drivers\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\drivers\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (NCPro) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121215.006\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121215.006\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20121214.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NCPro) -- C:\Windows\SysWOW64\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\Windows\SysWOW64\drivers\MTictwl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = F:\Installationsdateien
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 72 D3 EB 3D E3 CC 01  [binary data]
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_deAT512
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\SearchScopes\{B1E7FF11-0E88-4BBA-AB30-A6E125885E8F}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms}
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1002\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Programme\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: F:\Programme\Canon Kamera\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Programme\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\opencandy.com/Ignite: C:\Users\xxx\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2012.12.16 18:29:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2012.12.10 10:15:11 | 000,000,000 | ---D | M]
 
[2012.11.23 11:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin:  (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromePI.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\xxxh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Programme\Adobe Reader\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Ignite (Enabled) = C:\Users\xxx\AppData\Local\Ignite\npOCDM.1.1.4.0.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: NPCIG.dll (Enabled) = F:\Programme\Canon Kamera\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Programme\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Browser Companion Helper = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Skype Click to Call = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Skype Click to Call = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Norton Identity Protection = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: Norton Identity Protection = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - F:\Programme\Shareaza\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - F:\Programme\Shareaza\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Programme\MagicTune Premium\MagicTuneLauncher.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1725708464-4129431227-4282348430-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1725708464-4129431227-4282348430-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with &Shareaza - F:\Programme\Shareaza\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download with &Shareaza - F:\Programme\Shareaza\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CCD1CB-F4A2-43DC-AFFA-A679A21EE10A}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.01 15:08:05 | 000,000,000 | ---D | M] - G:\Auto Screen Recorder Dateien -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.16 10:52:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.12.16 10:23:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D4CD2421-557C-4ADD-81E2-82DE018DE3F8}
[2012.12.16 09:52:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.12.16 09:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.16 09:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.16 09:51:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.16 08:55:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.12.16 08:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP540 series
[2012.12.16 08:53:40 | 000,279,040 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM9E.DLL
[2012.12.16 08:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012.12.16 08:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012.12.16 08:12:46 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.12.16 08:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.12.16 08:11:58 | 000,000,000 | ---D | C] -- C:\Intel
[2012.12.16 08:09:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2012.12.16 08:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2012.12.16 08:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.12.16 08:05:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.12.16 08:04:50 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.12.16 08:04:50 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2012.12.16 08:04:50 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2012.12.16 08:04:50 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.12.16 08:04:50 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.12.16 08:04:50 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.12.16 08:04:50 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.12.16 08:04:50 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2012.12.16 08:04:50 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2012.12.16 08:04:49 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012.12.16 08:04:49 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012.12.16 08:04:49 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.12.16 08:04:49 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2012.12.16 08:04:49 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.12.16 08:04:49 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.12.16 08:04:49 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.12.16 08:04:48 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012.12.16 08:04:48 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012.12.16 08:04:48 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.12.16 08:04:48 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012.12.16 08:04:48 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.12.16 08:04:48 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012.12.16 08:04:48 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.12.16 08:04:48 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.12.16 08:04:48 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2012.12.16 08:04:47 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.12.16 08:04:47 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2012.12.16 08:04:47 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012.12.16 08:04:47 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.12.16 08:04:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.12.16 08:04:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.12.16 08:04:47 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.12.16 08:04:47 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.12.16 08:04:47 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2012.12.16 08:04:47 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.12.16 08:04:46 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.12.16 08:04:46 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.12.16 08:04:46 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2012.12.16 08:04:46 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012.12.16 08:04:46 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012.12.16 08:04:46 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.12.16 08:04:46 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.12.16 08:04:46 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.12.16 08:04:44 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.12.16 08:04:44 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.12.16 08:04:44 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.12.16 08:04:44 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.12.16 08:04:44 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.12.16 08:04:44 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.12.16 08:04:44 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.12.16 08:04:44 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012.12.16 08:04:44 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012.12.16 08:04:44 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.12.16 08:04:44 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012.12.16 08:04:44 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.12.16 08:04:44 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.12.16 08:04:44 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.12.16 08:04:44 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.12.16 08:04:44 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.12.16 08:04:44 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012.12.16 08:04:44 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012.12.16 08:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.12.16 08:04:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.12.16 08:04:39 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012.12.16 07:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.12.16 07:00:37 | 026,811,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.12.16 07:00:37 | 000,201,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.12.16 07:00:36 | 020,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.12.16 07:00:36 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.12.16 07:00:36 | 009,271,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.12.16 07:00:36 | 007,819,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.12.16 07:00:35 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.12.16 07:00:35 | 018,045,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.12.16 07:00:35 | 007,446,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.12.16 07:00:35 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.12.16 07:00:35 | 000,841,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.12.16 07:00:34 | 006,149,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.12.16 07:00:34 | 002,784,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.12.16 07:00:34 | 002,226,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.12.16 07:00:34 | 000,245,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.12.16 07:00:28 | 002,606,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.12.16 06:28:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SlimWare Utilities Inc
[2012.12.16 06:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2012.12.16 06:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2012.12.16 06:26:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012.12.16 06:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2012.12.16 00:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012.12.16 00:21:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Image-Line
[2012.12.15 23:52:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Deckadance19
[2012.12.15 23:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.15 23:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.15 23:25:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.15 23:07:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Ignite
[2012.12.15 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SongManager
[2012.12.15 22:48:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012.12.15 22:47:20 | 001,431,552 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2012.12.15 22:47:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Image-Line
[2012.12.15 22:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012.12.15 22:46:58 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2012.12.15 22:46:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012.12.15 22:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2012.12.15 22:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2012.12.15 22:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.15 22:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.15 22:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.15 22:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.15 22:30:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ignite
[2012.12.15 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Deployment
[2012.12.15 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Apps
[2012.12.15 22:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.12.14 08:45:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7A63D6A3-4599-4143-B412-6D028FD95E2B}
[2012.12.13 20:44:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{86CE9C5F-A705-40EB-B140-E8E8A583BD64}
[2012.12.13 08:44:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{FD06CC40-B8C5-498F-9655-8DEB20F92AD5}
[2012.12.13 07:03:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 07:03:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 07:03:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 07:03:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 07:03:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 07:03:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 07:03:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 07:03:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 07:03:34 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 07:03:34 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 07:03:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 07:03:34 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 07:03:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 07:03:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 07:03:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 06:59:11 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 06:59:10 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 06:59:10 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 06:59:10 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 06:58:56 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 06:58:56 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 06:58:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 06:58:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 06:58:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 06:58:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 06:58:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 06:58:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 06:58:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 06:58:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 06:58:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 06:58:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 06:58:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 06:58:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 06:58:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 06:58:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 06:58:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 06:58:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 06:58:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 06:58:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 06:58:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 06:58:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 06:58:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 06:58:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 06:58:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 06:58:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 06:58:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 06:58:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 06:58:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.13 06:58:39 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.13 06:58:39 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.13 06:58:39 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.13 06:58:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.13 06:55:25 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 06:55:25 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.12 20:19:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{51BE2914-1A47-4093-B252-6495DFD13D51}
[2012.12.10 10:10:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012.12.07 00:06:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{08CF3109-47E1-4445-B725-900153EFBB7C}
[2012.12.06 14:19:22 | 000,067,072 | ---- | C] (Anark Corporation) -- C:\Windows\SysWow64\AKCPanel.cpl
[2012.12.06 14:19:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anark
[2012.12.06 12:06:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6AB355D0-5D8E-4797-81CC-F5A08C391A72}
[2012.12.06 10:59:48 | 002,459,160 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Springtime_3D_Screensaver.scr
[2012.12.06 09:26:47 | 002,582,552 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Tropical_Fish_3D_Screensaver.scr
[2012.12.06 09:24:55 | 000,997,904 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Galleon_3D_Screensaver.scr
[2012.12.05 12:41:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0B93CF0A-3136-41F5-84E4-AC6DC6661C8B}
[2012.12.05 09:56:51 | 000,973,848 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Cuckoo_Clock_3D_Screensaver.scr
[2012.12.05 09:54:46 | 002,585,624 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Coral_Clock_3D_Screensaver.scr
[2012.12.05 06:39:58 | 002,450,456 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Deep_Space_3D_Screensaver.scr
[2012.12.05 06:39:12 | 000,966,680 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Water_Clock_3D_Screensaver.scr
[2012.12.05 06:38:19 | 000,965,144 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Christmas_3D_Screensaver.scr
[2012.12.05 06:37:09 | 000,970,784 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Lighthouse_Point_3D_Screensaver.scr
[2012.12.05 06:36:08 | 000,963,104 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Dutch_Windmills_3D_Screensaver.scr
[2012.12.05 06:34:55 | 000,964,624 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Fog_Lake_Screensaver.scr
[2012.12.05 06:33:40 | 002,464,296 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Caribbean_Islands_3D_Screensaver.scr
[2012.12.05 06:32:41 | 002,486,816 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Digital_Clock_3D_Screensaver.scr
[2012.12.05 06:31:52 | 002,530,328 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Wildflowers_3D_Screensaver.scr
[2012.12.05 06:31:06 | 002,704,920 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Fog_Horses_3D_Screensaver.scr
[2012.12.05 06:24:09 | 000,963,096 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Valentine_3D_Screensaver.scr
[2012.12.05 06:22:54 | 002,468,376 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Ice_Clock_3D_Screensaver.scr
[2012.12.05 06:20:35 | 000,982,032 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Nature_3D_Screensaver.scr
[2012.12.05 06:19:09 | 001,015,832 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Watermill_3D_Screensaver.scr
[2012.12.05 06:17:11 | 000,643,088 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Lantern_3D_Screensaver.scr
[2012.12.05 06:13:25 | 002,599,960 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Lake_Tree_3D_Screensaver.scr
[2012.12.05 06:09:06 | 002,591,256 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Sunny_Patio_3D_Screensaver.scr
[2012.12.05 06:05:54 | 002,508,824 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Grassland_3D_Screensaver.scr
[2012.12.05 06:03:35 | 002,621,968 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Dolphins_3D_Screensaver.scr
[2012.12.05 05:57:55 | 002,621,984 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Thanksgiving_Day_3D_Screensaver.scr
[2012.12.03 06:56:44 | 000,986,144 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Spirit_of_Fire_3D_Screensaver.scr
[2012.12.03 06:53:22 | 000,973,856 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Western_Railway_3D_Screensaver.scr
[2012.12.03 06:52:40 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.12.03 06:52:03 | 002,671,648 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Great_Pyramids_3D_Screensaver.scr
[2012.12.03 06:50:10 | 002,630,168 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Stonehenge_3D_Screensaver.scr
[2012.12.03 06:47:20 | 000,941,584 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Lagoon_3D_Screensaver.scr
[2012.12.03 06:45:26 | 000,965,664 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Mayan_Waterfall_3D_Screensaver.scr
[2012.12.03 06:43:51 | 002,670,616 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Sandy_Beach_3D_Screensaver.scr
[2012.12.03 06:40:39 | 002,497,576 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Winter_Wonderland_3D_Screensaver.scr
[2012.12.03 06:38:55 | 000,973,856 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Haunted_House_3D_Screensaver.scr
[2012.12.03 06:35:10 | 002,738,208 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Summer_Forest_3D_Screensaver.scr
[2012.12.03 06:25:19 | 002,690,584 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Grand_Canyon_3D_Screensaver.scr
[2012.12.03 06:21:57 | 002,544,664 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Coral_Reef_3D_Screensaver.scr
[2012.12.03 06:18:51 | 002,620,960 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Orbital_Sunset_3D_Screensaver.scr
[2012.12.03 05:42:08 | 002,453,024 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Faraway_Planet_3D_Screensaver.scr
[2012.12.03 05:40:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5772F6EA-3800-4BD6-851C-8BA553779A40}
[2012.12.03 05:38:44 | 000,749,600 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\3Planesoft_Screensaver_Manager.scr
[2012.12.03 05:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Planesoft Screensaver Manager
[2012.12.03 05:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\3Planesoft
[2012.12.03 05:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
[2012.12.03 05:38:24 | 002,587,152 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Earth_3D_Screensaver.scr
[2012.12.01 18:14:27 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EB6BF808-7488-44EC-B0C7-1C6CDBD9ADC2}
[2012.12.01 18:05:28 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\ccSetx64.sys
[2012.12.01 18:05:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
[2012.12.01 18:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Management
[2012.12.01 18:05:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\MCLIENTx64
[2012.12.01 18:05:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013
[2012.11.30 22:43:52 | 000,438,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2012.11.28 21:52:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.11.28 21:52:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.28 21:52:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.11.28 21:52:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.11.28 21:52:06 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.11.28 21:52:04 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.11.28 21:52:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.11.28 21:52:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.11.28 21:52:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.11.28 21:52:04 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.11.28 21:52:04 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.11.28 21:52:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.11.28 21:52:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.11.28 21:52:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.11.28 21:52:04 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.11.28 21:52:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.11.28 21:52:04 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.11.28 21:52:04 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.11.28 21:52:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.11.28 21:52:03 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.11.28 21:52:03 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.11.28 21:52:03 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.11.28 21:52:03 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.11.28 21:52:02 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.11.28 21:42:25 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.11.28 21:42:25 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.11.26 13:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.11.26 04:35:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{65947815-3F53-47D7-B2E1-55BA82F02BD4}
[2012.11.24 00:31:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{14F51EAD-5180-46C3-B0F5-8860CDD93119}
[2012.11.23 21:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aeon
[2012.11.23 21:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteCap
[2012.11.23 11:58:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.11.23 11:58:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.11.23 11:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.23 11:57:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\GoforFiles
[2012.11.22 23:29:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{250969B7-C3E1-48AD-BD2A-0937600A67CD}
[2012.11.22 21:52:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\OneNote-Notizbücher
[2012.11.22 09:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.22 09:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.22 09:03:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.11.22 09:01:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2012.11.22 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.11.22 00:55:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.22 00:55:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.11.22 00:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.11.22 00:54:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.11.22 00:54:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.11.22 00:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.11.21 23:33:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
[2012.11.16 23:15:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{002F62BE-F6C0-4DC3-95EB-DAD2B48D8D63}
[2012.02.05 14:44:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe6067.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.16 18:35:19 | 000,015,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 18:35:19 | 000,015,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 18:25:30 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.16 18:23:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.16 18:22:32 | 2146,738,175 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.16 18:14:37 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.16 18:06:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.16 17:41:20 | 000,545,819 | ---- | M] () -- C:\Users\xxx\Desktop\adwcleaner.exe
[2012.12.16 17:07:02 | 000,001,174 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1725708464-4129431227-4282348430-1000UA.job
[2012.12.16 11:07:00 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1725708464-4129431227-4282348430-1000Core.job
[2012.12.16 10:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.12.16 10:50:14 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe
[2012.12.16 09:51:24 | 000,000,742 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.16 09:08:06 | 000,345,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 09:06:22 | 011,275,381 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Cat.DB
[2012.12.16 08:50:54 | 016,096,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.16 08:50:54 | 000,694,454 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.12.16 08:50:54 | 000,693,478 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012.12.16 08:50:54 | 000,691,216 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012.12.16 08:50:54 | 000,689,750 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012.12.16 08:50:54 | 000,689,132 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.12.16 08:50:54 | 000,679,366 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012.12.16 08:50:54 | 000,675,982 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012.12.16 08:50:54 | 000,663,828 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012.12.16 08:50:54 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.16 08:50:54 | 000,632,204 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012.12.16 08:50:54 | 000,623,168 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.12.16 08:50:54 | 000,617,592 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012.12.16 08:50:54 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.16 08:50:54 | 000,610,226 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012.12.16 08:50:54 | 000,551,794 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012.12.16 08:50:54 | 000,462,196 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012.12.16 08:50:54 | 000,448,610 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2012.12.16 08:50:54 | 000,434,510 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2012.12.16 08:50:54 | 000,433,412 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2012.12.16 08:50:54 | 000,399,760 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2012.12.16 08:50:54 | 000,388,542 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2012.12.16 08:50:54 | 000,377,894 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012.12.16 08:50:54 | 000,361,792 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2012.12.16 08:50:54 | 000,353,546 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012.12.16 08:50:54 | 000,148,334 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012.12.16 08:50:54 | 000,137,086 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012.12.16 08:50:54 | 000,134,864 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012.12.16 08:50:54 | 000,133,776 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012.12.16 08:50:54 | 000,132,964 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012.12.16 08:50:54 | 000,132,540 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012.12.16 08:50:54 | 000,130,164 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.12.16 08:50:54 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.16 08:50:54 | 000,128,118 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012.12.16 08:50:54 | 000,127,168 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.12.16 08:50:54 | 000,123,764 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012.12.16 08:50:54 | 000,121,812 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.12.16 08:50:54 | 000,121,550 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012.12.16 08:50:54 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2012.12.16 08:50:54 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.16 08:50:54 | 000,104,700 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2012.12.16 08:50:54 | 000,104,272 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2012.12.16 08:50:54 | 000,099,358 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012.12.16 08:50:54 | 000,089,460 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012.12.16 08:50:54 | 000,082,172 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2012.12.16 08:50:54 | 000,079,828 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012.12.16 08:50:54 | 000,079,008 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2012.12.16 08:50:54 | 000,077,120 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2012.12.16 08:50:54 | 000,069,118 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012.12.16 08:23:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.12.16 08:22:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.12.16 07:53:34 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2012.12.16 06:27:02 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012.12.16 00:50:16 | 000,001,243 | ---- | M] () -- C:\Users\xxx\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.16 00:50:15 | 000,001,908 | ---- | M] () -- C:\Users\xxx\Desktop\Free AVI Video Converter.lnk
[2012.12.15 23:41:15 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.15 23:06:41 | 000,001,073 | ---- | M] () -- C:\Users\xxx\Desktop\Deckadance.lnk
[2012.12.15 22:47:16 | 000,000,651 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012.12.15 22:32:39 | 000,001,544 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.15 22:22:36 | 000,000,977 | ---- | M] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.13 21:11:17 | 000,001,160 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.12.12 08:06:21 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 08:06:21 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.10 12:22:39 | 000,002,248 | ---- | M] () -- C:\{3F1F786F-BC74-451D-A74A-06FC21A8225E}
[2012.12.10 12:02:22 | 000,002,240 | ---- | M] () -- C:\{3B0A5922-35D9-4242-B8CB-469765577BFD}
[2012.12.10 10:07:11 | 000,013,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\VT20121114.016
[2012.12.10 10:03:42 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.12.10 10:03:42 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.12.10 10:03:42 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.12.06 14:19:21 | 000,072,774 | ---- | M] (Jordan Russell) -- C:\Windows\unins000.exe
[2012.12.06 14:19:21 | 000,001,092 | ---- | M] () -- C:\Windows\unins000.dat
[2012.12.03 05:38:46 | 000,001,185 | ---- | M] () -- C:\Users\xxx\Desktop\3Planesoft Screensaver Manager.lnk
[2012.12.01 18:22:57 | 000,001,240 | ---- | M] () -- C:\Users\xxx\Desktop\Norton Installation Files.lnk
[2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.12.01 06:49:26 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.12.01 06:49:25 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.12.01 06:49:25 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.12.01 06:48:41 | 006,223,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.12.01 06:48:37 | 003,311,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.11.30 22:43:52 | 000,438,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2012.11.25 12:13:32 | 002,670,616 | ---- | M] (3Planesoft) -- C:\Windows\SysWow64\Sandy_Beach_3D_Screensaver.scr
[2012.11.22 09:51:26 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.22 00:56:25 | 000,000,009 | ---- | M] () -- C:\END
[2012.11.22 00:48:45 | 000,001,461 | ---- | M] () -- C:\Users\xxx\AppData\Local\RecConfig.xml
[2012.11.19 11:15:54 | 002,690,584 | ---- | M] (3Planesoft) -- C:\Windows\SysWow64\Grand_Canyon_3D_Screensaver.scr
[2012.11.18 00:02:24 | 000,749,600 | ---- | M] (3Planesoft) -- C:\Windows\SysWow64\3Planesoft_Screensaver_Manager.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.16 17:41:20 | 000,545,819 | ---- | C] () -- C:\Users\xxx\Desktop\adwcleaner.exe
[2012.12.16 10:50:14 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe
[2012.12.16 09:51:24 | 000,000,742 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.16 08:23:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.12.16 08:22:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.12.16 08:04:47 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.12.16 07:00:34 | 000,014,446 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.16 06:27:02 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012.12.16 00:30:53 | 000,001,908 | ---- | C] () -- C:\Users\xxx\Desktop\Free AVI Video Converter.lnk
[2012.12.15 23:41:15 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.15 23:06:41 | 000,001,073 | ---- | C] () -- C:\Users\xxx\Desktop\Deckadance.lnk
[2012.12.15 22:47:19 | 000,000,651 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012.12.15 22:22:36 | 000,000,977 | ---- | C] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.10 12:22:39 | 000,002,248 | ---- | C] () -- C:\{3F1F786F-BC74-451D-A74A-06FC21A8225E}
[2012.12.10 12:02:18 | 000,002,240 | ---- | C] () -- C:\{3B0A5922-35D9-4242-B8CB-469765577BFD}
[2012.12.06 14:19:20 | 000,001,092 | ---- | C] () -- C:\Windows\unins000.dat
[2012.12.03 05:38:46 | 000,001,185 | ---- | C] () -- C:\Users\xxx\Desktop\3Planesoft Screensaver Manager.lnk
[2012.12.01 18:20:40 | 000,001,240 | ---- | C] () -- C:\Users\xxx\Desktop\Norton Installation Files.lnk
[2012.12.01 18:05:18 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\ccSetx64.cat
[2012.12.01 18:05:18 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\ccSetx64.inf
[2012.12.01 18:05:18 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\isolate.ini
[2012.11.22 00:56:25 | 000,000,009 | ---- | C] () -- C:\END
[2012.11.22 00:54:41 | 000,001,243 | ---- | C] () -- C:\Users\xxx\Desktop\DVDVideoSoft Free Studio.lnk
[2012.11.22 00:48:45 | 000,001,461 | ---- | C] () -- C:\Users\xxx\AppData\Local\RecConfig.xml
[2012.04.07 12:46:30 | 000,001,160 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.03.02 18:40:44 | 000,006,144 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.05 13:19:34 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys
[2012.02.04 17:10:24 | 016,304,080 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.26 21:24:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Artifex Mundi
[2012.12.16 05:38:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Azureus
[2012.12.16 08:53:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2012.12.15 23:52:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Deckadance19
[2012.12.15 16:36:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2012.12.16 00:50:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.12.15 22:22:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.23 16:03:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ERS Game Studios
[2012.11.23 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GoforFiles
[2012.12.15 23:07:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ignite
[2012.12.16 00:21:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Image-Line
[2012.02.09 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2012.02.18 14:35:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Shareaza
[2012.12.16 00:18:50 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SongManager
[2012.02.05 14:54:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Sony
[2012.11.23 21:27:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SoundSpectrum
[2012.12.14 07:25:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spotify
[2012.11.22 00:55:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.11.24 03:05:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUpMedia
[2012.02.05 15:12:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ulead Systems
[2012.02.16 09:08:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\xxx\Downloads:Shareaza.GUID
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:02CC0035
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E40AB54F

< End of report >
         
--- --- ---
__________________

Alt 16.12.2012, 18:48   #4
Laschmunzel
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.12.2012 18:34:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 71,90% Memory free
16,00 Gb Paging File | 13,77 Gb Available in Paging File | 86,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 509,57 Gb Free Space | 85,49% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 456,08 Gb Free Space | 97,92% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 251,37 Gb Free Space | 17,99% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 465,66 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: xxx| User Name: xxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hartlauer Foto World] -- "F:\Programme\Hartlauer Foto World\Hartlauer Foto World.exe" "%1" ()
Directory [Hartlauer Fotoviewer] -- "F:\Programme\Hartlauer Foto World\Hartlauer Fotoviewer.exe" -d "%1" ()
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "F:\Programme\Corel\Paint Shop\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hartlauer Foto World] -- "F:\Programme\Hartlauer Foto World\Hartlauer Foto World.exe" "%1" ()
Directory [Hartlauer Fotoviewer] -- "F:\Programme\Hartlauer Foto World\Hartlauer Fotoviewer.exe" -d "%1" ()
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "F:\Programme\Corel\Paint Shop\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B4C80FC0-ECF6-46B1-9008-B63F7FDADC5C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E65D7E95-6364-483F-A85C-094FDEABD38F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02565033-B8AA-4179-BB53-336AF5C8BF4E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1353AB44-7112-45B5-ADBB-E7B2E8A0E0D5}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 
"{1B021F8A-AEBC-410E-A26B-EF714A1B1D12}" = dir=in | app=f:\programme\itunes\itunes.exe | 
"{21CEB5D7-FC92-4CA5-93DB-B90C11684430}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{68AC7ECF-F743-4C3A-8F6F-D7CD95167B1F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{6F273E4B-F4E5-4EA8-A4B7-33BA719FD2FC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7340C1BC-58C7-4E84-AE3D-65AD26E8878E}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{7A7F49F3-63D5-48CC-851A-F8492F06677D}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7F49A0F7-0B1A-47DB-A885-68A378EF4A54}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{842CADC1-8311-4ACF-A3BD-F75A5304B8C7}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{87CB2127-8347-4314-AE6E-5D78E16716F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{89D6D6C4-FFFA-40E9-B293-DB0E95DB5A2C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{8BF98B33-9355-4541-AECD-175E9A68E5A6}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe | 
"{90D3F397-4A94-4C22-ADE5-4FC5806C70E1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{92888EBA-99D0-43D4-BFF8-991BA3C82378}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{9515A573-50CE-4A92-9737-1F917959A086}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{96A73022-737D-434A-B2CC-75E4A8D4C643}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 
"{A300FB4E-7DBF-48E8-8341-2B7504D33867}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{AFB49C0C-7C54-4F9F-A938-EAEE38B79E10}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 
"{B3CD5F2E-9A06-48A0-844C-B1064B91D01B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CA3124F1-3981-4BB8-BB15-EFDDD4B7ED3B}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 
"{D10B095B-9638-4DC2-BA21-A7556B8D7CBC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D1F544DA-1490-4513-8EBA-73072C3F64B0}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{F4965188-844D-4F9B-BCE0-99B1BB81B608}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{FE2BBC99-99B9-4FC0-9AAC-D36602A6AED2}" = dir=in | app=c:\users\xxx\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{8FC9B440-44D6-4D37-A0CC-2FBB9E0E0D43}C:\users\xxx\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{AE7A436A-44F0-4243-B26E-2173A1041C1F}F:\programme\shareaza\shareaza\shareaza.exe" = protocol=6 | dir=in | app=f:\programme\shareaza\shareaza\shareaza.exe | 
"TCP Query User{F4FD0184-254F-4206-A657-8494C9BE3482}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe | 
"UDP Query User{5C67D520-7747-47A6-AEDC-CEA349BAF693}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe | 
"UDP Query User{87BCD9CB-1A00-4E4E-B2B2-11EBB76BDD0C}C:\users\xxx\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{9279210C-0826-453D-89AD-88DB458CD619}F:\programme\shareaza\shareaza\shareaza.exe" = protocol=17 | dir=in | app=f:\programme\shareaza\shareaza\shareaza.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{50FCA33D-BB55-4F81-B578-B07940D8ABD4}" = Fractal eXtreme 64-bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D5FE818E-F1C7-44F8-A3C0-C08761906E27}" = Share64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2B78F6F9-5C63-45AB-ABFD-DDB7946E4C39}" = Ant.com IE add-on
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5fe18431-da53-4c30-a9d3-93fa56e6edc2}" = Nero 9
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA6A274-9C75-40B4-991F-01482D89D1A7}" = Linkury Smartbar
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{995A7F95-907E-4C25-8A2A-39CDCB7EC69C}" = Nero BackItUp
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5C4115-57A5-4B30-B103-3DDF65FB5034}" = Nero BackItUp
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9C13822-A638-4331-99A3-4498A5901693}" = Media Go
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D528F2C0-0C3A-4B93-B9FB-992EC28D363E}" = SlimDrivers
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D8C02397-E0EF-4891-820E-1547DCC6701B}" = ContentHD
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{dad95a8b-69fe-48aa-a7b4-6b5443b3c053}" = Nero BackItUp 4
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"052f7ea14a6926e6a521c502b3578832" = Mushroom Age
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.4
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Aeon" = Aeon
"AnarkClient" = Anark Client 1.0
"Ant.com IE add-on" = Ant.com IE add-on
"ASIO4ALL" = ASIO4ALL
"BFG-Time Mysteries - Geister der Vergangenheit Sammleredition" = Time Mysteries: Geister der Vergangenheit Sammleredition
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Caribbean Islands 3D Screensaver and Animated Wallpaper_is1" = Caribbean Islands 3D Screensaver and Animated Wallpaper 1.1
"Christmas 3D Screensaver_is1" = Christmas 3D Screensaver 1.0
"ClocX" = ClocX (1.5b2)
"Coral Clock 3D Screensaver and Animated Wallpaper_is1" = Coral Clock 3D Screensaver and Animated Wallpaper 1.1
"Coral Reef 3D Screensaver and Animated Wallpaper_is1" = Coral Reef 3D Screensaver and Animated Wallpaper 1.1
"Cuckoo Clock 3D Screensaver_is1" = Cuckoo Clock 3D Screensaver 1.0
"Deckadance" = Deckadance
"Deep Space 3D Screensaver_is1" = Deep Space 3D Screensaver 1.0
"Digital Clock 3D Screensaver and Animated Wallpaper_is1" = Digital Clock 3D Screensaver and Animated Wallpaper 1.0
"Digital Editions" = Adobe Digital Editions
"Dolphins 3D Screensaver and Animated Wallpaper_is1" = Dolphins 3D Screensaver and Animated Wallpaper 1.0
"Dutch Windmills 3D Screensaver_is1" = Dutch Windmills 3D Screensaver 1.0
"Earth 3D Screensaver and Animated Wallpaper_is1" = Earth 3D Screensaver and Animated Wallpaper 2.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Faraway Planet 3D Screensaver_is1" = Faraway Planet 3D Screensaver 1.0
"FL Studio 10" = FL Studio 10
"Fog Horses 3D Screensaver and Animated Wallpaper_is1" = Fog Horses 3D Screensaver and Animated Wallpaper 1.0
"Fog Lake Screensaver and Animated Wallpaper_is1" = Fog Lake Screensaver and Animated Wallpaper 1.1
"Free 3D Photo Maker_is1" = Free 3D Photo Maker version 2.0.22.1212
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.21.1212
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Galleon 3D Screensaver_is1" = Galleon 3D Screensaver 1.3
"G-Force" = G-Force
"Grand Canyon 3D Screensaver and Animated Wallpaper_is1" = Grand Canyon 3D Screensaver and Animated Wallpaper 1.0
"Grassland 3D Screensaver and Animated Wallpaper_is1" = Grassland 3D Screensaver and Animated Wallpaper 1.0
"Great Pyramids 3D Screensaver and Animated Wallpaper_is1" = Great Pyramids 3D Screensaver and Animated Wallpaper 1.1
"Hartlauer Foto World" = Hartlauer Foto World
"Haunted House 3D Screensaver_is1" = Haunted House 3D Screensaver 2.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Ice Clock 3D Screensaver and Animated Wallpaper_is1" = Ice Clock 3D Screensaver and Animated Wallpaper 2.0
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11
"Lagoon 3D Screensaver_is1" = Lagoon 3D Screensaver 1.0
"Lake Tree 3D Screensaver and Animated Wallpaper_is1" = Lake Tree 3D Screensaver and Animated Wallpaper 1.0
"Lantern 3D Screensaver_is1" = Lantern 3D Screensaver 1.0
"Lighthouse Point 3D Screensaver_is1" = Lighthouse Point 3D Screensaver 1.1
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mayan Waterfall 3D Screensaver_is1" = Mayan Waterfall 3D Screensaver 1.0
"MCLIENT" = Norton Management
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"mv61xxDriver" = marvell 61xx
"MyCamera" = Canon Utilities MyCamera
"Nature 3D Screensaver_is1" = Nature 3D Screensaver 1.1
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"NVIDIA Screen Saver_is1" = NVIDIA Screen Saver 1.2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Online Games Manager" = Online Games Manager v1.10
"Orbital Sunset 3D Screensaver and Animated Wallpaper_is1" = Orbital Sunset 3D Screensaver and Animated Wallpaper 1.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Sandy Beach 3D Screensaver and Animated Wallpaper_is1" = Sandy Beach 3D Screensaver and Animated Wallpaper 1.0
"Shareaza_is1" = Shareaza 2.5.5.0
"Spirit of Fire 3D Screensaver_is1" = Spirit of Fire 3D Screensaver 2.4
"Springtime 3D Screensaver_is1" = Springtime 3D Screensaver 1.0
"Stonehenge 3D Screensaver and Animated Wallpaper_is1" = Stonehenge 3D Screensaver and Animated Wallpaper 1.0
"Summer Forest 3D Screensaver and Animated Wallpaper_is1" = Summer Forest 3D Screensaver and Animated Wallpaper 1.0
"Sunny Patio 3D Screensaver and Animated Wallpaper_is1" = Sunny Patio 3D Screensaver and Animated Wallpaper 1.1
"SystemRequirementsLab" = System Requirements Lab
"Thanksgiving Day 3D Screensaver and Animated Wallpaper_is1" = Thanksgiving Day 3D Screensaver and Animated Wallpaper 1.0
"Tropical Fish 3D Screensaver and Animated Wallpaper_is1" = Tropical Fish 3D Screensaver and Animated Wallpaper 1.2
"TuneUpMedia" = TuneUp 2.4.6.4
"Update Engine" = Sony Ericsson Update Engine
"Valentine 3D Screensaver_is1" = Valentine 3D Screensaver 1.0
"VLC media player" = VLC media player 2.0.4
"Water Clock 3D Screensaver_is1" = Water Clock 3D Screensaver 1.0
"Watermill 3D Screensaver_is1" = Watermill 3D Screensaver 2.0
"Western Railway 3D Screensaver_is1" = Western Railway 3D Screensaver 2.0
"WhiteCap" = WhiteCap
"Wildflowers 3D Screensaver and Animated Wallpaper_is1" = Wildflowers 3D Screensaver and Animated Wallpaper 1.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Winter Wonderland 3D Screensaver and Animated Wallpaper_is1" = Winter Wonderland 3D Screensaver and Animated Wallpaper 1.1
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Ignite" = Ignite
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2012 19:06:19 | Computer Name = xxx | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 15.12.2012 19:06:19 | Computer Name = xxx | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 15.12.2012 19:06:19 | Computer Name = xxx | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 15.12.2012 19:06:19 | Computer Name = xxx | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 15.12.2012 20:08:58 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Programm TUUUninstallHelper.exe, Version 13.0.2020.4 kann nicht mehr
 unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1184    Startzeit: 01cddb208403a9d9    Endzeit: 243    Anwendungspfad:
 C:\Users\FLAUSC~1\AppData\Local\Temp\TUUUninstallHelper.exe    Berichts-ID:   
 
Error - 15.12.2012 21:38:26 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 5b0    Startzeit: 01cddb18d3543d02    Endzeit: 0    Anwendungspfad: C:\Program
 Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 16.12.2012 00:27:22 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 178c    Startzeit: 01cddb451eed33e0    Endzeit: 40    Anwendungspfad:
 C:\Program Files (x86)\Windows Media Player\wmplayer.exe    Berichts-ID: de1e1e37-4738-11e2-b2c5-0023542a1ee4

 
Error - 16.12.2012 03:46:31 | Computer Name = xxx | Source = AbbyySti | ID = 1
Description = 
 
Error - 16.12.2012 03:56:58 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version:
 13.0.2020.4, Zeitstempel: 0x5059906a  Name des fehlerhaften Moduls: ntdll.dll, Version:
 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004e4b4
ID
 des fehlerhaften Prozesses: 0xa44  Startzeit der fehlerhaften Anwendung: 0x01cddb581112a880
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 2a45a256-4756-11e2-bdac-0023542a1ee4
 
Error - 16.12.2012 08:02:36 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: jscript9.dll, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2fd3d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b90f1  ID des fehlerhaften
 Prozesses: 0x13d0  Startzeit der fehlerhaften Anwendung: 0x01cddb762064e8aa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\jscript9.dll  Berichtskennung: 7a799653-4778-11e2-b580-0023542a1ee4
 
[ System Events ]
Error - 16.12.2012 05:10:26 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   NCPro
 
Error - 16.12.2012 08:41:22 | Computer Name = xxx | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Ant Toolbar updater service erreicht.
 
Error - 16.12.2012 08:41:22 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Ant Toolbar updater service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1053
 
Error - 16.12.2012 08:42:26 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   NCPro
 
Error - 16.12.2012 13:11:53 | Computer Name = xxx | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Ant Toolbar updater service erreicht.
 
Error - 16.12.2012 13:11:53 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Ant Toolbar updater service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1053
 
Error - 16.12.2012 13:14:34 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   NCPro
 
Error - 16.12.2012 13:25:19 | Computer Name = xxx | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Ant Toolbar updater service erreicht.
 
Error - 16.12.2012 13:25:19 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Ant Toolbar updater service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1053
 
Error - 16.12.2012 13:28:00 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   NCPro
 
 
< End of report >
         
--- --- ---

Alt 16.12.2012, 18:49   #5
Laschmunzel
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.12.2012 18:34:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 71,90% Memory free
16,00 Gb Paging File | 13,77 Gb Available in Paging File | 86,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 509,57 Gb Free Space | 85,49% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 456,08 Gb Free Space | 97,92% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 251,37 Gb Free Space | 17,99% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 465,66 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - F:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.2.0.19\wincfi39.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (MCLIENT) -- C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- F:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ogmservice) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AntUpdaterService) -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symds64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_MCLIENT) -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnets.sys (Symantec Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\drivers\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\drivers\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\drivers\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\drivers\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\drivers\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\drivers\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\drivers\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (NCPro) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121215.006\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121215.006\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20121214.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NCPro) -- C:\Windows\SysWOW64\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\Windows\SysWOW64\drivers\MTictwl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = F:\Installationsdateien
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 72 D3 EB 3D E3 CC 01  [binary data]
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_deAT512
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\SearchScopes\{B1E7FF11-0E88-4BBA-AB30-A6E125885E8F}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms}
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1725708464-4129431227-4282348430-1002\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Programme\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: F:\Programme\Canon Kamera\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Programme\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\opencandy.com/Ignite: C:\Users\xxx\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2012.12.16 18:29:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2012.12.10 10:15:11 | 000,000,000 | ---D | M]
 
[2012.11.23 11:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin:  (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromePI.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\xxxh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Programme\Adobe Reader\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = F:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Ignite (Enabled) = C:\Users\xxx\AppData\Local\Ignite\npOCDM.1.1.4.0.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: NPCIG.dll (Enabled) = F:\Programme\Canon Kamera\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Programme\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Browser Companion Helper = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Skype Click to Call = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Skype Click to Call = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Norton Identity Protection = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: Norton Identity Protection = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - F:\Programme\Shareaza\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - F:\Programme\Shareaza\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-1725708464-4129431227-4282348430-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Programme\MagicTune Premium\MagicTuneLauncher.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1725708464-4129431227-4282348430-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1725708464-4129431227-4282348430-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with &Shareaza - F:\Programme\Shareaza\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download with &Shareaza - F:\Programme\Shareaza\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CCD1CB-F4A2-43DC-AFFA-A679A21EE10A}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.01 15:08:05 | 000,000,000 | ---D | M] - G:\Auto Screen Recorder Dateien -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.16 10:52:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.12.16 10:23:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D4CD2421-557C-4ADD-81E2-82DE018DE3F8}
[2012.12.16 09:52:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.12.16 09:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.16 09:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.16 09:51:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.16 08:55:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.12.16 08:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP540 series
[2012.12.16 08:53:40 | 000,279,040 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM9E.DLL
[2012.12.16 08:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012.12.16 08:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012.12.16 08:12:46 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.12.16 08:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.12.16 08:11:58 | 000,000,000 | ---D | C] -- C:\Intel
[2012.12.16 08:09:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2012.12.16 08:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2012.12.16 08:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.12.16 08:05:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.12.16 08:04:50 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.12.16 08:04:50 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2012.12.16 08:04:50 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2012.12.16 08:04:50 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.12.16 08:04:50 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.12.16 08:04:50 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.12.16 08:04:50 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.12.16 08:04:50 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2012.12.16 08:04:50 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2012.12.16 08:04:49 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012.12.16 08:04:49 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012.12.16 08:04:49 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.12.16 08:04:49 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2012.12.16 08:04:49 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.12.16 08:04:49 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.12.16 08:04:49 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.12.16 08:04:48 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012.12.16 08:04:48 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012.12.16 08:04:48 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.12.16 08:04:48 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012.12.16 08:04:48 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.12.16 08:04:48 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012.12.16 08:04:48 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.12.16 08:04:48 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.12.16 08:04:48 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2012.12.16 08:04:47 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.12.16 08:04:47 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2012.12.16 08:04:47 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012.12.16 08:04:47 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.12.16 08:04:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.12.16 08:04:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.12.16 08:04:47 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.12.16 08:04:47 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.12.16 08:04:47 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2012.12.16 08:04:47 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.12.16 08:04:46 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.12.16 08:04:46 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.12.16 08:04:46 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2012.12.16 08:04:46 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012.12.16 08:04:46 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012.12.16 08:04:46 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.12.16 08:04:46 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.12.16 08:04:46 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.12.16 08:04:44 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.12.16 08:04:44 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.12.16 08:04:44 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.12.16 08:04:44 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.12.16 08:04:44 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.12.16 08:04:44 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.12.16 08:04:44 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.12.16 08:04:44 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012.12.16 08:04:44 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012.12.16 08:04:44 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.12.16 08:04:44 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012.12.16 08:04:44 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.12.16 08:04:44 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.12.16 08:04:44 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.12.16 08:04:44 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.12.16 08:04:44 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.12.16 08:04:44 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012.12.16 08:04:44 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012.12.16 08:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.12.16 08:04:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.12.16 08:04:39 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012.12.16 07:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.12.16 07:00:37 | 026,811,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.12.16 07:00:37 | 000,201,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.12.16 07:00:36 | 020,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.12.16 07:00:36 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.12.16 07:00:36 | 009,271,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.12.16 07:00:36 | 007,819,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.12.16 07:00:35 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.12.16 07:00:35 | 018,045,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.12.16 07:00:35 | 007,446,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.12.16 07:00:35 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.12.16 07:00:35 | 000,841,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.12.16 07:00:34 | 006,149,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.12.16 07:00:34 | 002,784,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.12.16 07:00:34 | 002,226,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.12.16 07:00:34 | 000,245,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.12.16 07:00:28 | 002,606,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.12.16 06:28:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SlimWare Utilities Inc
[2012.12.16 06:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2012.12.16 06:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2012.12.16 06:26:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012.12.16 06:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2012.12.16 00:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012.12.16 00:21:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Image-Line
[2012.12.15 23:52:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Deckadance19
[2012.12.15 23:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.15 23:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.15 23:25:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.15 23:07:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Ignite
[2012.12.15 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SongManager
[2012.12.15 22:48:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012.12.15 22:47:20 | 001,431,552 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2012.12.15 22:47:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Image-Line
[2012.12.15 22:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012.12.15 22:46:58 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2012.12.15 22:46:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012.12.15 22:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2012.12.15 22:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2012.12.15 22:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.15 22:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.15 22:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.15 22:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.15 22:30:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ignite
[2012.12.15 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Deployment
[2012.12.15 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Apps
[2012.12.15 22:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.12.14 08:45:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7A63D6A3-4599-4143-B412-6D028FD95E2B}
[2012.12.13 20:44:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{86CE9C5F-A705-40EB-B140-E8E8A583BD64}
[2012.12.13 08:44:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{FD06CC40-B8C5-498F-9655-8DEB20F92AD5}
[2012.12.13 07:03:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 07:03:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 07:03:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 07:03:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 07:03:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 07:03:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 07:03:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 07:03:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 07:03:34 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 07:03:34 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 07:03:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 07:03:34 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 07:03:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 07:03:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 07:03:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 06:59:11 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 06:59:10 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 06:59:10 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 06:59:10 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 06:58:56 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 06:58:56 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 06:58:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 06:58:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 06:58:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 06:58:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 06:58:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 06:58:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 06:58:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 06:58:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 06:58:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 06:58:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 06:58:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 06:58:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 06:58:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 06:58:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 06:58:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 06:58:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 06:58:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 06:58:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 06:58:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 06:58:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 06:58:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 06:58:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 06:58:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 06:58:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 06:58:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 06:58:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 06:58:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 06:58:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 06:58:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.13 06:58:39 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.13 06:58:39 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.13 06:58:39 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.13 06:58:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.13 06:55:25 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 06:55:25 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.12 20:19:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{51BE2914-1A47-4093-B252-6495DFD13D51}
[2012.12.10 10:10:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012.12.07 00:06:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{08CF3109-47E1-4445-B725-900153EFBB7C}
[2012.12.06 14:19:22 | 000,067,072 | ---- | C] (Anark Corporation) -- C:\Windows\SysWow64\AKCPanel.cpl
[2012.12.06 14:19:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anark
[2012.12.06 12:06:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6AB355D0-5D8E-4797-81CC-F5A08C391A72}
[2012.12.06 10:59:48 | 002,459,160 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Springtime_3D_Screensaver.scr
[2012.12.06 09:26:47 | 002,582,552 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Tropical_Fish_3D_Screensaver.scr
[2012.12.06 09:24:55 | 000,997,904 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Galleon_3D_Screensaver.scr
[2012.12.05 12:41:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0B93CF0A-3136-41F5-84E4-AC6DC6661C8B}
[2012.12.05 09:56:51 | 000,973,848 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Cuckoo_Clock_3D_Screensaver.scr
[2012.12.05 09:54:46 | 002,585,624 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Coral_Clock_3D_Screensaver.scr
[2012.12.05 06:39:58 | 002,450,456 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Deep_Space_3D_Screensaver.scr
[2012.12.05 06:39:12 | 000,966,680 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Water_Clock_3D_Screensaver.scr
[2012.12.05 06:38:19 | 000,965,144 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Christmas_3D_Screensaver.scr
[2012.12.05 06:37:09 | 000,970,784 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Lighthouse_Point_3D_Screensaver.scr
[2012.12.05 06:36:08 | 000,963,104 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Dutch_Windmills_3D_Screensaver.scr
[2012.12.05 06:34:55 | 000,964,624 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Fog_Lake_Screensaver.scr
[2012.12.05 06:33:40 | 002,464,296 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Caribbean_Islands_3D_Screensaver.scr
[2012.12.05 06:32:41 | 002,486,816 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Digital_Clock_3D_Screensaver.scr
[2012.12.05 06:31:52 | 002,530,328 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Wildflowers_3D_Screensaver.scr
[2012.12.05 06:31:06 | 002,704,920 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Fog_Horses_3D_Screensaver.scr
[2012.12.05 06:24:09 | 000,963,096 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Valentine_3D_Screensaver.scr
[2012.12.05 06:22:54 | 002,468,376 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Ice_Clock_3D_Screensaver.scr
[2012.12.05 06:20:35 | 000,982,032 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Nature_3D_Screensaver.scr
[2012.12.05 06:19:09 | 001,015,832 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Watermill_3D_Screensaver.scr
[2012.12.05 06:17:11 | 000,643,088 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Lantern_3D_Screensaver.scr
[2012.12.05 06:13:25 | 002,599,960 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Lake_Tree_3D_Screensaver.scr
[2012.12.05 06:09:06 | 002,591,256 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Sunny_Patio_3D_Screensaver.scr
[2012.12.05 06:05:54 | 002,508,824 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Grassland_3D_Screensaver.scr
[2012.12.05 06:03:35 | 002,621,968 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Dolphins_3D_Screensaver.scr
[2012.12.05 05:57:55 | 002,621,984 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Thanksgiving_Day_3D_Screensaver.scr
[2012.12.03 06:56:44 | 000,986,144 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Spirit_of_Fire_3D_Screensaver.scr
[2012.12.03 06:53:22 | 000,973,856 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Western_Railway_3D_Screensaver.scr
[2012.12.03 06:52:40 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.12.03 06:52:03 | 002,671,648 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Great_Pyramids_3D_Screensaver.scr
[2012.12.03 06:50:10 | 002,630,168 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Stonehenge_3D_Screensaver.scr
[2012.12.03 06:47:20 | 000,941,584 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Lagoon_3D_Screensaver.scr
[2012.12.03 06:45:26 | 000,965,664 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Mayan_Waterfall_3D_Screensaver.scr
[2012.12.03 06:43:51 | 002,670,616 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Sandy_Beach_3D_Screensaver.scr
[2012.12.03 06:40:39 | 002,497,576 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Winter_Wonderland_3D_Screensaver.scr
[2012.12.03 06:38:55 | 000,973,856 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Haunted_House_3D_Screensaver.scr
[2012.12.03 06:35:10 | 002,738,208 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Summer_Forest_3D_Screensaver.scr
[2012.12.03 06:25:19 | 002,690,584 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Grand_Canyon_3D_Screensaver.scr
[2012.12.03 06:21:57 | 002,544,664 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Coral_Reef_3D_Screensaver.scr
[2012.12.03 06:18:51 | 002,620,960 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Orbital_Sunset_3D_Screensaver.scr
[2012.12.03 05:42:08 | 002,453,024 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Faraway_Planet_3D_Screensaver.scr
[2012.12.03 05:40:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5772F6EA-3800-4BD6-851C-8BA553779A40}
[2012.12.03 05:38:44 | 000,749,600 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\3Planesoft_Screensaver_Manager.scr
[2012.12.03 05:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Planesoft Screensaver Manager
[2012.12.03 05:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\3Planesoft
[2012.12.03 05:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
[2012.12.03 05:38:24 | 002,587,152 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Earth_3D_Screensaver.scr
[2012.12.01 18:14:27 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EB6BF808-7488-44EC-B0C7-1C6CDBD9ADC2}
[2012.12.01 18:05:28 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\ccSetx64.sys
[2012.12.01 18:05:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
[2012.12.01 18:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Management
[2012.12.01 18:05:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\MCLIENTx64
[2012.12.01 18:05:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013
[2012.11.30 22:43:52 | 000,438,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2012.11.28 21:52:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.11.28 21:52:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.28 21:52:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.11.28 21:52:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.11.28 21:52:06 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.11.28 21:52:04 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.11.28 21:52:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.11.28 21:52:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.11.28 21:52:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.11.28 21:52:04 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.11.28 21:52:04 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.11.28 21:52:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.11.28 21:52:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.11.28 21:52:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.11.28 21:52:04 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.11.28 21:52:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.11.28 21:52:04 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.11.28 21:52:04 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.11.28 21:52:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.11.28 21:52:03 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.11.28 21:52:03 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.11.28 21:52:03 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.11.28 21:52:03 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.11.28 21:52:02 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.11.28 21:42:25 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.11.28 21:42:25 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.11.26 13:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.11.26 04:35:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{65947815-3F53-47D7-B2E1-55BA82F02BD4}
[2012.11.24 00:31:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{14F51EAD-5180-46C3-B0F5-8860CDD93119}
[2012.11.23 21:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aeon
[2012.11.23 21:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteCap
[2012.11.23 11:58:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.11.23 11:58:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.11.23 11:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.23 11:57:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\GoforFiles
[2012.11.22 23:29:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{250969B7-C3E1-48AD-BD2A-0937600A67CD}
[2012.11.22 21:52:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\OneNote-Notizbücher
[2012.11.22 09:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.22 09:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.22 09:03:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.11.22 09:01:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2012.11.22 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.11.22 00:55:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.22 00:55:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.11.22 00:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.11.22 00:54:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.11.22 00:54:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.11.22 00:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.11.21 23:33:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
[2012.11.16 23:15:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{002F62BE-F6C0-4DC3-95EB-DAD2B48D8D63}
[2012.02.05 14:44:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe6067.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.16 18:35:19 | 000,015,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 18:35:19 | 000,015,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 18:25:30 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.16 18:23:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.16 18:22:32 | 2146,738,175 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.16 18:14:37 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.16 18:06:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.16 17:41:20 | 000,545,819 | ---- | M] () -- C:\Users\xxx\Desktop\adwcleaner.exe
[2012.12.16 17:07:02 | 000,001,174 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1725708464-4129431227-4282348430-1000UA.job
[2012.12.16 11:07:00 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1725708464-4129431227-4282348430-1000Core.job
[2012.12.16 10:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.12.16 10:50:14 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe
[2012.12.16 09:51:24 | 000,000,742 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.16 09:08:06 | 000,345,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 09:06:22 | 011,275,381 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Cat.DB
[2012.12.16 08:50:54 | 016,096,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.16 08:50:54 | 000,694,454 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.12.16 08:50:54 | 000,693,478 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012.12.16 08:50:54 | 000,691,216 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012.12.16 08:50:54 | 000,689,750 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012.12.16 08:50:54 | 000,689,132 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.12.16 08:50:54 | 000,679,366 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012.12.16 08:50:54 | 000,675,982 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012.12.16 08:50:54 | 000,663,828 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012.12.16 08:50:54 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.16 08:50:54 | 000,632,204 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012.12.16 08:50:54 | 000,623,168 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.12.16 08:50:54 | 000,617,592 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012.12.16 08:50:54 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.16 08:50:54 | 000,610,226 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012.12.16 08:50:54 | 000,551,794 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012.12.16 08:50:54 | 000,462,196 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012.12.16 08:50:54 | 000,448,610 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2012.12.16 08:50:54 | 000,434,510 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2012.12.16 08:50:54 | 000,433,412 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2012.12.16 08:50:54 | 000,399,760 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2012.12.16 08:50:54 | 000,388,542 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2012.12.16 08:50:54 | 000,377,894 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012.12.16 08:50:54 | 000,361,792 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2012.12.16 08:50:54 | 000,353,546 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012.12.16 08:50:54 | 000,148,334 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012.12.16 08:50:54 | 000,137,086 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012.12.16 08:50:54 | 000,134,864 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012.12.16 08:50:54 | 000,133,776 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012.12.16 08:50:54 | 000,132,964 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012.12.16 08:50:54 | 000,132,540 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012.12.16 08:50:54 | 000,130,164 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.12.16 08:50:54 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.16 08:50:54 | 000,128,118 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012.12.16 08:50:54 | 000,127,168 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.12.16 08:50:54 | 000,123,764 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012.12.16 08:50:54 | 000,121,812 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.12.16 08:50:54 | 000,121,550 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012.12.16 08:50:54 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2012.12.16 08:50:54 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.16 08:50:54 | 000,104,700 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2012.12.16 08:50:54 | 000,104,272 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2012.12.16 08:50:54 | 000,099,358 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012.12.16 08:50:54 | 000,089,460 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012.12.16 08:50:54 | 000,082,172 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2012.12.16 08:50:54 | 000,079,828 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012.12.16 08:50:54 | 000,079,008 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2012.12.16 08:50:54 | 000,077,120 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2012.12.16 08:50:54 | 000,069,118 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012.12.16 08:23:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.12.16 08:22:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.12.16 07:53:34 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2012.12.16 06:27:02 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012.12.16 00:50:16 | 000,001,243 | ---- | M] () -- C:\Users\xxx\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.16 00:50:15 | 000,001,908 | ---- | M] () -- C:\Users\xxx\Desktop\Free AVI Video Converter.lnk
[2012.12.15 23:41:15 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.15 23:06:41 | 000,001,073 | ---- | M] () -- C:\Users\xxx\Desktop\Deckadance.lnk
[2012.12.15 22:47:16 | 000,000,651 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012.12.15 22:32:39 | 000,001,544 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.15 22:22:36 | 000,000,977 | ---- | M] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.13 21:11:17 | 000,001,160 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.12.12 08:06:21 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 08:06:21 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.10 12:22:39 | 000,002,248 | ---- | M] () -- C:\{3F1F786F-BC74-451D-A74A-06FC21A8225E}
[2012.12.10 12:02:22 | 000,002,240 | ---- | M] () -- C:\{3B0A5922-35D9-4242-B8CB-469765577BFD}
[2012.12.10 10:07:11 | 000,013,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\VT20121114.016
[2012.12.10 10:03:42 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.12.10 10:03:42 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.12.10 10:03:42 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.12.06 14:19:21 | 000,072,774 | ---- | M] (Jordan Russell) -- C:\Windows\unins000.exe
[2012.12.06 14:19:21 | 000,001,092 | ---- | M] () -- C:\Windows\unins000.dat
[2012.12.03 05:38:46 | 000,001,185 | ---- | M] () -- C:\Users\xxx\Desktop\3Planesoft Screensaver Manager.lnk
[2012.12.01 18:22:57 | 000,001,240 | ---- | M] () -- C:\Users\xxx\Desktop\Norton Installation Files.lnk
[2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.12.01 06:49:26 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.12.01 06:49:25 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.12.01 06:49:25 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.12.01 06:48:41 | 006,223,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.12.01 06:48:37 | 003,311,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.11.30 22:43:52 | 000,438,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2012.11.25 12:13:32 | 002,670,616 | ---- | M] (3Planesoft) -- C:\Windows\SysWow64\Sandy_Beach_3D_Screensaver.scr
[2012.11.22 09:51:26 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.22 00:56:25 | 000,000,009 | ---- | M] () -- C:\END
[2012.11.22 00:48:45 | 000,001,461 | ---- | M] () -- C:\Users\xxx\AppData\Local\RecConfig.xml
[2012.11.19 11:15:54 | 002,690,584 | ---- | M] (3Planesoft) -- C:\Windows\SysWow64\Grand_Canyon_3D_Screensaver.scr
[2012.11.18 00:02:24 | 000,749,600 | ---- | M] (3Planesoft) -- C:\Windows\SysWow64\3Planesoft_Screensaver_Manager.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.16 17:41:20 | 000,545,819 | ---- | C] () -- C:\Users\xxx\Desktop\adwcleaner.exe
[2012.12.16 10:50:14 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe
[2012.12.16 09:51:24 | 000,000,742 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.16 08:23:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.12.16 08:22:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.12.16 08:04:47 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.12.16 07:00:34 | 000,014,446 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.16 06:27:02 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2012.12.16 00:30:53 | 000,001,908 | ---- | C] () -- C:\Users\xxx\Desktop\Free AVI Video Converter.lnk
[2012.12.15 23:41:15 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.15 23:06:41 | 000,001,073 | ---- | C] () -- C:\Users\xxx\Desktop\Deckadance.lnk
[2012.12.15 22:47:19 | 000,000,651 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2012.12.15 22:22:36 | 000,000,977 | ---- | C] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.10 12:22:39 | 000,002,248 | ---- | C] () -- C:\{3F1F786F-BC74-451D-A74A-06FC21A8225E}
[2012.12.10 12:02:18 | 000,002,240 | ---- | C] () -- C:\{3B0A5922-35D9-4242-B8CB-469765577BFD}
[2012.12.06 14:19:20 | 000,001,092 | ---- | C] () -- C:\Windows\unins000.dat
[2012.12.03 05:38:46 | 000,001,185 | ---- | C] () -- C:\Users\xxx\Desktop\3Planesoft Screensaver Manager.lnk
[2012.12.01 18:20:40 | 000,001,240 | ---- | C] () -- C:\Users\xxx\Desktop\Norton Installation Files.lnk
[2012.12.01 18:05:18 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\ccSetx64.cat
[2012.12.01 18:05:18 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\ccSetx64.inf
[2012.12.01 18:05:18 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\MCLIENTx64\0302000.013\isolate.ini
[2012.11.22 00:56:25 | 000,000,009 | ---- | C] () -- C:\END
[2012.11.22 00:54:41 | 000,001,243 | ---- | C] () -- C:\Users\xxx\Desktop\DVDVideoSoft Free Studio.lnk
[2012.11.22 00:48:45 | 000,001,461 | ---- | C] () -- C:\Users\xxx\AppData\Local\RecConfig.xml
[2012.04.07 12:46:30 | 000,001,160 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.03.02 18:40:44 | 000,006,144 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.05 13:19:34 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys
[2012.02.04 17:10:24 | 016,304,080 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.26 21:24:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Artifex Mundi
[2012.12.16 05:38:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Azureus
[2012.12.16 08:53:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2012.12.15 23:52:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Deckadance19
[2012.12.15 16:36:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2012.12.16 00:50:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.12.15 22:22:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.23 16:03:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ERS Game Studios
[2012.11.23 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GoforFiles
[2012.12.15 23:07:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ignite
[2012.12.16 00:21:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Image-Line
[2012.02.09 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2012.02.18 14:35:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Shareaza
[2012.12.16 00:18:50 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SongManager
[2012.02.05 14:54:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Sony
[2012.11.23 21:27:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SoundSpectrum
[2012.12.14 07:25:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spotify
[2012.11.22 00:55:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.11.24 03:05:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUpMedia
[2012.02.05 15:12:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ulead Systems
[2012.02.16 09:08:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\xxx\Downloads:Shareaza.GUID
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:02CC0035
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E40AB54F

< End of report >
         
--- --- ---


Alt 18.12.2012, 10:42   #6
t'john
/// Helfer-Team
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up

Alt 18.12.2012, 12:59   #7
Laschmunzel
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



Hallo! Beim Start von Malwarebytes Anti Rootkit tat sich ein Problem auf: Ich erhielt folgende Meldung:

Registry value „AppInit_Dlls“ has been found, which may be caused by rootkit activity.

Note: Press „no“ button if you’re not sure. If the tool crashes or terminates unexpectedly during a system scan, restart the tool and press „Yes“ should this message appear again.
Do you want to remove this value and restart the tool?

Da ich mir nicht sicher war ging ich auf "nein" in der Annahme das ich den Scan abbreche um mich zuerst mit dir zu beraten. Doch das Programm startete, und ich konnte laut Anleitung den Scan durchführen. nach ca. 10 -15 Minuten war dieser aber auch schon abgeschlossen OHNE einen Neutart zu verlangen. Das Programm gratulierte mir und schrieb, keine Maleware gefunden zu haben. Da mich das etwas stutzig gemacht hat, hab ich den scan nochmal gestartet wieder die gleiche Fehlermeldung bekommen und auch wieder mit nein bestätigt. Die Log-Files hefte ich dir an. Ich habe AppInit_Dlls gegoogelt und auch in meiner Regestry gesucht und gefunden.

Laut: hxxp://support.microsoft.com/kb/197571/de - allerdings aus dem Jahr 2008 und mit dem Hinweis das AppIni_DLLs zwar von jeder Microsoft Windows basierten Anwendung geladen wird, allerdings in zukünftigen Versionen von Windows wohl nicht mehr verfügbar sein wird - ist sie genau da wo sie sein soll bzw. früher sein sollte in meiner registry. Unter:

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Windows:

APPINIT_DLLS (Name) – REG_SZ (Typ) –
SYS:MICROSOFT//WINDOWS NT//CURRENTVERSION//WINDOWS (Daten)


Ich weis jetzt nicht wie ich weiter verfahren soll. Eintrag aus der Registry löschen beim nächsten Scan oder auf Scan Ergebnis vertrauen? Vielleicht hab ich auch irgendwas falsch gemacht? Hatte den Virenschutz aktiv, das Programm von der Grafikkarte sowie eine Farbverwaltung meines Monitors und den Realtek Audio Manager. Desweiteren war die externe Festplatte mitangehängt. Ich war NICHT im Internet beim ersten Scan und habe erst gegen Ende angefangen Mahjong von Windows 7 (ohne Internetverbindung) zu spielen. War das vielleicht ein Fehler? Ich bitte um Info wie's jetzt weitergeht und bedank mich schon im Vorraus dafür!

Lg


Logfiles:

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.18.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx [administrator]

18.12.2012 13:06:03
mbar-log-2012-12-18 (13-06-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31747
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.18.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx [administrator]

18.12.2012 13:38:35
mbar-log-2012-12-18 (13-38-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31842
Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


system-log:


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 3.166000 GHz
Memory total: 8588943360, free: 5047771136

------------ Kernel report ------------
12/18/2012 12:53:59
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv61xx.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\mv61xxmm.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1402000.013\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1402000.013\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1402000.013\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\Drivers\MtiCtwl.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\L1E62x64.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\seehcri.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20121215.001\IDSvia64.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121217.022\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121217.022\ENG64.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800ab3b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a3\
Lower Device Object: 0xfffffa800c551770
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8009807790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xfffffa8008abe660
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8007a55060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\
Lower Device Object: 0xfffffa8007820060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007a54060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa80074c7060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007a53060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-2\
Lower Device Object: 0xfffffa80074cb680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007a52060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80074c2060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2012.12.18.03
Initializing...
Done!
<<<2>>>
Device number: 3, partition: 2
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa8007a55060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a55b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a55060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800732aa00, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007820060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a02cbeaad0, 0xfffffa8007a55060, 0xfffffa800ecc4790
Lower DeviceData: 0xfffff8a02db4da20, 0xfffffa8007820060, 0xfffffa800acb4e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007a52060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a52b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a52060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80074ca520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80074c2060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a01bd36100, 0xfffffa8007a52060, 0xfffffa8007d37090
Lower DeviceData: 0xfffff8a024dde400, 0xfffffa80074c2060, 0xfffffa800cd657e0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 73B131DD

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 976766976

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007a53060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a53b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a53060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006990d20, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80074cb680, DeviceName: \Device\Ide\IdeDeviceP0T1L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a025202dd0, 0xfffffa8007a53060, 0xfffffa800e9a8370
Lower DeviceData: 0xfffff8a01e5eb120, 0xfffffa80074cb680, 0xfffffa80158edd80
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 23AA322C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 2930272256
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8007a54060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a54b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a54060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800781a520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80074c7060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a027fd2830, 0xfffffa8007a54060, 0xfffffa800ee15370
Lower DeviceData: 0xfffff8a017714790, 0xfffffa80074c7060, 0xfffffa8007199260
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 337808E9

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 976766976

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 31D594F5

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1250054144

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa8009807790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009944040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009807790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008abe660, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a01b1cb010, 0xfffffa8009807790, 0xfffffa800f55a640
Lower DeviceData: 0xfffff8a0066e1190, 0xfffffa8008abe660, 0xfffffa800c944b30
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9BCF8615

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 65536000

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 65538048 Numsec = 559599616

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800ab3b060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007140b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ab3b060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800c551770, DeviceName: \Device\000000a3\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 3.166000 GHz
Memory total: 8588943360, free: 5248966656

------------ Kernel report ------------
12/18/2012 13:27:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv61xx.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\mv61xxmm.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1402000.013\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1402000.013\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1402000.013\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\Drivers\MtiCtwl.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\L1E62x64.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\seehcri.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20121215.001\IDSvia64.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121217.022\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121217.022\ENG64.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800ab3b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a3\
Lower Device Object: 0xfffffa800c551770
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800e5f51c0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8009807790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xfffffa8008abe660
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800c944b30
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8007a55060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\
Lower Device Object: 0xfffffa8007820060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa800acb4e40
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007a54060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa80074c7060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa8007199260
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007a53060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-2\
Lower Device Object: 0xfffffa80074cb680
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa80158edd80
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007a52060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80074c2060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa800cd657e0
Initializing...
Done!
<<<2>>>
Device number: 3, partition: 2
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa8007a55060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a55b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a55060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800732aa00, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007820060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a019097140, 0xfffffa8007a55060, 0xfffffa800ecc4790
Lower DeviceData: 0xfffff8a02d5cc650, 0xfffffa8007820060, 0xfffffa800acb4e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007a52060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a52b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a52060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80074ca520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80074c2060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a02a17f530, 0xfffffa8007a52060, 0xfffffa8007d37090
Lower DeviceData: 0xfffff8a029478240, 0xfffffa80074c2060, 0xfffffa800cd657e0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 73B131DD

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 976766976

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007a53060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a53b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a53060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006990d20, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80074cb680, DeviceName: \Device\Ide\IdeDeviceP0T1L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a004c74760, 0xfffffa8007a53060, 0xfffffa800e9a8370
Lower DeviceData: 0xfffff8a025f82b20, 0xfffffa80074cb680, 0xfffffa80158edd80
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 23AA322C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 2930272256
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8007a54060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a54b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a54060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800781a520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80074c7060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a017ec52c0, 0xfffffa8007a54060, 0xfffffa800ee15370
Lower DeviceData: 0xfffff8a024dd7660, 0xfffffa80074c7060, 0xfffffa8007199260
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 337808E9

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 976766976

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 31D594F5

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1250054144

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa8009807790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009944040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009807790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008abe660, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a0277bf540, 0xfffffa8009807790, 0xfffffa800f55a640
Lower DeviceData: 0xfffff8a0242fd7f0, 0xfffffa8008abe660, 0xfffffa800c944b30
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9BCF8615

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 65536000

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 65538048 Numsec = 559599616

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800ab3b060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007140b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ab3b060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800c551770, DeviceName: \Device\000000a3\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

Alt 19.12.2012, 10:05   #8
t'john
/// Helfer-Team
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



TDSSKiller von Kaspersky
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.
Hier findest Du eine ausführlichere TDSSKiller Anleitung.
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.12.2012, 12:00   #9
Laschmunzel
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



So! Nun hab ich ein Problem! Der Rechner fährt nicht mehr runter. Folgendes habe ich gemacht: TDSSKiller am Desktop installiert und ausgeführt während alles was auch nur irgendwie zu schließen war, geschlossen war. Virenprogramme waren alle ausgeschaltet. Der lauf zeigte mir einen Threatfund an und fragte mich was ich damit machen will. Ich habe es in die Quarantäne getan um es euch zu schicken und NICHT entfernt. Nun gut. Lauf wird beendet. Es wird kein Neustart verlangt. Und auch sonst keine Aktion. Ich denk mir, gut ok und schaue nach dem *.txt file zum posten. Ich habe aber kein *.txt file. Ich habe zu diesem Zeitpunkt 2 *.log Dateien vom TDSSKiller. Ich nehme aber an, das du die gemeint hast. Jedenfalls hab ich den Lauf nochmal gestartet. Aus einem Grund: ich hab dann gesehen, das Kaspersky nicht die Datei in Quarantäne schiebt. Er schreibt "COPY to Quarantäne!" Ich denk mir: Sch*****. Also Lauf nochmal starten. Beim zweiten Lauf kein Threadfund mehr. Dafür 3 andere Funde (er schreibt nicht Rootkid gefunden so wie in der Anleitung). " funde betrafen offenbar die Registy, die dritte wa nerobackitup.exe (diese Datei wurde von mir per CD Original CD installiert. Die kommt von Nero - die KANN eigentlich nix haben!). Jedenfalls bin ich auf delete gegangen - so hast du es mir ja eigentlich auch gesagt und soi hätt ich's auch beim 1 Lauf machen sollen. Bin noch ein bisschen verwirrt manchmal wegen der anweisungen weil sie nicht immer ganz übereinstimmen. Die Option "cure" - wie in der Anleitung - wurde mir nicht angezeigt. Nun kommt endlich die Aufforderung zum Neustart. Also gehe ich auf Neustart: Und seit dem fährt der Rechner runter - das ist jetzt locker eine Stunde her. Nach einer halben Stunde habe ich folgende aktionen am rechner durchgefüht: Internetverbindung und USB Maus abgesteckt. Das sind die zwei dinge die ich für den Laptop brauche. Was mach ich jetzt? Darf ich das hinuterfahren manuell beschleunigen? Und danach? Nochmal versuchen? Ich hoff du schreibst mir gaaaanz bald zurück. Liebe Grüße und vielen Dank schon mal für deine Bemühungen.

Habe jetzt nach mehr oder weniger 4 stunden den PC einfach abgedreht da er ja nicht runtergefahren ist. Nach dem Hochfahren wollte Kaspersky ausgeführt werden. Er hat tatsächlich trotzdem Bedrohungen entfernt. Habe dann zur sicherheit nochmal einen Scan drüber laufen lassen. Er hat nichts mehr gefunden. Log file kommt noch meinerseits!

Die Logfiles von Kaspersky:

11:47:22.0623 3960 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:47:22.0810 3960 ============================================================
11:47:22.0810 3960 Current date / time: 2012/12/19 11:47:22.0810
11:47:22.0810 3960 SystemInfo:
11:47:22.0810 3960
11:47:22.0810 3960 OS Version: 6.1.7601 ServicePack: 1.0
11:47:22.0810 3960 Product type: Workstation
11:47:22.0810 3960 ComputerName: xxx
11:47:22.0810 3960 UserName: xxx
11:47:22.0810 3960 Windows directory: C:\Windows
11:47:22.0810 3960 System windows directory: C:\Windows
11:47:22.0810 3960 Running under WOW64
11:47:22.0810 3960 Processor architecture: Intel x64
11:47:22.0810 3960 Number of processors: 2
11:47:22.0810 3960 Page size: 0x1000
11:47:22.0810 3960 Boot type: Normal boot
11:47:22.0810 3960 ============================================================
11:47:24.0854 3960 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:47:24.0854 3960 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:47:24.0869 3960 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:47:24.0900 3960 Drive \Device\Harddisk3\DR3 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x47B84, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
11:47:24.0900 3960 Drive \Device\Harddisk4\DR4 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:47:28.0301 3960 ============================================================
11:47:28.0301 3960 \Device\Harddisk0\DR0:
11:47:28.0301 3960 MBR partitions:
11:47:28.0301 3960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
11:47:28.0301 3960 \Device\Harddisk1\DR1:
11:47:28.0301 3960 MBR partitions:
11:47:28.0301 3960 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
11:47:28.0301 3960 \Device\Harddisk2\DR2:
11:47:28.0332 3960 MBR partitions:
11:47:28.0332 3960 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
11:47:28.0332 3960 \Device\Harddisk3\DR3:
11:47:28.0332 3960 MBR partitions:
11:47:28.0332 3960 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:47:28.0332 3960 \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
11:47:28.0332 3960 \Device\Harddisk4\DR4:
11:47:28.0332 3960 MBR partitions:
11:47:28.0332 3960 \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x3E80000
11:47:28.0332 3960 \Device\Harddisk4\DR4\Partition2: MBR, Type 0x7, StartLBA 0x3E80800, BlocksNum 0x215AD000
11:47:28.0332 3960 ============================================================
11:47:28.0364 3960 C: <-> \Device\Harddisk3\DR3\Partition2
11:47:28.0379 3960 F: <-> \Device\Harddisk2\DR2\Partition1
11:47:28.0395 3960 H: <-> \Device\Harddisk0\DR0\Partition1
11:47:28.0863 3960 G: <-> \Device\Harddisk1\DR1\Partition1
11:47:28.0894 3960 I: <-> \Device\Harddisk4\DR4\Partition1
11:47:28.0941 3960 J: <-> \Device\Harddisk4\DR4\Partition2
11:47:28.0941 3960 ============================================================
11:47:28.0941 3960 Initialize success
11:47:28.0941 3960 ============================================================
11:48:27.0176 2256 ============================================================
11:48:27.0176 2256 Scan started
11:48:27.0176 2256 Mode: Manual; SigCheck; TDLFS;
11:48:27.0176 2256 ============================================================
11:48:28.0080 2256 ================ Scan system memory ========================
11:48:28.0080 2256 System memory - ok
11:48:28.0080 2256 ================ Scan services =============================
11:48:28.0236 2256 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:48:28.0377 2256 1394ohci - ok
11:48:28.0580 2256 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
11:48:28.0595 2256 a2acc - ok
11:48:28.0892 2256 [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
11:48:28.0985 2256 a2AntiMalware - ok
11:48:29.0048 2256 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
11:48:29.0063 2256 A2DDA - ok
11:48:29.0110 2256 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:48:29.0126 2256 ACPI - ok
11:48:29.0188 2256 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:48:29.0438 2256 AcpiPmi - ok
11:48:29.0594 2256 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:48:29.0609 2256 AdobeARMservice - ok
11:48:29.0874 2256 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:48:29.0890 2256 AdobeFlashPlayerUpdateSvc - ok
11:48:29.0984 2256 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:48:29.0999 2256 adp94xx - ok
11:48:30.0046 2256 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:48:30.0062 2256 adpahci - ok
11:48:30.0124 2256 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:48:30.0124 2256 adpu320 - ok
11:48:30.0171 2256 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:48:30.0514 2256 AeLookupSvc - ok
11:48:30.0592 2256 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:48:30.0654 2256 AFD - ok
11:48:30.0686 2256 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:48:30.0732 2256 agp440 - ok
11:48:30.0810 2256 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:48:30.0935 2256 ALG - ok
11:48:30.0982 2256 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:48:30.0998 2256 aliide - ok
11:48:31.0029 2256 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:48:31.0029 2256 amdide - ok
11:48:31.0107 2256 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:48:31.0185 2256 AmdK8 - ok
11:48:31.0232 2256 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:48:31.0310 2256 AmdPPM - ok
11:48:31.0388 2256 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:48:31.0419 2256 amdsata - ok
11:48:31.0450 2256 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:48:31.0497 2256 amdsbs - ok
11:48:31.0512 2256 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:48:31.0528 2256 amdxata - ok
11:48:31.0622 2256 [ C710B5D634DCCF966661939193175DE4 ] AntUpdaterService C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
11:48:31.0637 2256 AntUpdaterService - ok
11:48:31.0700 2256 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:48:32.0308 2256 AppID - ok
11:48:32.0355 2256 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:48:32.0417 2256 AppIDSvc - ok
11:48:32.0464 2256 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:48:32.0573 2256 Appinfo - ok
11:48:32.0698 2256 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:48:32.0698 2256 Apple Mobile Device - ok
11:48:32.0807 2256 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:48:32.0901 2256 AppMgmt - ok
11:48:32.0963 2256 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:48:32.0963 2256 arc - ok
11:48:32.0994 2256 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:48:33.0010 2256 arcsas - ok
11:48:33.0057 2256 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:48:33.0150 2256 AsyncMac - ok
11:48:33.0182 2256 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:48:33.0197 2256 atapi - ok
11:48:33.0275 2256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:48:33.0369 2256 AudioEndpointBuilder - ok
11:48:33.0384 2256 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:48:33.0416 2256 AudioSrv - ok
11:48:33.0478 2256 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:48:33.0556 2256 AxInstSV - ok
11:48:33.0603 2256 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:48:33.0650 2256 b06bdrv - ok
11:48:33.0696 2256 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:48:33.0728 2256 b57nd60a - ok
11:48:33.0759 2256 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:48:33.0790 2256 BDESVC - ok
11:48:33.0806 2256 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:48:33.0852 2256 Beep - ok
11:48:33.0915 2256 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:48:33.0977 2256 BFE - ok
11:48:34.0164 2256 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
11:48:34.0196 2256 BHDrvx64 - ok
11:48:34.0242 2256 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:48:34.0320 2256 BITS - ok
11:48:34.0352 2256 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:48:34.0398 2256 blbdrive - ok
11:48:34.0476 2256 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:48:34.0492 2256 Bonjour Service - ok
11:48:34.0523 2256 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:48:34.0570 2256 bowser - ok
11:48:34.0586 2256 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:48:34.0664 2256 BrFiltLo - ok
11:48:34.0679 2256 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:48:34.0710 2256 BrFiltUp - ok
11:48:34.0742 2256 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:48:34.0788 2256 Browser - ok
11:48:34.0804 2256 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:48:34.0851 2256 Brserid - ok
11:48:34.0866 2256 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:48:34.0913 2256 BrSerWdm - ok
11:48:34.0929 2256 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:48:34.0960 2256 BrUsbMdm - ok
11:48:34.0976 2256 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:48:35.0007 2256 BrUsbSer - ok
11:48:35.0022 2256 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:48:35.0069 2256 BTHMODEM - ok
11:48:35.0100 2256 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:48:35.0147 2256 bthserv - ok
11:48:35.0194 2256 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_MCLIENT C:\Windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys
11:48:35.0210 2256 ccSet_MCLIENT - ok
11:48:35.0288 2256 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys
11:48:35.0303 2256 ccSet_NIS - ok
11:48:35.0350 2256 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:48:35.0412 2256 cdfs - ok
11:48:35.0490 2256 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:48:35.0522 2256 cdrom - ok
11:48:35.0553 2256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:48:35.0600 2256 CertPropSvc - ok
11:48:35.0646 2256 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:48:35.0662 2256 circlass - ok
11:48:35.0724 2256 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:48:35.0740 2256 CLFS - ok
11:48:35.0802 2256 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:48:35.0818 2256 clr_optimization_v2.0.50727_32 - ok
11:48:35.0880 2256 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:48:35.0896 2256 clr_optimization_v2.0.50727_64 - ok
11:48:35.0974 2256 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:48:35.0974 2256 clr_optimization_v4.0.30319_32 - ok
11:48:36.0021 2256 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:48:36.0036 2256 clr_optimization_v4.0.30319_64 - ok
11:48:36.0083 2256 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:48:36.0130 2256 CmBatt - ok
11:48:36.0177 2256 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:48:36.0192 2256 cmdide - ok
11:48:36.0239 2256 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
11:48:36.0270 2256 CNG - ok
11:48:36.0286 2256 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:48:36.0286 2256 Compbatt - ok
11:48:36.0317 2256 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:48:36.0364 2256 CompositeBus - ok
11:48:36.0380 2256 COMSysApp - ok
11:48:36.0395 2256 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:48:36.0411 2256 crcdisk - ok
11:48:36.0458 2256 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:48:36.0520 2256 CryptSvc - ok
11:48:36.0551 2256 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:48:36.0614 2256 CSC - ok
11:48:36.0645 2256 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:48:36.0692 2256 CscService - ok
11:48:36.0723 2256 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
11:48:36.0738 2256 dc3d - ok
11:48:36.0770 2256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:48:36.0848 2256 DcomLaunch - ok
11:48:36.0879 2256 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:48:36.0941 2256 defragsvc - ok
11:48:36.0972 2256 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:48:37.0035 2256 DfsC - ok
11:48:37.0082 2256 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:48:37.0144 2256 Dhcp - ok
11:48:37.0175 2256 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:48:37.0206 2256 discache - ok
11:48:37.0253 2256 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:48:37.0253 2256 Disk - ok
11:48:37.0284 2256 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:48:37.0347 2256 Dnscache - ok
11:48:37.0378 2256 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:48:37.0456 2256 dot3svc - ok
11:48:37.0472 2256 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:48:37.0518 2256 DPS - ok
11:48:37.0550 2256 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:48:37.0596 2256 drmkaud - ok
11:48:37.0643 2256 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:48:37.0674 2256 DXGKrnl - ok
11:48:37.0706 2256 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:48:37.0752 2256 EapHost - ok
11:48:37.0846 2256 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:48:37.0924 2256 ebdrv - ok
11:48:37.0986 2256 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:48:38.0002 2256 eeCtrl - ok
11:48:38.0033 2256 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:48:38.0080 2256 EFS - ok
11:48:38.0127 2256 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:48:38.0205 2256 ehRecvr - ok
11:48:38.0220 2256 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:48:38.0283 2256 ehSched - ok
11:48:38.0345 2256 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:48:38.0361 2256 elxstor - ok
11:48:38.0408 2256 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:48:38.0423 2256 EraserUtilRebootDrv - ok
11:48:38.0439 2256 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:48:38.0486 2256 ErrDev - ok
11:48:38.0532 2256 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:48:38.0595 2256 EventSystem - ok
11:48:38.0610 2256 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:48:38.0657 2256 exfat - ok
11:48:38.0673 2256 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:48:38.0735 2256 fastfat - ok
11:48:38.0782 2256 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:48:38.0844 2256 Fax - ok
11:48:38.0876 2256 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:48:38.0938 2256 fdc - ok
11:48:38.0969 2256 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:48:39.0016 2256 fdPHost - ok
11:48:39.0032 2256 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:48:39.0078 2256 FDResPub - ok
11:48:39.0110 2256 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:48:39.0125 2256 FileInfo - ok
11:48:39.0141 2256 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:48:39.0203 2256 Filetrace - ok
11:48:39.0219 2256 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:48:39.0250 2256 flpydisk - ok
11:48:39.0281 2256 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:48:39.0297 2256 FltMgr - ok
11:48:39.0328 2256 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:48:39.0406 2256 FontCache - ok
11:48:39.0453 2256 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:48:39.0468 2256 FontCache3.0.0.0 - ok
11:48:39.0484 2256 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:48:39.0500 2256 FsDepends - ok
11:48:39.0531 2256 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:48:39.0546 2256 Fs_Rec - ok
11:48:39.0593 2256 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:48:39.0609 2256 fvevol - ok
11:48:39.0624 2256 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:48:39.0640 2256 gagp30kx - ok
11:48:39.0671 2256 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:48:39.0671 2256 GEARAspiWDM - ok
11:48:39.0718 2256 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
11:48:39.0734 2256 ggflt - ok
11:48:39.0749 2256 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
11:48:39.0749 2256 ggsemc - ok
11:48:39.0780 2256 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:48:39.0858 2256 gpsvc - ok
11:48:39.0936 2256 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:48:39.0936 2256 gupdate - ok
11:48:39.0952 2256 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:48:39.0952 2256 gupdatem - ok
11:48:39.0983 2256 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:48:40.0030 2256 hcw85cir - ok
11:48:40.0077 2256 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:48:40.0108 2256 HdAudAddService - ok
11:48:40.0139 2256 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:48:40.0170 2256 HDAudBus - ok
11:48:40.0186 2256 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:48:40.0217 2256 HidBatt - ok
11:48:40.0233 2256 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:48:40.0264 2256 HidBth - ok
11:48:40.0280 2256 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:48:40.0311 2256 HidIr - ok
11:48:40.0326 2256 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:48:40.0389 2256 hidserv - ok
11:48:40.0451 2256 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:48:40.0467 2256 HidUsb - ok
11:48:40.0514 2256 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:48:40.0560 2256 hkmsvc - ok
11:48:40.0576 2256 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:48:40.0623 2256 HomeGroupListener - ok
11:48:40.0654 2256 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:48:40.0670 2256 HomeGroupProvider - ok
11:48:40.0732 2256 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:48:40.0732 2256 HpSAMD - ok
11:48:40.0779 2256 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:48:40.0841 2256 HTTP - ok
11:48:40.0872 2256 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:48:40.0888 2256 hwpolicy - ok
11:48:40.0919 2256 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:48:40.0919 2256 i8042prt - ok
11:48:40.0950 2256 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:48:40.0966 2256 iaStorV - ok
11:48:41.0013 2256 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:48:41.0060 2256 idsvc - ok
11:48:41.0153 2256 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20121218.001\IDSvia64.sys
11:48:41.0169 2256 IDSVia64 - ok
11:48:41.0216 2256 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:48:41.0216 2256 iirsp - ok
11:48:41.0294 2256 [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
11:48:41.0294 2256 IJPLMSVC - ok
11:48:41.0340 2256 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:48:41.0434 2256 IKEEXT - ok
11:48:41.0528 2256 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:48:41.0621 2256 IntcAzAudAddService - ok
11:48:41.0652 2256 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:48:41.0652 2256 intelide - ok
11:48:41.0699 2256 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:48:41.0746 2256 intelppm - ok
11:48:41.0777 2256 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:48:41.0840 2256 IPBusEnum - ok
11:48:41.0871 2256 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:48:41.0918 2256 IpFilterDriver - ok
11:48:41.0949 2256 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:48:41.0980 2256 iphlpsvc - ok
11:48:42.0011 2256 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:48:42.0042 2256 IPMIDRV - ok
11:48:42.0074 2256 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:48:42.0136 2256 IPNAT - ok
11:48:42.0230 2256 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:48:42.0261 2256 iPod Service - ok
11:48:42.0292 2256 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:48:42.0354 2256 IRENUM - ok
11:48:42.0370 2256 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:48:42.0386 2256 isapnp - ok
11:48:42.0417 2256 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:48:42.0432 2256 iScsiPrt - ok
11:48:42.0448 2256 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:48:42.0464 2256 kbdclass - ok
11:48:42.0495 2256 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:48:42.0526 2256 kbdhid - ok
11:48:42.0542 2256 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:48:42.0557 2256 KeyIso - ok
11:48:42.0588 2256 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:48:42.0604 2256 KSecDD - ok
11:48:42.0635 2256 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:48:42.0651 2256 KSecPkg - ok
11:48:42.0666 2256 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:48:42.0698 2256 ksthunk - ok
11:48:42.0744 2256 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:48:42.0776 2256 KtmRm - ok
11:48:42.0822 2256 [ B8E670D7EF61615FA03104552854FAC9 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
11:48:42.0838 2256 L1E - ok
11:48:42.0885 2256 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:48:42.0932 2256 LanmanServer - ok
11:48:42.0947 2256 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:48:42.0994 2256 LanmanWorkstation - ok
11:48:43.0041 2256 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:48:43.0072 2256 lltdio - ok
11:48:43.0119 2256 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:48:43.0166 2256 lltdsvc - ok
11:48:43.0181 2256 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:48:43.0212 2256 lmhosts - ok
11:48:43.0259 2256 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:48:43.0259 2256 LSI_FC - ok
11:48:43.0275 2256 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:48:43.0290 2256 LSI_SAS - ok
11:48:43.0306 2256 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:48:43.0322 2256 LSI_SAS2 - ok
11:48:43.0337 2256 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:48:43.0337 2256 LSI_SCSI - ok
11:48:43.0353 2256 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:48:43.0400 2256 luafv - ok
11:48:43.0431 2256 [ B285CB154E5DC2F52216836B883AC352 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:48:43.0446 2256 LVPr2M64 - ok
11:48:43.0493 2256 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
11:48:43.0509 2256 LVRS64 - ok
11:48:43.0618 2256 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
11:48:43.0774 2256 LVUVC64 - ok
11:48:43.0821 2256 [ B3B7C5F26F3F8C7992350B7EDE64F5C9 ] Magic Tune C:\Windows\system32\Drivers\MtiCtwl.sys
11:48:43.0836 2256 Magic Tune - ok
11:48:43.0883 2256 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:48:43.0899 2256 MBAMProtector - ok
11:48:43.0992 2256 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler F:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:48:44.0008 2256 MBAMScheduler - ok
11:48:44.0039 2256 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
11:48:44.0055 2256 MBAMService - ok
11:48:44.0117 2256 [ 4A9258B9597A31DB68EC9740F3A8A70B ] MCLIENT C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
11:48:44.0117 2256 MCLIENT - ok
11:48:44.0148 2256 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:48:44.0164 2256 Mcx2Svc - ok
11:48:44.0180 2256 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:48:44.0195 2256 megasas - ok
11:48:44.0242 2256 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:48:44.0242 2256 MegaSR - ok
11:48:44.0289 2256 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:48:44.0351 2256 MMCSS - ok
11:48:44.0367 2256 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:48:44.0414 2256 Modem - ok
11:48:44.0445 2256 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:48:44.0476 2256 monitor - ok
11:48:44.0507 2256 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:48:44.0507 2256 mouclass - ok
11:48:44.0538 2256 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:48:44.0554 2256 mouhid - ok
11:48:44.0570 2256 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:48:44.0585 2256 mountmgr - ok
11:48:44.0648 2256 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
11:48:44.0663 2256 MpFilter - ok
11:48:44.0694 2256 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:48:44.0694 2256 mpio - ok
11:48:44.0710 2256 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:48:44.0757 2256 mpsdrv - ok
11:48:44.0804 2256 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:48:44.0866 2256 MpsSvc - ok
11:48:44.0882 2256 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:48:44.0913 2256 MRxDAV - ok
11:48:44.0928 2256 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:48:44.0975 2256 mrxsmb - ok
11:48:44.0991 2256 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:48:45.0022 2256 mrxsmb10 - ok
11:48:45.0038 2256 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:48:45.0084 2256 mrxsmb20 - ok
11:48:45.0131 2256 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:48:45.0147 2256 msahci - ok
11:48:45.0147 2256 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:48:45.0162 2256 msdsm - ok
11:48:45.0178 2256 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:48:45.0225 2256 MSDTC - ok
11:48:45.0256 2256 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:48:45.0318 2256 Msfs - ok
11:48:45.0350 2256 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:48:45.0396 2256 mshidkmdf - ok
11:48:45.0428 2256 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:48:45.0443 2256 msisadrv - ok
11:48:45.0490 2256 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:48:45.0537 2256 MSiSCSI - ok
11:48:45.0552 2256 msiserver - ok
11:48:45.0584 2256 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:48:45.0615 2256 MSKSSRV - ok
11:48:45.0662 2256 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:48:45.0677 2256 MsMpSvc - ok
11:48:45.0693 2256 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:48:45.0724 2256 MSPCLOCK - ok
11:48:45.0755 2256 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:48:45.0802 2256 MSPQM - ok
11:48:45.0833 2256 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:48:45.0833 2256 MsRPC - ok
11:48:45.0880 2256 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:48:45.0880 2256 mssmbios - ok
11:48:45.0911 2256 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:48:45.0942 2256 MSTEE - ok
11:48:45.0958 2256 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:48:45.0989 2256 MTConfig - ok
11:48:46.0052 2256 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
11:48:46.0083 2256 MTsensor - ok
11:48:46.0114 2256 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:48:46.0114 2256 Mup - ok
11:48:46.0161 2256 [ 7E045AF28F71851AA5ECE8C78AEFCE46 ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
11:48:46.0161 2256 mv61xx - ok
11:48:46.0192 2256 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:48:46.0223 2256 napagent - ok
11:48:46.0254 2256 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:48:46.0301 2256 NativeWifiP - ok
11:48:46.0364 2256 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121218.020\ENG64.SYS
11:48:46.0379 2256 NAVENG - ok
11:48:46.0426 2256 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121218.020\EX64.SYS
11:48:46.0488 2256 NAVEX15 - ok
11:48:46.0504 2256 [ B3B7C5F26F3F8C7992350B7EDE64F5C9 ] NCPro C:\Windows\system32\drivers\MTictwl.sys
11:48:46.0520 2256 NCPro - ok
11:48:46.0566 2256 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:48:46.0598 2256 NDIS - ok
11:48:46.0629 2256 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:48:46.0660 2256 NdisCap - ok
11:48:46.0707 2256 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:48:46.0754 2256 NdisTapi - ok
11:48:46.0785 2256 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:48:46.0816 2256 Ndisuio - ok
11:48:46.0863 2256 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:48:46.0894 2256 NdisWan - ok
11:48:46.0925 2256 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:48:46.0956 2256 NDProxy - ok
11:48:47.0034 2256 [ 27FE4B70C12A2C67A58D799B9A4E8D81 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
11:48:47.0050 2256 Nero BackItUp Scheduler 4.0 - ok
11:48:47.0097 2256 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:48:47.0128 2256 NetBIOS - ok
11:48:47.0144 2256 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:48:47.0206 2256 NetBT - ok
11:48:47.0222 2256 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:48:47.0237 2256 Netlogon - ok
11:48:47.0284 2256 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:48:47.0356 2256 Netman - ok
11:48:47.0372 2256 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:48:47.0419 2256 netprofm - ok
11:48:47.0450 2256 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:48:47.0466 2256 NetTcpPortSharing - ok
11:48:47.0497 2256 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:48:47.0513 2256 nfrd960 - ok
11:48:47.0591 2256 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
11:48:47.0591 2256 NIS - ok
11:48:47.0622 2256 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:48:47.0638 2256 NisDrv - ok
11:48:47.0669 2256 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:48:47.0684 2256 NisSrv - ok
11:48:47.0731 2256 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:48:47.0778 2256 NlaSvc - ok
11:48:47.0809 2256 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:48:47.0856 2256 Npfs - ok
11:48:47.0887 2256 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:48:47.0918 2256 nsi - ok
11:48:47.0934 2256 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:48:47.0981 2256 nsiproxy - ok
11:48:48.0043 2256 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:48:48.0090 2256 Ntfs - ok
11:48:48.0106 2256 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:48:48.0152 2256 Null - ok
11:48:48.0199 2256 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
11:48:48.0199 2256 NVHDA - ok
11:48:48.0575 2256 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:48:48.0824 2256 nvlddmkm - ok
11:48:48.0871 2256 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:48:48.0887 2256 nvraid - ok
11:48:48.0933 2256 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:48:48.0933 2256 nvstor - ok
11:48:48.0980 2256 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
11:48:48.0996 2256 nvsvc - ok
11:48:49.0074 2256 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:48:49.0105 2256 nvUpdatusService - ok
11:48:49.0121 2256 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:48:49.0136 2256 nv_agp - ok
11:48:49.0214 2256 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:48:49.0230 2256 odserv - ok
11:48:49.0292 2256 [ 0182074B2B8915C8371EA5A006BAC44E ] ogmservice C:\Program Files (x86)\Online Games Manager\ogmservice.exe
11:48:49.0292 2256 ogmservice - ok
11:48:49.0323 2256 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:48:49.0370 2256 ohci1394 - ok
11:48:49.0401 2256 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:48:49.0401 2256 ose - ok
11:48:49.0433 2256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:48:49.0479 2256 p2pimsvc - ok
11:48:49.0511 2256 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:48:49.0542 2256 p2psvc - ok
11:48:49.0573 2256 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:48:49.0589 2256 Parport - ok
11:48:49.0620 2256 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:48:49.0635 2256 partmgr - ok
11:48:49.0682 2256 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:48:49.0791 2256 PcaSvc - ok
11:48:49.0838 2256 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:48:49.0854 2256 pci - ok
11:48:49.0869 2256 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:48:49.0885 2256 pciide - ok
11:48:49.0901 2256 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:48:49.0916 2256 pcmcia - ok
11:48:49.0932 2256 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:48:49.0947 2256 pcw - ok
11:48:49.0963 2256 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:48:50.0010 2256 PEAUTH - ok
11:48:50.0072 2256 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:48:50.0135 2256 PeerDistSvc - ok
11:48:50.0197 2256 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:48:50.0244 2256 PerfHost - ok
11:48:50.0291 2256 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:48:50.0353 2256 pla - ok
11:48:50.0415 2256 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
11:48:50.0447 2256 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
11:48:50.0447 2256 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
11:48:50.0478 2256 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:48:50.0540 2256 PlugPlay - ok
11:48:50.0556 2256 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:48:50.0587 2256 PNRPAutoReg - ok
11:48:50.0603 2256 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:48:50.0618 2256 PNRPsvc - ok
11:48:50.0649 2256 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
11:48:50.0665 2256 Point64 - ok
11:48:50.0696 2256 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:48:50.0743 2256 PolicyAgent - ok
11:48:50.0790 2256 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:48:50.0852 2256 Power - ok
11:48:50.0883 2256 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:48:50.0915 2256 PptpMiniport - ok
11:48:50.0946 2256 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:48:50.0977 2256 Processor - ok
11:48:51.0024 2256 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:48:51.0055 2256 ProfSvc - ok
11:48:51.0071 2256 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:48:51.0086 2256 ProtectedStorage - ok
11:48:51.0133 2256 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:48:51.0180 2256 Psched - ok
11:48:51.0258 2256 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
11:48:51.0273 2256 PSI - ok
11:48:51.0305 2256 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:48:51.0320 2256 PSI_SVC_2 - ok
11:48:51.0383 2256 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:48:51.0429 2256 ql2300 - ok
11:48:51.0461 2256 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:48:51.0461 2256 ql40xx - ok
11:48:51.0507 2256 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:48:51.0523 2256 QWAVE - ok
11:48:51.0539 2256 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:48:51.0570 2256 QWAVEdrv - ok
11:48:51.0585 2256 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:48:51.0632 2256 RasAcd - ok
11:48:51.0679 2256 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:48:51.0710 2256 RasAgileVpn - ok
11:48:51.0741 2256 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:48:51.0788 2256 RasAuto - ok
11:48:51.0819 2256 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:48:51.0851 2256 Rasl2tp - ok
11:48:51.0882 2256 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:48:51.0944 2256 RasMan - ok
11:48:51.0975 2256 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:48:52.0038 2256 RasPppoe - ok
11:48:52.0069 2256 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:48:52.0100 2256 RasSstp - ok
11:48:52.0131 2256 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:48:52.0178 2256 rdbss - ok
11:48:52.0194 2256 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:48:52.0241 2256 rdpbus - ok
11:48:52.0256 2256 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:48:52.0287 2256 RDPCDD - ok
11:48:52.0334 2256 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:48:52.0365 2256 RDPDR - ok
11:48:52.0381 2256 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:48:52.0459 2256 RDPENCDD - ok
11:48:52.0475 2256 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:48:52.0537 2256 RDPREFMP - ok
11:48:52.0615 2256 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:48:52.0662 2256 RdpVideoMiniport - ok
11:48:52.0677 2256 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:48:52.0724 2256 RDPWD - ok
11:48:52.0755 2256 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:48:52.0771 2256 rdyboost - ok
11:48:52.0818 2256 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:48:52.0849 2256 RemoteAccess - ok
11:48:52.0880 2256 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:48:52.0927 2256 RemoteRegistry - ok
11:48:52.0958 2256 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:48:53.0021 2256 RpcEptMapper - ok
11:48:53.0052 2256 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:48:53.0067 2256 RpcLocator - ok
11:48:53.0083 2256 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:48:53.0114 2256 RpcSs - ok
11:48:53.0145 2256 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:48:53.0192 2256 rspndr - ok
11:48:53.0239 2256 [ 301FBA4594FB5C0A469299A65106B4AA ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys
11:48:53.0255 2256 s1018bus - ok
11:48:53.0286 2256 [ D1D7C744F79710357E60FC04D125ED01 ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys
11:48:53.0286 2256 s1018mdfl - ok
11:48:53.0317 2256 [ 7DBE12CCCD837D4266B2DDD80A329C09 ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys
11:48:53.0317 2256 s1018mdm - ok
11:48:53.0348 2256 [ 065FF5E62D2D18A6D93FD925546CD549 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys
11:48:53.0364 2256 s1018mgmt - ok
11:48:53.0379 2256 [ 5101D815BDF0D667E3D5F0EA727CAAEE ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys
11:48:53.0379 2256 s1018nd5 - ok
11:48:53.0411 2256 [ 13F220C65B444AC9BDA49DACFC3230BB ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys
11:48:53.0426 2256 s1018obex - ok
11:48:53.0426 2256 [ CE7D8BCE80211D8A35F6BD7A87791860 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys
11:48:53.0442 2256 s1018unic - ok
11:48:53.0473 2256 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:48:53.0520 2256 s3cap - ok
11:48:53.0551 2256 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:48:53.0551 2256 SamSs - ok
11:48:53.0582 2256 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:48:53.0582 2256 sbp2port - ok
11:48:53.0629 2256 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:48:53.0676 2256 SCardSvr - ok
11:48:53.0723 2256 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:48:53.0769 2256 scfilter - ok
11:48:53.0816 2256 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:48:53.0879 2256 Schedule - ok
11:48:53.0910 2256 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:48:53.0941 2256 SCPolicySvc - ok
11:48:53.0972 2256 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:48:54.0019 2256 SDRSVC - ok
11:48:54.0113 2256 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService F:\Programme\Spy\Spybot - Search & Destroy 2\SDFSSvc.exe
11:48:54.0159 2256 SDScannerService - ok
11:48:54.0206 2256 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService F:\Programme\Spy\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:48:54.0253 2256 SDUpdateService - ok
11:48:54.0269 2256 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService F:\Programme\Spy\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:48:54.0269 2256 SDWSCService - ok
11:48:54.0315 2256 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:48:54.0347 2256 secdrv - ok
11:48:54.0362 2256 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:48:54.0409 2256 seclogon - ok
11:48:54.0503 2256 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
11:48:54.0534 2256 Secunia PSI Agent - ok
11:48:54.0565 2256 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
11:48:54.0581 2256 Secunia Update Agent - ok
11:48:54.0627 2256 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
11:48:54.0659 2256 seehcri - ok
11:48:54.0690 2256 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:48:54.0737 2256 SENS - ok
11:48:54.0752 2256 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:48:54.0815 2256 SensrSvc - ok
11:48:54.0846 2256 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:48:54.0908 2256 Serenum - ok
11:48:54.0924 2256 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:48:54.0939 2256 Serial - ok
11:48:54.0971 2256 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:48:55.0002 2256 sermouse - ok
11:48:55.0033 2256 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:48:55.0064 2256 SessionEnv - ok
11:48:55.0095 2256 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:48:55.0142 2256 sffdisk - ok
11:48:55.0158 2256 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:48:55.0189 2256 sffp_mmc - ok
11:48:55.0205 2256 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:48:55.0236 2256 sffp_sd - ok
11:48:55.0267 2256 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:48:55.0283 2256 sfloppy - ok
11:48:55.0329 2256 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:48:55.0376 2256 SharedAccess - ok
11:48:55.0407 2256 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:48:55.0470 2256 ShellHWDetection - ok
11:48:55.0485 2256 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:48:55.0501 2256 SiSRaid2 - ok
11:48:55.0517 2256 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:48:55.0532 2256 SiSRaid4 - ok
11:48:55.0673 2256 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:48:55.0719 2256 Skype C2C Service - ok
11:48:55.0813 2256 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:48:55.0813 2256 SkypeUpdate - ok
11:48:55.0860 2256 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:48:55.0922 2256 Smb - ok
11:48:55.0985 2256 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:48:56.0000 2256 SNMPTRAP - ok
11:48:56.0078 2256 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
11:48:56.0094 2256 Sony PC Companion - ok
11:48:56.0125 2256 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:48:56.0125 2256 spldr - ok
11:48:56.0187 2256 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:48:56.0234 2256 Spooler - ok
11:48:56.0312 2256 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:48:56.0406 2256 sppsvc - ok
11:48:56.0437 2256 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:48:56.0468 2256 sppuinotify - ok
11:48:56.0577 2256 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS
11:48:56.0609 2256 SRTSP - ok
11:48:56.0640 2256 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS
11:48:56.0655 2256 SRTSPX - ok
11:48:56.0687 2256 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:48:56.0749 2256 srv - ok
11:48:56.0780 2256 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:48:56.0811 2256 srv2 - ok
11:48:56.0843 2256 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:48:56.0874 2256 srvnet - ok
11:48:56.0905 2256 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:48:56.0952 2256 SSDPSRV - ok
11:48:56.0983 2256 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:48:57.0014 2256 SstpSvc - ok
11:48:57.0092 2256 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:48:57.0108 2256 Stereo Service - ok
11:48:57.0139 2256 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:48:57.0139 2256 stexstor - ok
11:48:57.0186 2256 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:48:57.0233 2256 stisvc - ok
11:48:57.0248 2256 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:48:57.0264 2256 storflt - ok
11:48:57.0279 2256 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:48:57.0279 2256 storvsc - ok
11:48:57.0326 2256 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:48:57.0326 2256 swenum - ok
11:48:57.0373 2256 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:48:57.0404 2256 swprv - ok
11:48:57.0467 2256 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS
11:48:57.0482 2256 SymDS - ok
11:48:57.0529 2256 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS
11:48:57.0560 2256 SymEFA - ok
11:48:57.0591 2256 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:48:57.0607 2256 SymEvent - ok
11:48:57.0638 2256 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS
11:48:57.0654 2256 SymIRON - ok
11:48:57.0669 2256 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS
11:48:57.0685 2256 SymNetS - ok
11:48:57.0701 2256 Synth3dVsc - ok
11:48:57.0747 2256 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:48:57.0825 2256 SysMain - ok
11:48:57.0857 2256 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:48:57.0888 2256 TabletInputService - ok
11:48:57.0919 2256 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:48:57.0966 2256 TapiSrv - ok
11:48:57.0981 2256 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:48:58.0028 2256 TBS - ok
11:48:58.0075 2256 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:48:58.0137 2256 Tcpip - ok
11:48:58.0169 2256 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:48:58.0200 2256 TCPIP6 - ok
11:48:58.0247 2256 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:48:58.0262 2256 tcpipreg - ok
11:48:58.0293 2256 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:48:58.0325 2256 TDPIPE - ok
11:48:58.0356 2256 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:48:58.0371 2256 TDTCP - ok
11:48:58.0403 2256 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:48:58.0449 2256 tdx - ok
11:48:58.0465 2256 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:48:58.0481 2256 TermDD - ok
11:48:58.0512 2256 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:48:58.0590 2256 TermService - ok
11:48:58.0605 2256 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:48:58.0637 2256 Themes - ok
11:48:58.0652 2256 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:48:58.0683 2256 THREADORDER - ok
11:48:58.0715 2256 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:48:58.0761 2256 TrkWks - ok
11:48:58.0824 2256 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:48:58.0871 2256 TrustedInstaller - ok
11:48:58.0902 2256 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:48:58.0949 2256 tssecsrv - ok
11:48:58.0964 2256 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:48:58.0995 2256 TsUsbFlt - ok
11:48:59.0011 2256 tsusbhub - ok
11:48:59.0042 2256 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:48:59.0073 2256 tunnel - ok
11:48:59.0105 2256 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:48:59.0105 2256 uagp35 - ok
11:48:59.0136 2256 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:48:59.0198 2256 udfs - ok
11:48:59.0229 2256 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:48:59.0276 2256 UI0Detect - ok
11:48:59.0323 2256 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:48:59.0323 2256 uliagpkx - ok
11:48:59.0354 2256 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:48:59.0385 2256 umbus - ok
11:48:59.0401 2256 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:48:59.0432 2256 UmPass - ok
11:48:59.0463 2256 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:48:59.0495 2256 UmRdpService - ok
11:48:59.0604 2256 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
11:48:59.0619 2256 UMVPFSrv - ok
11:48:59.0651 2256 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:48:59.0682 2256 upnphost - ok
11:48:59.0729 2256 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:48:59.0744 2256 usbaudio - ok
11:48:59.0760 2256 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:48:59.0807 2256 usbccgp - ok
11:48:59.0838 2256 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:48:59.0885 2256 usbcir - ok
11:48:59.0885 2256 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:48:59.0916 2256 usbehci - ok
11:48:59.0963 2256 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:48:59.0994 2256 usbhub - ok
11:49:00.0009 2256 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:49:00.0025 2256 usbohci - ok
11:49:00.0087 2256 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:49:00.0197 2256 usbprint - ok
11:49:00.0259 2256 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:49:00.0337 2256 usbscan - ok
11:49:00.0353 2256 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:49:00.0446 2256 USBSTOR - ok
11:49:00.0462 2256 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:49:00.0493 2256 usbuhci - ok
11:49:00.0540 2256 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:49:00.0571 2256 usbvideo - ok
11:49:00.0618 2256 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:49:00.0665 2256 UxSms - ok
11:49:00.0680 2256 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:49:00.0696 2256 VaultSvc - ok
11:49:00.0727 2256 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:49:00.0743 2256 vdrvroot - ok
11:49:00.0774 2256 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:49:00.0821 2256 vds - ok
11:49:00.0867 2256 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:49:00.0883 2256 vga - ok
11:49:00.0899 2256 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:49:00.0945 2256 VgaSave - ok
11:49:00.0945 2256 VGPU - ok
11:49:00.0977 2256 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:49:00.0992 2256 vhdmp - ok
11:49:01.0023 2256 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:49:01.0023 2256 viaide - ok
11:49:01.0055 2256 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:49:01.0055 2256 vmbus - ok
11:49:01.0070 2256 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:49:01.0086 2256 VMBusHID - ok
11:49:01.0117 2256 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:49:01.0133 2256 volmgr - ok
11:49:01.0164 2256 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:49:01.0179 2256 volmgrx - ok
11:49:01.0195 2256 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:49:01.0211 2256 volsnap - ok
11:49:01.0242 2256 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:49:01.0257 2256 vsmraid - ok
11:49:01.0320 2256 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:49:01.0398 2256 VSS - ok
11:49:01.0398 2256 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:49:01.0445 2256 vwifibus - ok
11:49:01.0476 2256 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:49:01.0523 2256 W32Time - ok
11:49:01.0554 2256 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:49:01.0585 2256 WacomPen - ok
11:49:01.0632 2256 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:49:01.0663 2256 WANARP - ok
11:49:01.0679 2256 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:49:01.0710 2256 Wanarpv6 - ok
11:49:01.0772 2256 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:49:01.0803 2256 WatAdminSvc - ok
11:49:01.0850 2256 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:49:01.0928 2256 wbengine - ok
11:49:01.0944 2256 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:49:01.0991 2256 WbioSrvc - ok
11:49:02.0022 2256 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:49:02.0069 2256 wcncsvc - ok
11:49:02.0100 2256 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:49:02.0147 2256 WcsPlugInService - ok
11:49:02.0178 2256 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:49:02.0193 2256 Wd - ok
11:49:02.0240 2256 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:49:02.0271 2256 Wdf01000 - ok
11:49:02.0287 2256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:49:02.0349 2256 WdiServiceHost - ok
11:49:02.0365 2256 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:49:02.0381 2256 WdiSystemHost - ok
11:49:02.0412 2256 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:49:02.0443 2256 WebClient - ok
11:49:02.0459 2256 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:49:02.0505 2256 Wecsvc - ok
11:49:02.0521 2256 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:49:02.0568 2256 wercplsupport - ok
11:49:02.0599 2256 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:49:02.0646 2256 WerSvc - ok
11:49:02.0693 2256 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:49:02.0724 2256 WfpLwf - ok
11:49:02.0739 2256 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:49:02.0755 2256 WIMMount - ok
11:49:02.0802 2256 WinDefend - ok
11:49:02.0802 2256 WinHttpAutoProxySvc - ok
11:49:02.0849 2256 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:49:02.0895 2256 Winmgmt - ok
11:49:02.0958 2256 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:49:03.0051 2256 WinRM - ok
11:49:03.0114 2256 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:49:03.0145 2256 WinUsb - ok
11:49:03.0192 2256 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:49:03.0254 2256 Wlansvc - ok
11:49:03.0379 2256 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:49:03.0457 2256 wlidsvc - ok
11:49:03.0473 2256 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:49:03.0535 2256 WmiAcpi - ok
11:49:03.0551 2256 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:49:03.0566 2256 wmiApSrv - ok
11:49:03.0597 2256 WMPNetworkSvc - ok
11:49:03.0629 2256 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:49:03.0629 2256 WPCSvc - ok
11:49:03.0660 2256 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:49:03.0691 2256 WPDBusEnum - ok
11:49:03.0738 2256 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:49:03.0769 2256 ws2ifsl - ok
11:49:03.0785 2256 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:49:03.0847 2256 wscsvc - ok
11:49:03.0847 2256 WSearch - ok
11:49:03.0925 2256 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:49:03.0987 2256 wuauserv - ok
11:49:04.0019 2256 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:49:04.0050 2256 WudfPf - ok
11:49:04.0097 2256 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:49:04.0143 2256 WUDFRd - ok
11:49:04.0175 2256 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:49:04.0206 2256 wudfsvc - ok
11:49:04.0237 2256 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:49:04.0253 2256 WwanSvc - ok
11:49:04.0268 2256 ================ Scan global ===============================
11:49:04.0299 2256 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:49:04.0331 2256 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:49:04.0346 2256 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:49:04.0362 2256 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:49:04.0393 2256 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:49:04.0393 2256 [Global] - ok
11:49:04.0393 2256 ================ Scan MBR ==================================
11:49:04.0409 2256 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:49:04.0471 2256 \Device\Harddisk0\DR0 - ok
11:49:04.0471 2256 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
11:49:05.0017 2256 \Device\Harddisk1\DR1 - ok
11:49:05.0033 2256 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
11:49:05.0095 2256 \Device\Harddisk2\DR2 - ok
11:49:05.0095 2256 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
11:49:05.0469 2256 \Device\Harddisk3\DR3 - ok
11:49:05.0501 2256 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
11:49:05.0657 2256 \Device\Harddisk4\DR4 - ok
11:49:05.0657 2256 ================ Scan VBR ==================================
11:49:05.0672 2256 [ 3BAF8004BF7D5C3C6F48AA41A406A2AD ] \Device\Harddisk0\DR0\Partition1
11:49:05.0672 2256 \Device\Harddisk0\DR0\Partition1 - ok
11:49:05.0672 2256 [ 1A0872D7495D33D658EE55D490759F1E ] \Device\Harddisk1\DR1\Partition1
11:49:05.0672 2256 \Device\Harddisk1\DR1\Partition1 - ok
11:49:05.0703 2256 [ 01BDA8CFB1C6CFCCE35F1B50EB727DA2 ] \Device\Harddisk2\DR2\Partition1
11:49:05.0703 2256 \Device\Harddisk2\DR2\Partition1 - ok
11:49:05.0703 2256 [ 972C9F725639FC9C3F23BB07494B79F2 ] \Device\Harddisk3\DR3\Partition1
11:49:05.0703 2256 \Device\Harddisk3\DR3\Partition1 - ok
11:49:05.0719 2256 [ 66AE0DF7852FA19888B7F0B2E36AF2B4 ] \Device\Harddisk3\DR3\Partition2
11:49:05.0719 2256 \Device\Harddisk3\DR3\Partition2 - ok
11:49:05.0719 2256 [ 0C06FF11F7B8D168D86A2B5A098D9928 ] \Device\Harddisk4\DR4\Partition1
11:49:05.0719 2256 \Device\Harddisk4\DR4\Partition1 - ok
11:49:05.0735 2256 [ 9FE992A9A2CE576553865EC7B68A780E ] \Device\Harddisk4\DR4\Partition2
11:49:05.0735 2256 \Device\Harddisk4\DR4\Partition2 - ok
11:49:05.0735 2256 ============================================================
11:49:05.0735 2256 Scan finished
11:49:05.0735 2256 ============================================================
11:49:05.0735 1196 Detected object count: 1
11:49:05.0735 1196 Actual detected object count: 1
11:49:27.0200 1196 C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe - copied to quarantine
11:49:27.0200 1196 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:50:32.0611 4728 Deinitialize success

Alt 19.12.2012, 16:35   #10
Laschmunzel
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



11:51:27.0596 1020 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:51:27.0861 1020 ============================================================
11:51:27.0861 1020 Current date / time: 2012/12/19 11:51:27.0861
11:51:27.0861 1020 SystemInfo:
11:51:27.0861 1020
11:51:27.0861 1020 OS Version: 6.1.7601 ServicePack: 1.0
11:51:27.0861 1020 Product type: Workstation
11:51:27.0861 1020 ComputerName: xxx
11:51:27.0861 1020 UserName: xxx
11:51:27.0861 1020 Windows directory: C:\Windows
11:51:27.0861 1020 System windows directory: C:\Windows
11:51:27.0861 1020 Running under WOW64
11:51:27.0861 1020 Processor architecture: Intel x64
11:51:27.0861 1020 Number of processors: 2
11:51:27.0861 1020 Page size: 0x1000
11:51:27.0861 1020 Boot type: Normal boot
11:51:27.0861 1020 ============================================================
11:51:29.0749 1020 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:51:29.0749 1020 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:51:29.0765 1020 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:51:29.0780 1020 Drive \Device\Harddisk3\DR3 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x47B84, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
11:51:29.0780 1020 Drive \Device\Harddisk4\DR4 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:51:29.0811 1020 ============================================================
11:51:29.0811 1020 \Device\Harddisk0\DR0:
11:51:29.0811 1020 MBR partitions:
11:51:29.0811 1020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
11:51:29.0811 1020 \Device\Harddisk1\DR1:
11:51:29.0811 1020 MBR partitions:
11:51:29.0811 1020 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
11:51:29.0811 1020 \Device\Harddisk2\DR2:
11:51:29.0811 1020 MBR partitions:
11:51:29.0811 1020 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
11:51:29.0811 1020 \Device\Harddisk3\DR3:
11:51:29.0811 1020 MBR partitions:
11:51:29.0811 1020 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:51:29.0811 1020 \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
11:51:29.0811 1020 \Device\Harddisk4\DR4:
11:51:29.0811 1020 MBR partitions:
11:51:29.0811 1020 \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x3E80000
11:51:29.0811 1020 \Device\Harddisk4\DR4\Partition2: MBR, Type 0x7, StartLBA 0x3E80800, BlocksNum 0x215AD000
11:51:29.0811 1020 ============================================================
11:51:29.0858 1020 C: <-> \Device\Harddisk3\DR3\Partition2
11:51:29.0874 1020 F: <-> \Device\Harddisk2\DR2\Partition1
11:51:29.0889 1020 H: <-> \Device\Harddisk0\DR0\Partition1
11:51:29.0889 1020 G: <-> \Device\Harddisk1\DR1\Partition1
11:51:29.0889 1020 I: <-> \Device\Harddisk4\DR4\Partition1
11:51:29.0936 1020 J: <-> \Device\Harddisk4\DR4\Partition2
11:51:29.0936 1020 ============================================================
11:51:29.0936 1020 Initialize success
11:51:29.0936 1020 ============================================================
11:53:16.0018 4440 ============================================================
11:53:16.0018 4440 Scan started
11:53:16.0018 4440 Mode: Manual; SigCheck; TDLFS;
11:53:16.0018 4440 ============================================================
11:53:16.0892 4440 ================ Scan system memory ========================
11:53:16.0892 4440 System memory - ok
11:53:16.0892 4440 ================ Scan services =============================
11:53:17.0283 4440 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:53:17.0314 4440 1394ohci - ok
11:53:17.0423 4440 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
11:53:17.0439 4440 a2acc - ok
11:53:17.0517 4440 [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
11:53:17.0564 4440 a2AntiMalware - ok
11:53:17.0595 4440 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
11:53:17.0611 4440 A2DDA - ok
11:53:17.0642 4440 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:53:17.0657 4440 ACPI - ok
11:53:17.0689 4440 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:53:17.0704 4440 AcpiPmi - ok
11:53:17.0829 4440 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:53:17.0829 4440 AdobeARMservice - ok
11:53:18.0204 4440 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:53:18.0204 4440 AdobeFlashPlayerUpdateSvc - ok
11:53:18.0267 4440 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:53:18.0267 4440 adp94xx - ok
11:53:18.0314 4440 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:53:18.0329 4440 adpahci - ok
11:53:18.0376 4440 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:53:18.0392 4440 adpu320 - ok
11:53:18.0423 4440 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:53:18.0454 4440 AeLookupSvc - ok
11:53:18.0501 4440 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:53:18.0516 4440 AFD - ok
11:53:18.0548 4440 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:53:18.0563 4440 agp440 - ok
11:53:18.0579 4440 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:53:18.0594 4440 ALG - ok
11:53:18.0610 4440 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:53:18.0626 4440 aliide - ok
11:53:18.0641 4440 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:53:18.0641 4440 amdide - ok
11:53:18.0672 4440 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:53:18.0688 4440 AmdK8 - ok
11:53:18.0688 4440 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:53:18.0704 4440 AmdPPM - ok
11:53:18.0719 4440 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:53:18.0735 4440 amdsata - ok
11:53:18.0750 4440 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:53:18.0766 4440 amdsbs - ok
11:53:18.0782 4440 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:53:18.0782 4440 amdxata - ok
11:53:18.0828 4440 [ C710B5D634DCCF966661939193175DE4 ] AntUpdaterService C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
11:53:18.0828 4440 AntUpdaterService - ok
11:53:18.0875 4440 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:53:18.0906 4440 AppID - ok
11:53:18.0922 4440 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:53:18.0969 4440 AppIDSvc - ok
11:53:19.0000 4440 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:53:19.0031 4440 Appinfo - ok
11:53:19.0094 4440 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:53:19.0094 4440 Apple Mobile Device - ok
11:53:19.0125 4440 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:53:19.0140 4440 AppMgmt - ok
11:53:19.0191 4440 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:53:19.0191 4440 arc - ok
11:53:19.0207 4440 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:53:19.0207 4440 arcsas - ok
11:53:19.0238 4440 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:53:19.0269 4440 AsyncMac - ok
11:53:19.0285 4440 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:53:19.0300 4440 atapi - ok
11:53:19.0332 4440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:53:19.0363 4440 AudioEndpointBuilder - ok
11:53:19.0394 4440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:53:19.0410 4440 AudioSrv - ok
11:53:19.0456 4440 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:53:19.0472 4440 AxInstSV - ok
11:53:19.0503 4440 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:53:19.0519 4440 b06bdrv - ok
11:53:19.0550 4440 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:53:19.0566 4440 b57nd60a - ok
11:53:19.0612 4440 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:53:19.0628 4440 BDESVC - ok
11:53:19.0644 4440 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:53:19.0675 4440 Beep - ok
11:53:19.0753 4440 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:53:19.0768 4440 BFE - ok
11:53:19.0956 4440 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
11:53:19.0971 4440 BHDrvx64 - ok
11:53:20.0018 4440 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:53:20.0049 4440 BITS - ok
11:53:20.0096 4440 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:53:20.0096 4440 blbdrive - ok
11:53:20.0174 4440 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:53:20.0190 4440 Bonjour Service - ok
11:53:20.0221 4440 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:53:20.0221 4440 bowser - ok
11:53:20.0252 4440 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:53:20.0268 4440 BrFiltLo - ok
11:53:20.0283 4440 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:53:20.0299 4440 BrFiltUp - ok
11:53:20.0330 4440 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:53:20.0330 4440 Browser - ok
11:53:20.0346 4440 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:53:20.0361 4440 Brserid - ok
11:53:20.0377 4440 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:53:20.0392 4440 BrSerWdm - ok
11:53:20.0408 4440 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:53:20.0424 4440 BrUsbMdm - ok
11:53:20.0439 4440 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:53:20.0455 4440 BrUsbSer - ok
11:53:20.0470 4440 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:53:20.0486 4440 BTHMODEM - ok
11:53:20.0502 4440 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:53:20.0533 4440 bthserv - ok
11:53:20.0564 4440 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_MCLIENT C:\Windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys
11:53:20.0580 4440 ccSet_MCLIENT - ok
11:53:20.0673 4440 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys
11:53:20.0673 4440 ccSet_NIS - ok
11:53:20.0736 4440 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:53:20.0751 4440 cdfs - ok
11:53:20.0798 4440 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:53:20.0798 4440 cdrom - ok
11:53:20.0845 4440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:53:20.0876 4440 CertPropSvc - ok
11:53:20.0907 4440 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:53:20.0923 4440 circlass - ok
11:53:20.0954 4440 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:53:20.0970 4440 CLFS - ok
11:53:21.0016 4440 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:53:21.0032 4440 clr_optimization_v2.0.50727_32 - ok
11:53:21.0079 4440 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:53:21.0094 4440 clr_optimization_v2.0.50727_64 - ok
11:53:21.0157 4440 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:53:21.0172 4440 clr_optimization_v4.0.30319_32 - ok
11:53:21.0204 4440 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:53:21.0204 4440 clr_optimization_v4.0.30319_64 - ok
11:53:21.0250 4440 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:53:21.0250 4440 CmBatt - ok
11:53:21.0282 4440 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:53:21.0297 4440 cmdide - ok
11:53:21.0328 4440 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
11:53:21.0344 4440 CNG - ok
11:53:21.0360 4440 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:53:21.0375 4440 Compbatt - ok
11:53:21.0391 4440 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:53:21.0406 4440 CompositeBus - ok
11:53:21.0422 4440 COMSysApp - ok
11:53:21.0438 4440 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:53:21.0453 4440 crcdisk - ok
11:53:21.0500 4440 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:53:21.0500 4440 CryptSvc - ok
11:53:21.0547 4440 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:53:21.0562 4440 CSC - ok
11:53:21.0578 4440 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:53:21.0594 4440 CscService - ok
11:53:21.0640 4440 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
11:53:21.0656 4440 dc3d - ok
11:53:21.0687 4440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:53:21.0703 4440 DcomLaunch - ok
11:53:21.0734 4440 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:53:21.0765 4440 defragsvc - ok
11:53:21.0812 4440 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:53:21.0843 4440 DfsC - ok
11:53:21.0859 4440 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:53:21.0874 4440 Dhcp - ok
11:53:21.0906 4440 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:53:21.0937 4440 discache - ok
11:53:21.0968 4440 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:53:21.0968 4440 Disk - ok
11:53:21.0999 4440 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:53:22.0015 4440 Dnscache - ok
11:53:22.0062 4440 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:53:22.0077 4440 dot3svc - ok
11:53:22.0093 4440 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:53:22.0124 4440 DPS - ok
11:53:22.0155 4440 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:53:22.0171 4440 drmkaud - ok
11:53:22.0218 4440 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:53:22.0233 4440 DXGKrnl - ok
11:53:22.0264 4440 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:53:22.0296 4440 EapHost - ok
11:53:22.0374 4440 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:53:22.0405 4440 ebdrv - ok
11:53:22.0467 4440 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:53:22.0483 4440 eeCtrl - ok
11:53:22.0498 4440 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:53:22.0514 4440 EFS - ok
11:53:22.0545 4440 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:53:22.0561 4440 ehRecvr - ok
11:53:22.0592 4440 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:53:22.0608 4440 ehSched - ok
11:53:22.0654 4440 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:53:22.0670 4440 elxstor - ok
11:53:22.0717 4440 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:53:22.0732 4440 EraserUtilRebootDrv - ok
11:53:22.0748 4440 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:53:22.0748 4440 ErrDev - ok
11:53:22.0795 4440 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:53:22.0826 4440 EventSystem - ok
11:53:22.0857 4440 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:53:22.0873 4440 exfat - ok
11:53:22.0904 4440 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:53:22.0920 4440 fastfat - ok
11:53:22.0966 4440 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:53:22.0982 4440 Fax - ok
11:53:22.0998 4440 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:53:23.0013 4440 fdc - ok
11:53:23.0044 4440 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:53:23.0060 4440 fdPHost - ok
11:53:23.0076 4440 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:53:23.0107 4440 FDResPub - ok
11:53:23.0122 4440 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:53:23.0138 4440 FileInfo - ok
11:53:23.0169 4440 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:53:23.0200 4440 Filetrace - ok
11:53:23.0216 4440 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:53:23.0216 4440 flpydisk - ok
11:53:23.0247 4440 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:53:23.0263 4440 FltMgr - ok
11:53:23.0294 4440 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:53:23.0310 4440 FontCache - ok
11:53:23.0356 4440 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:53:23.0372 4440 FontCache3.0.0.0 - ok
11:53:23.0388 4440 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:53:23.0403 4440 FsDepends - ok
11:53:23.0434 4440 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:53:23.0450 4440 Fs_Rec - ok
11:53:23.0497 4440 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:53:23.0512 4440 fvevol - ok
11:53:23.0528 4440 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:53:23.0544 4440 gagp30kx - ok
11:53:23.0575 4440 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:53:23.0575 4440 GEARAspiWDM - ok
11:53:23.0622 4440 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
11:53:23.0637 4440 ggflt - ok
11:53:23.0653 4440 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
11:53:23.0653 4440 ggsemc - ok
11:53:23.0700 4440 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:53:23.0715 4440 gpsvc - ok
11:53:23.0793 4440 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:53:23.0793 4440 gupdate - ok
11:53:23.0809 4440 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:53:23.0824 4440 gupdatem - ok
11:53:23.0856 4440 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:53:23.0856 4440 hcw85cir - ok
11:53:23.0902 4440 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:53:23.0918 4440 HdAudAddService - ok
11:53:23.0949 4440 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:53:23.0965 4440 HDAudBus - ok
11:53:23.0980 4440 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:53:23.0980 4440 HidBatt - ok
11:53:23.0996 4440 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:53:24.0012 4440 HidBth - ok
11:53:24.0027 4440 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:53:24.0043 4440 HidIr - ok
11:53:24.0058 4440 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:53:24.0090 4440 hidserv - ok
11:53:24.0152 4440 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:53:24.0152 4440 HidUsb - ok
11:53:24.0183 4440 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:53:24.0214 4440 hkmsvc - ok
11:53:24.0230 4440 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:53:24.0246 4440 HomeGroupListener - ok
11:53:24.0261 4440 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:53:24.0277 4440 HomeGroupProvider - ok
11:53:24.0308 4440 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:53:24.0324 4440 HpSAMD - ok
11:53:24.0355 4440 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:53:24.0386 4440 HTTP - ok
11:53:24.0402 4440 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:53:24.0417 4440 hwpolicy - ok
11:53:24.0448 4440 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:53:24.0448 4440 i8042prt - ok
11:53:24.0480 4440 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:53:24.0495 4440 iaStorV - ok
11:53:24.0542 4440 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:53:24.0558 4440 idsvc - ok
11:53:24.0651 4440 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20121218.001\IDSvia64.sys
11:53:24.0667 4440 IDSVia64 - ok
11:53:24.0698 4440 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:53:24.0698 4440 iirsp - ok
11:53:24.0776 4440 [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
11:53:24.0792 4440 IJPLMSVC - ok
11:53:24.0823 4440 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:53:24.0854 4440 IKEEXT - ok
11:53:24.0948 4440 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:53:24.0994 4440 IntcAzAudAddService - ok
11:53:25.0010 4440 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:53:25.0026 4440 intelide - ok
11:53:25.0057 4440 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:53:25.0072 4440 intelppm - ok
11:53:25.0104 4440 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:53:25.0119 4440 IPBusEnum - ok
11:53:25.0150 4440 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:53:25.0182 4440 IpFilterDriver - ok
11:53:25.0197 4440 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:53:25.0213 4440 iphlpsvc - ok
11:53:25.0244 4440 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:53:25.0244 4440 IPMIDRV - ok
11:53:25.0275 4440 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:53:25.0306 4440 IPNAT - ok
11:53:25.0384 4440 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:53:25.0400 4440 iPod Service - ok
11:53:25.0431 4440 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:53:25.0447 4440 IRENUM - ok
11:53:25.0462 4440 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:53:25.0462 4440 isapnp - ok
11:53:25.0494 4440 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:53:25.0509 4440 iScsiPrt - ok
11:53:25.0572 4440 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:53:25.0572 4440 kbdclass - ok
11:53:25.0618 4440 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:53:25.0634 4440 kbdhid - ok
11:53:25.0665 4440 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:53:25.0665 4440 KeyIso - ok
11:53:25.0712 4440 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:53:25.0712 4440 KSecDD - ok
11:53:25.0743 4440 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:53:25.0759 4440 KSecPkg - ok
11:53:25.0790 4440 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:53:25.0806 4440 ksthunk - ok
11:53:25.0837 4440 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:53:25.0868 4440 KtmRm - ok
11:53:25.0930 4440 [ B8E670D7EF61615FA03104552854FAC9 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
11:53:25.0930 4440 L1E - ok
11:53:25.0977 4440 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:53:25.0993 4440 LanmanServer - ok
11:53:26.0040 4440 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:53:26.0071 4440 LanmanWorkstation - ok
11:53:26.0102 4440 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:53:26.0133 4440 lltdio - ok
11:53:26.0149 4440 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:53:26.0180 4440 lltdsvc - ok
11:53:26.0196 4440 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:53:26.0227 4440 lmhosts - ok
11:53:26.0274 4440 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:53:26.0289 4440 LSI_FC - ok
11:53:26.0305 4440 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:53:26.0305 4440 LSI_SAS - ok
11:53:26.0320 4440 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:53:26.0336 4440 LSI_SAS2 - ok
11:53:26.0352 4440 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:53:26.0367 4440 LSI_SCSI - ok
11:53:26.0383 4440 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:53:26.0414 4440 luafv - ok
11:53:26.0445 4440 [ B285CB154E5DC2F52216836B883AC352 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:53:26.0461 4440 LVPr2M64 - ok
11:53:26.0508 4440 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
11:53:26.0523 4440 LVRS64 - ok
11:53:26.0617 4440 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
11:53:26.0679 4440 LVUVC64 - ok
11:53:26.0710 4440 [ B3B7C5F26F3F8C7992350B7EDE64F5C9 ] Magic Tune C:\Windows\system32\Drivers\MtiCtwl.sys
11:53:26.0726 4440 Magic Tune - ok
11:53:26.0773 4440 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:53:26.0773 4440 MBAMProtector - ok
11:53:26.0866 4440 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler F:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:53:26.0882 4440 MBAMScheduler - ok
11:53:26.0913 4440 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
11:53:26.0929 4440 MBAMService - ok
11:53:26.0976 4440 [ 4A9258B9597A31DB68EC9740F3A8A70B ] MCLIENT C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
11:53:26.0991 4440 MCLIENT - ok
11:53:27.0022 4440 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:53:27.0022 4440 Mcx2Svc - ok
11:53:27.0054 4440 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:53:27.0054 4440 megasas - ok
11:53:27.0100 4440 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:53:27.0116 4440 MegaSR - ok
11:53:27.0147 4440 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:53:27.0178 4440 MMCSS - ok
11:53:27.0194 4440 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:53:27.0210 4440 Modem - ok
11:53:27.0256 4440 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:53:27.0256 4440 monitor - ok
11:53:27.0303 4440 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:53:27.0319 4440 mouclass - ok
11:53:27.0334 4440 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:53:27.0334 4440 mouhid - ok
11:53:27.0366 4440 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:53:27.0366 4440 mountmgr - ok
11:53:27.0428 4440 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
11:53:27.0444 4440 MpFilter - ok
11:53:27.0459 4440 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:53:27.0475 4440 mpio - ok
11:53:27.0490 4440 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:53:27.0522 4440 mpsdrv - ok
11:53:27.0553 4440 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:53:27.0584 4440 MpsSvc - ok
11:53:27.0600 4440 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:53:27.0615 4440 MRxDAV - ok
11:53:27.0646 4440 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:53:27.0662 4440 mrxsmb - ok
11:53:27.0678 4440 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:53:27.0693 4440 mrxsmb10 - ok
11:53:27.0709 4440 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:53:27.0724 4440 mrxsmb20 - ok
11:53:27.0771 4440 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:53:27.0787 4440 msahci - ok
11:53:27.0834 4440 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:53:27.0834 4440 msdsm - ok
11:53:27.0849 4440 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:53:27.0865 4440 MSDTC - ok
11:53:27.0896 4440 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:53:27.0927 4440 Msfs - ok
11:53:27.0943 4440 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:53:27.0974 4440 mshidkmdf - ok
11:53:27.0990 4440 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:53:27.0990 4440 msisadrv - ok
11:53:28.0036 4440 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:53:28.0052 4440 MSiSCSI - ok
11:53:28.0068 4440 msiserver - ok
11:53:28.0083 4440 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:53:28.0114 4440 MSKSSRV - ok
11:53:28.0161 4440 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:53:28.0177 4440 MsMpSvc - ok
11:53:28.0192 4440 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:53:28.0208 4440 MSPCLOCK - ok
11:53:28.0224 4440 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:53:28.0255 4440 MSPQM - ok
11:53:28.0270 4440 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:53:28.0286 4440 MsRPC - ok
11:53:28.0317 4440 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:53:28.0333 4440 mssmbios - ok
11:53:28.0348 4440 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:53:28.0364 4440 MSTEE - ok
11:53:28.0380 4440 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:53:28.0395 4440 MTConfig - ok
11:53:28.0442 4440 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
11:53:28.0442 4440 MTsensor - ok
11:53:28.0458 4440 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:53:28.0473 4440 Mup - ok
11:53:28.0489 4440 [ 7E045AF28F71851AA5ECE8C78AEFCE46 ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
11:53:28.0504 4440 mv61xx - ok
11:53:28.0536 4440 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:53:28.0551 4440 napagent - ok
11:53:28.0598 4440 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:53:28.0598 4440 NativeWifiP - ok
11:53:28.0676 4440 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121218.020\ENG64.SYS
11:53:28.0676 4440 NAVENG - ok
11:53:28.0723 4440 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121218.020\EX64.SYS
11:53:28.0754 4440 NAVEX15 - ok
11:53:28.0785 4440 [ B3B7C5F26F3F8C7992350B7EDE64F5C9 ] NCPro C:\Windows\system32\drivers\MTictwl.sys
11:53:28.0785 4440 NCPro - ok
11:53:28.0848 4440 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:53:28.0863 4440 NDIS - ok
11:53:28.0894 4440 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:53:28.0910 4440 NdisCap - ok
11:53:28.0957 4440 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:53:28.0988 4440 NdisTapi - ok
11:53:29.0035 4440 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:53:29.0050 4440 Ndisuio - ok
11:53:29.0082 4440 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:53:29.0113 4440 NdisWan - ok
11:53:29.0144 4440 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:53:29.0160 4440 NDProxy - ok
11:53:29.0238 4440 [ 27FE4B70C12A2C67A58D799B9A4E8D81 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
11:53:29.0253 4440 Nero BackItUp Scheduler 4.0 - ok
11:53:29.0284 4440 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:53:29.0316 4440 NetBIOS - ok
11:53:29.0347 4440 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:53:29.0378 4440 NetBT - ok
11:53:29.0378 4440 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:53:29.0394 4440 Netlogon - ok
11:53:29.0440 4440 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:53:29.0472 4440 Netman - ok
11:53:29.0487 4440 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:53:29.0518 4440 netprofm - ok
11:53:29.0550 4440 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:53:29.0550 4440 NetTcpPortSharing - ok
11:53:29.0596 4440 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:53:29.0612 4440 nfrd960 - ok
11:53:29.0674 4440 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
11:53:29.0690 4440 NIS - ok
11:53:29.0721 4440 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:53:29.0737 4440 NisDrv - ok
11:53:29.0768 4440 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:53:29.0784 4440 NisSrv - ok
11:53:29.0830 4440 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:53:29.0830 4440 NlaSvc - ok
11:53:29.0846 4440 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:53:29.0877 4440 Npfs - ok
11:53:29.0893 4440 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:53:29.0924 4440 nsi - ok
11:53:29.0940 4440 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:53:29.0955 4440 nsiproxy - ok
11:53:30.0033 4440 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:53:30.0049 4440 Ntfs - ok
11:53:30.0064 4440 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:53:30.0096 4440 Null - ok
11:53:30.0142 4440 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
11:53:30.0158 4440 NVHDA - ok
11:53:30.0361 4440 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:53:30.0486 4440 nvlddmkm - ok
11:53:30.0517 4440 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:53:30.0532 4440 nvraid - ok
11:53:30.0579 4440 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:53:30.0595 4440 nvstor - ok
11:53:30.0626 4440 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
11:53:30.0642 4440 nvsvc - ok
11:53:30.0720 4440 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:53:30.0735 4440 nvUpdatusService - ok
11:53:30.0782 4440 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:53:30.0782 4440 nv_agp - ok
11:53:30.0860 4440 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:53:30.0876 4440 odserv - ok
11:53:30.0938 4440 [ 0182074B2B8915C8371EA5A006BAC44E ] ogmservice C:\Program Files (x86)\Online Games Manager\ogmservice.exe
11:53:30.0954 4440 ogmservice - ok
11:53:30.0969 4440 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:53:30.0985 4440 ohci1394 - ok
11:53:31.0016 4440 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:53:31.0032 4440 ose - ok
11:53:31.0063 4440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:53:31.0063 4440 p2pimsvc - ok
11:53:31.0110 4440 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:53:31.0125 4440 p2psvc - ok
11:53:31.0141 4440 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:53:31.0156 4440 Parport - ok
11:53:31.0172 4440 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:53:31.0188 4440 partmgr - ok
11:53:31.0203 4440 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:53:31.0219 4440 PcaSvc - ok
11:53:31.0234 4440 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:53:31.0234 4440 pci - ok
11:53:31.0266 4440 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:53:31.0266 4440 pciide - ok
11:53:31.0297 4440 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:53:31.0297 4440 pcmcia - ok
11:53:31.0312 4440 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:53:31.0328 4440 pcw - ok
11:53:31.0359 4440 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:53:31.0390 4440 PEAUTH - ok
11:53:31.0437 4440 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:53:31.0453 4440 PeerDistSvc - ok
11:53:31.0531 4440 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:53:31.0531 4440 PerfHost - ok
11:53:31.0578 4440 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:53:31.0624 4440 pla - ok
11:53:31.0671 4440 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
11:53:31.0671 4440 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
11:53:31.0671 4440 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
11:53:31.0702 4440 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:53:31.0718 4440 PlugPlay - ok
11:53:31.0749 4440 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:53:31.0749 4440 PNRPAutoReg - ok
11:53:31.0780 4440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:53:31.0796 4440 PNRPsvc - ok
11:53:31.0827 4440 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
11:53:31.0827 4440 Point64 - ok
11:53:31.0874 4440 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:53:31.0905 4440 PolicyAgent - ok
11:53:31.0936 4440 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:53:31.0968 4440 Power - ok
11:53:31.0999 4440 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:53:32.0030 4440 PptpMiniport - ok
11:53:32.0046 4440 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:53:32.0046 4440 Processor - ok
11:53:32.0108 4440 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:53:32.0108 4440 ProfSvc - ok
11:53:32.0124 4440 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:53:32.0139 4440 ProtectedStorage - ok
11:53:32.0186 4440 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:53:32.0202 4440 Psched - ok
11:53:32.0248 4440 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
11:53:32.0264 4440 PSI - ok
11:53:32.0295 4440 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:53:32.0311 4440 PSI_SVC_2 - ok
11:53:32.0373 4440 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:53:32.0404 4440 ql2300 - ok
11:53:32.0420 4440 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:53:32.0436 4440 ql40xx - ok
11:53:32.0467 4440 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:53:32.0482 4440 QWAVE - ok
11:53:32.0498 4440 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:53:32.0514 4440 QWAVEdrv - ok
11:53:32.0529 4440 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:53:32.0560 4440 RasAcd - ok
11:53:32.0592 4440 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:53:32.0623 4440 RasAgileVpn - ok
11:53:32.0623 4440 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:53:32.0654 4440 RasAuto - ok
11:53:32.0685 4440 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:53:32.0716 4440 Rasl2tp - ok
11:53:32.0748 4440 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:53:32.0779 4440 RasMan - ok
11:53:32.0794 4440 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:53:32.0826 4440 RasPppoe - ok
11:53:32.0872 4440 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:53:32.0904 4440 RasSstp - ok
11:53:32.0935 4440 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:53:32.0966 4440 rdbss - ok
11:53:32.0982 4440 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:53:32.0997 4440 rdpbus - ok
11:53:33.0013 4440 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:53:33.0028 4440 RDPCDD - ok
11:53:33.0075 4440 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:53:33.0075 4440 RDPDR - ok
11:53:33.0106 4440 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:53:33.0138 4440 RDPENCDD - ok
11:53:33.0138 4440 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:53:33.0169 4440 RDPREFMP - ok
11:53:33.0216 4440 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:53:33.0231 4440 RdpVideoMiniport - ok
11:53:33.0262 4440 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:53:33.0262 4440 RDPWD - ok
11:53:33.0294 4440 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:53:33.0309 4440 rdyboost - ok
11:53:33.0356 4440 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:53:33.0372 4440 RemoteAccess - ok
11:53:33.0418 4440 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:53:33.0450 4440 RemoteRegistry - ok
11:53:33.0465 4440 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:53:33.0496 4440 RpcEptMapper - ok
11:53:33.0528 4440 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:53:33.0528 4440 RpcLocator - ok
11:53:33.0559 4440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:53:33.0590 4440 RpcSs - ok
11:53:33.0621 4440 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:53:33.0652 4440 rspndr - ok
11:53:33.0699 4440 [ 301FBA4594FB5C0A469299A65106B4AA ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys
11:53:33.0699 4440 s1018bus - ok
11:53:33.0730 4440 [ D1D7C744F79710357E60FC04D125ED01 ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys
11:53:33.0730 4440 s1018mdfl - ok
11:53:33.0762 4440 [ 7DBE12CCCD837D4266B2DDD80A329C09 ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys
11:53:33.0777 4440 s1018mdm - ok
11:53:33.0808 4440 [ 065FF5E62D2D18A6D93FD925546CD549 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys
11:53:33.0808 4440 s1018mgmt - ok
11:53:33.0824 4440 [ 5101D815BDF0D667E3D5F0EA727CAAEE ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys
11:53:33.0840 4440 s1018nd5 - ok
11:53:33.0855 4440 [ 13F220C65B444AC9BDA49DACFC3230BB ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys
11:53:33.0855 4440 s1018obex - ok
11:53:33.0902 4440 [ CE7D8BCE80211D8A35F6BD7A87791860 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys
11:53:33.0902 4440 s1018unic - ok
11:53:33.0933 4440 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:53:33.0949 4440 s3cap - ok
11:53:33.0964 4440 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:53:33.0964 4440 SamSs - ok
11:53:34.0011 4440 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:53:34.0027 4440 sbp2port - ok
11:53:34.0058 4440 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:53:34.0089 4440 SCardSvr - ok
11:53:34.0105 4440 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:53:34.0136 4440 scfilter - ok
11:53:34.0167 4440 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:53:34.0198 4440 Schedule - ok
11:53:34.0245 4440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:53:34.0261 4440 SCPolicySvc - ok
11:53:34.0292 4440 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:53:34.0308 4440 SDRSVC - ok
11:53:34.0401 4440 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService F:\Programme\Spy\Spybot - Search & Destroy 2\SDFSSvc.exe
11:53:34.0417 4440 SDScannerService - ok
11:53:34.0469 4440 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService F:\Programme\Spy\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:53:34.0484 4440 SDUpdateService - ok
11:53:34.0500 4440 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService F:\Programme\Spy\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:53:34.0515 4440 SDWSCService - ok
11:53:34.0547 4440 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:53:34.0578 4440 secdrv - ok
11:53:34.0593 4440 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:53:34.0609 4440 seclogon - ok
11:53:34.0687 4440 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
11:53:34.0718 4440 Secunia PSI Agent - ok
11:53:34.0749 4440 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
11:53:34.0765 4440 Secunia Update Agent - ok
11:53:34.0812 4440 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
11:53:34.0827 4440 seehcri - ok
11:53:34.0859 4440 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:53:34.0874 4440 SENS - ok
11:53:34.0905 4440 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:53:34.0921 4440 SensrSvc - ok
11:53:34.0952 4440 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:53:34.0952 4440 Serenum - ok
11:53:34.0983 4440 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:53:34.0983 4440 Serial - ok
11:53:35.0015 4440 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:53:35.0030 4440 sermouse - ok
11:53:35.0061 4440 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:53:35.0077 4440 SessionEnv - ok
11:53:35.0108 4440 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:53:35.0124 4440 sffdisk - ok
11:53:35.0124 4440 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:53:35.0139 4440 sffp_mmc - ok
11:53:35.0155 4440 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:53:35.0155 4440 sffp_sd - ok
11:53:35.0186 4440 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:53:35.0186 4440 sfloppy - ok
11:53:35.0217 4440 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:53:35.0249 4440 SharedAccess - ok
11:53:35.0280 4440 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:53:35.0311 4440 ShellHWDetection - ok
11:53:35.0327 4440 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:53:35.0342 4440 SiSRaid2 - ok
11:53:35.0358 4440 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:53:35.0373 4440 SiSRaid4 - ok
11:53:35.0514 4440 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:53:35.0545 4440 Skype C2C Service - ok
11:53:35.0623 4440 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:53:35.0639 4440 SkypeUpdate - ok
11:53:35.0670 4440 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:53:35.0701 4440 Smb - ok
11:53:35.0748 4440 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:53:35.0748 4440 SNMPTRAP - ok
11:53:35.0841 4440 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
11:53:35.0841 4440 Sony PC Companion - ok
11:53:35.0857 4440 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:53:35.0873 4440 spldr - ok
11:53:35.0919 4440 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:53:35.0935 4440 Spooler - ok
11:53:36.0013 4440 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:53:36.0060 4440 sppsvc - ok
11:53:36.0091 4440 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:53:36.0122 4440 sppuinotify - ok
11:53:36.0216 4440 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS
11:53:36.0231 4440 SRTSP - ok
11:53:36.0263 4440 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS
11:53:36.0278 4440 SRTSPX - ok
11:53:36.0309 4440 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:53:36.0325 4440 srv - ok
11:53:36.0341 4440 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:53:36.0356 4440 srv2 - ok
11:53:36.0372 4440 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:53:36.0372 4440 srvnet - ok
11:53:36.0403 4440 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:53:36.0434 4440 SSDPSRV - ok
11:53:36.0450 4440 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:53:36.0481 4440 SstpSvc - ok
11:53:36.0559 4440 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:53:36.0559 4440 Stereo Service - ok
11:53:36.0590 4440 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:53:36.0590 4440 stexstor - ok
11:53:36.0637 4440 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:53:36.0668 4440 stisvc - ok
11:53:36.0684 4440 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:53:36.0699 4440 storflt - ok
11:53:36.0715 4440 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:53:36.0731 4440 storvsc - ok
11:53:36.0746 4440 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:53:36.0762 4440 swenum - ok
11:53:36.0793 4440 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:53:36.0840 4440 swprv - ok
11:53:36.0887 4440 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS
11:53:36.0902 4440 SymDS - ok
11:53:36.0933 4440 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS
11:53:36.0949 4440 SymEFA - ok
11:53:36.0996 4440 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:53:36.0996 4440 SymEvent - ok
11:53:37.0027 4440 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS
11:53:37.0043 4440 SymIRON - ok
11:53:37.0074 4440 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS
11:53:37.0074 4440 SymNetS - ok
11:53:37.0105 4440 Synth3dVsc - ok
11:53:37.0152 4440 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:53:37.0183 4440 SysMain - ok
11:53:37.0199 4440 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:53:37.0214 4440 TabletInputService - ok
11:53:37.0230 4440 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:53:37.0261 4440 TapiSrv - ok
11:53:37.0292 4440 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:53:37.0323 4440 TBS - ok
11:53:37.0370 4440 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:53:37.0401 4440 Tcpip - ok
11:53:37.0448 4440 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:53:37.0479 4440 TCPIP6 - ok
11:53:37.0511 4440 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:53:37.0527 4440 tcpipreg - ok
11:53:37.0558 4440 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:53:37.0574 4440 TDPIPE - ok
11:53:37.0605 4440 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:53:37.0621 4440 TDTCP - ok
11:53:37.0636 4440 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:53:37.0668 4440 tdx - ok
11:53:37.0699 4440 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:53:37.0714 4440 TermDD - ok
11:53:37.0746 4440 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:53:37.0777 4440 TermService - ok
11:53:37.0792 4440 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:53:37.0808 4440 Themes - ok
11:53:37.0839 4440 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:53:37.0870 4440 THREADORDER - ok
11:53:37.0886 4440 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:53:37.0917 4440 TrkWks - ok
11:53:37.0964 4440 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:53:37.0980 4440 TrustedInstaller - ok
11:53:38.0042 4440 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:53:38.0073 4440 tssecsrv - ok
11:53:38.0104 4440 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:53:38.0120 4440 TsUsbFlt - ok
11:53:38.0120 4440 tsusbhub - ok
11:53:38.0151 4440 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:53:38.0182 4440 tunnel - ok
11:53:38.0214 4440 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:53:38.0214 4440 uagp35 - ok
11:53:38.0245 4440 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:53:38.0276 4440 udfs - ok
11:53:38.0307 4440 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:53:38.0323 4440 UI0Detect - ok
11:53:38.0354 4440 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:53:38.0370 4440 uliagpkx - ok
11:53:38.0401 4440 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:53:38.0401 4440 umbus - ok
11:53:38.0416 4440 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:53:38.0432 4440 UmPass - ok
11:53:38.0463 4440 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:53:38.0479 4440 UmRdpService - ok
11:53:38.0572 4440 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
11:53:38.0588 4440 UMVPFSrv - ok
11:53:38.0619 4440 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:53:38.0650 4440 upnphost - ok
11:53:38.0682 4440 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:53:38.0697 4440 usbaudio - ok
11:53:38.0728 4440 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:53:38.0744 4440 usbccgp - ok
11:53:38.0775 4440 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:53:38.0791 4440 usbcir - ok
11:53:38.0806 4440 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:53:38.0806 4440 usbehci - ok
11:53:38.0838 4440 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:53:38.0853 4440 usbhub - ok
11:53:38.0869 4440 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:53:38.0884 4440 usbohci - ok
11:53:38.0900 4440 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:53:38.0916 4440 usbprint - ok
11:53:38.0947 4440 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:53:38.0962 4440 usbscan - ok
11:53:38.0994 4440 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:53:38.0994 4440 USBSTOR - ok
11:53:39.0009 4440 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:53:39.0025 4440 usbuhci - ok
11:53:39.0072 4440 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:53:39.0087 4440 usbvideo - ok
11:53:39.0118 4440 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:53:39.0150 4440 UxSms - ok
11:53:39.0165 4440 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:53:39.0165 4440 VaultSvc - ok
11:53:39.0212 4440 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:53:39.0212 4440 vdrvroot - ok
11:53:39.0259 4440 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:53:39.0290 4440 vds - ok
11:53:39.0306 4440 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:53:39.0321 4440 vga - ok
11:53:39.0352 4440 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:53:39.0384 4440 VgaSave - ok
11:53:39.0384 4440 VGPU - ok
11:53:39.0399 4440 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:53:39.0415 4440 vhdmp - ok
11:53:39.0446 4440 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:53:39.0462 4440 viaide - ok
11:53:39.0477 4440 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:53:39.0493 4440 vmbus - ok
11:53:39.0508 4440 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:53:39.0508 4440 VMBusHID - ok
11:53:39.0540 4440 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:53:39.0540 4440 volmgr - ok
11:53:39.0586 4440 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:53:39.0602 4440 volmgrx - ok
11:53:39.0618 4440 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:53:39.0633 4440 volsnap - ok
11:53:39.0649 4440 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:53:39.0664 4440 vsmraid - ok
11:53:39.0711 4440 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:53:39.0758 4440 VSS - ok
11:53:39.0758 4440 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:53:39.0774 4440 vwifibus - ok
11:53:39.0805 4440 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:53:39.0836 4440 W32Time - ok
11:53:39.0867 4440 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:53:39.0867 4440 WacomPen - ok
11:53:39.0914 4440 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:53:39.0945 4440 WANARP - ok
11:53:39.0945 4440 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:53:39.0976 4440 Wanarpv6 - ok
11:53:40.0023 4440 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:53:40.0054 4440 WatAdminSvc - ok
11:53:40.0101 4440 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:53:40.0132 4440 wbengine - ok
11:53:40.0164 4440 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:53:40.0179 4440 WbioSrvc - ok
11:53:40.0210 4440 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:53:40.0226 4440 wcncsvc - ok
11:53:40.0242 4440 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:53:40.0257 4440 WcsPlugInService - ok
11:53:40.0273 4440 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:53:40.0288 4440 Wd - ok
11:53:40.0335 4440 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:53:40.0351 4440 Wdf01000 - ok
11:53:40.0366 4440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:53:40.0382 4440 WdiServiceHost - ok
11:53:40.0382 4440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:53:40.0398 4440 WdiSystemHost - ok
11:53:40.0429 4440 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:53:40.0444 4440 WebClient - ok
11:53:40.0476 4440 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:53:40.0491 4440 Wecsvc - ok
11:53:40.0522 4440 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:53:40.0538 4440 wercplsupport - ok
11:53:40.0569 4440 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:53:40.0600 4440 WerSvc - ok
11:53:40.0647 4440 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:53:40.0678 4440 WfpLwf - ok
11:53:40.0694 4440 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:53:40.0694 4440 WIMMount - ok
11:53:40.0725 4440 WinDefend - ok
11:53:40.0741 4440 WinHttpAutoProxySvc - ok
11:53:40.0788 4440 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:53:40.0803 4440 Winmgmt - ok
11:53:40.0866 4440 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:53:40.0912 4440 WinRM - ok
11:53:40.0975 4440 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:53:40.0990 4440 WinUsb - ok
11:53:41.0037 4440 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:53:41.0053 4440 Wlansvc - ok
11:53:41.0178 4440 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:53:41.0209 4440 wlidsvc - ok
11:53:41.0240 4440 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:53:41.0240 4440 WmiAcpi - ok
11:53:41.0271 4440 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:53:41.0271 4440 wmiApSrv - ok
11:53:41.0302 4440 WMPNetworkSvc - ok
11:53:41.0334 4440 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:53:41.0334 4440 WPCSvc - ok
11:53:41.0380 4440 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:53:41.0380 4440 WPDBusEnum - ok
11:53:41.0412 4440 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:53:41.0443 4440 ws2ifsl - ok
11:53:41.0458 4440 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:53:41.0474 4440 wscsvc - ok
11:53:41.0490 4440 WSearch - ok
11:53:41.0552 4440 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:53:41.0599 4440 wuauserv - ok
11:53:41.0614 4440 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:53:41.0630 4440 WudfPf - ok
11:53:41.0677 4440 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:53:41.0692 4440 WUDFRd - ok
11:53:41.0724 4440 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:53:41.0739 4440 wudfsvc - ok
11:53:41.0755 4440 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:53:41.0770 4440 WwanSvc - ok
11:53:41.0786 4440 ================ Scan global ===============================
11:53:41.0817 4440 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:53:41.0848 4440 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:53:41.0848 4440 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:53:41.0880 4440 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:53:41.0911 4440 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:53:41.0911 4440 [Global] - ok
11:53:41.0911 4440 ================ Scan MBR ==================================
11:53:41.0926 4440 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:53:41.0989 4440 \Device\Harddisk0\DR0 - ok
11:53:41.0989 4440 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
11:53:42.0036 4440 \Device\Harddisk1\DR1 - ok
11:53:42.0051 4440 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
11:53:42.0114 4440 \Device\Harddisk2\DR2 - ok
11:53:42.0114 4440 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
11:53:42.0363 4440 \Device\Harddisk3\DR3 - ok
11:53:42.0363 4440 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
11:53:42.0472 4440 \Device\Harddisk4\DR4 - ok
11:53:42.0472 4440 ================ Scan VBR ==================================
11:53:42.0488 4440 [ 3BAF8004BF7D5C3C6F48AA41A406A2AD ] \Device\Harddisk0\DR0\Partition1
11:53:42.0488 4440 \Device\Harddisk0\DR0\Partition1 - ok
11:53:42.0504 4440 [ 1A0872D7495D33D658EE55D490759F1E ] \Device\Harddisk1\DR1\Partition1
11:53:42.0504 4440 \Device\Harddisk1\DR1\Partition1 - ok
11:53:42.0535 4440 [ 01BDA8CFB1C6CFCCE35F1B50EB727DA2 ] \Device\Harddisk2\DR2\Partition1
11:53:42.0535 4440 \Device\Harddisk2\DR2\Partition1 - ok
11:53:42.0535 4440 [ 972C9F725639FC9C3F23BB07494B79F2 ] \Device\Harddisk3\DR3\Partition1
11:53:42.0535 4440 \Device\Harddisk3\DR3\Partition1 - ok
11:53:42.0550 4440 [ 66AE0DF7852FA19888B7F0B2E36AF2B4 ] \Device\Harddisk3\DR3\Partition2
11:53:42.0550 4440 \Device\Harddisk3\DR3\Partition2 - ok
11:53:42.0566 4440 [ 0C06FF11F7B8D168D86A2B5A098D9928 ] \Device\Harddisk4\DR4\Partition1
11:53:42.0566 4440 \Device\Harddisk4\DR4\Partition1 - ok
11:53:42.0566 4440 [ 9FE992A9A2CE576553865EC7B68A780E ] \Device\Harddisk4\DR4\Partition2
11:53:42.0566 4440 \Device\Harddisk4\DR4\Partition2 - ok
11:53:42.0566 4440 ============================================================
11:53:42.0566 4440 Scan finished
11:53:42.0566 4440 ============================================================
11:53:42.0582 5792 Detected object count: 1
11:53:42.0582 5792 Actual detected object count: 1
11:54:36.0867 5792 C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe - copied to quarantine
11:54:36.0883 5792 HKLM\SYSTEM\ControlSet001\services\PLFlash DeviceIoControl Service - will be deleted on reboot
11:54:36.0914 5792 HKLM\SYSTEM\ControlSet002\services\PLFlash DeviceIoControl Service - will be deleted on reboot
11:54:37.0070 5792 C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe - will be deleted on reboot
11:54:37.0070 5792 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Delete
11:55:38.0628 2732 Deinitialize success

Alt 19.12.2012, 16:39   #11
Laschmunzel
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



15:54:52.0648 3588 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:54:52.0664 3588 ============================================================
15:54:52.0664 3588 Current date / time: 2012/12/19 15:54:52.0664
15:54:52.0664 3588 SystemInfo:
15:54:52.0664 3588
15:54:52.0664 3588 OS Version: 6.1.7601 ServicePack: 1.0
15:54:52.0664 3588 Product type: Workstation
15:54:52.0664 3588 ComputerName: xxx
15:54:52.0664 3588 UserName: xxx
15:54:52.0664 3588 Windows directory: C:\Windows
15:54:52.0664 3588 System windows directory: C:\Windows
15:54:52.0664 3588 Running under WOW64
15:54:52.0664 3588 Processor architecture: Intel x64
15:54:52.0664 3588 Number of processors: 2
15:54:52.0664 3588 Page size: 0x1000
15:54:52.0664 3588 Boot type: Normal boot
15:54:52.0664 3588 ============================================================
15:55:14.0759 3588 BG loaded
15:55:15.0024 3588 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:15.0024 3588 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:15.0024 3588 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:15.0040 3588 Drive \Device\Harddisk3\DR3 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x47B84, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
15:55:15.0071 3588 Drive \Device\Harddisk5\DR5 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:55:15.0102 3588 ============================================================
15:55:15.0102 3588 \Device\Harddisk0\DR0:
15:55:15.0102 3588 MBR partitions:
15:55:15.0102 3588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
15:55:15.0102 3588 \Device\Harddisk1\DR1:
15:55:15.0102 3588 MBR partitions:
15:55:15.0102 3588 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
15:55:15.0102 3588 \Device\Harddisk2\DR2:
15:55:15.0102 3588 MBR partitions:
15:55:15.0102 3588 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
15:55:15.0102 3588 \Device\Harddisk3\DR3:
15:55:15.0102 3588 MBR partitions:
15:55:15.0102 3588 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:55:15.0102 3588 \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
15:55:15.0102 3588 \Device\Harddisk5\DR5:
15:55:15.0118 3588 MBR partitions:
15:55:15.0118 3588 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x3E80000
15:55:15.0118 3588 \Device\Harddisk5\DR5\Partition2: MBR, Type 0x7, StartLBA 0x3E80800, BlocksNum 0x215AD000
15:55:15.0118 3588 ============================================================
15:55:15.0227 3588 C: <-> \Device\Harddisk3\DR3\Partition2
15:55:15.0243 3588 F: <-> \Device\Harddisk2\DR2\Partition1
15:55:15.0258 3588 H: <-> \Device\Harddisk0\DR0\Partition1
15:55:15.0726 3588 G: <-> \Device\Harddisk1\DR1\Partition1
15:55:15.0726 3588 I: <-> \Device\Harddisk5\DR5\Partition1
15:55:15.0773 3588 J: <-> \Device\Harddisk5\DR5\Partition2
15:55:15.0773 3588 ============================================================
15:55:15.0773 3588 Initialize success
15:55:15.0773 3588 ============================================================
15:56:04.0867 4580 ============================================================
15:56:04.0867 4580 Scan started
15:56:04.0867 4580 Mode: Manual; SigCheck; TDLFS;
15:56:04.0867 4580 ============================================================
15:56:06.0536 4580 ================ Scan system memory ========================
15:56:06.0536 4580 System memory - ok
15:56:06.0536 4580 ================ Scan services =============================
15:56:07.0612 4580 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:56:07.0862 4580 1394ohci - ok
15:56:08.0283 4580 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
15:56:08.0345 4580 a2acc - ok
15:56:09.0219 4580 [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
15:56:09.0266 4580 a2AntiMalware - ok
15:56:09.0375 4580 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
15:56:09.0375 4580 A2DDA - ok
15:56:09.0578 4580 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:56:09.0578 4580 ACPI - ok
15:56:09.0718 4580 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:56:10.0467 4580 AcpiPmi - ok
15:56:10.0654 4580 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:10.0670 4580 AdobeARMservice - ok
15:56:11.0980 4580 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:56:11.0996 4580 AdobeFlashPlayerUpdateSvc - ok
15:56:12.0230 4580 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:56:12.0261 4580 adp94xx - ok
15:56:12.0433 4580 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:56:12.0464 4580 adpahci - ok
15:56:12.0526 4580 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:56:12.0542 4580 adpu320 - ok
15:56:12.0604 4580 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:56:14.0117 4580 AeLookupSvc - ok
15:56:14.0305 4580 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:56:14.0398 4580 AFD - ok
15:56:14.0554 4580 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:56:14.0554 4580 agp440 - ok
15:56:14.0617 4580 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:56:14.0882 4580 ALG - ok
15:56:14.0929 4580 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:56:14.0944 4580 aliide - ok
15:56:15.0038 4580 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:56:15.0053 4580 amdide - ok
15:56:15.0116 4580 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:56:15.0443 4580 AmdK8 - ok
15:56:15.0475 4580 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:56:15.0568 4580 AmdPPM - ok
15:56:15.0631 4580 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:56:15.0677 4580 amdsata - ok
15:56:15.0787 4580 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:56:15.0818 4580 amdsbs - ok
15:56:15.0833 4580 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:56:15.0849 4580 amdxata - ok
15:56:16.0052 4580 [ C710B5D634DCCF966661939193175DE4 ] AntUpdaterService C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
15:56:16.0052 4580 AntUpdaterService - ok
15:56:16.0161 4580 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:56:17.0815 4580 AppID - ok
15:56:17.0846 4580 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:56:17.0971 4580 AppIDSvc - ok
15:56:18.0049 4580 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:56:18.0173 4580 Appinfo - ok
15:56:18.0345 4580 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:56:18.0361 4580 Apple Mobile Device - ok
15:56:18.0439 4580 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:56:18.0579 4580 AppMgmt - ok
15:56:18.0673 4580 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:56:18.0688 4580 arc - ok
15:56:18.0751 4580 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:56:18.0766 4580 arcsas - ok
15:56:18.0860 4580 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:18.0953 4580 AsyncMac - ok
15:56:18.0985 4580 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:56:18.0985 4580 atapi - ok
15:56:19.0141 4580 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:56:19.0219 4580 AudioEndpointBuilder - ok
15:56:19.0359 4580 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:56:19.0390 4580 AudioSrv - ok
15:56:19.0515 4580 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:56:19.0655 4580 AxInstSV - ok
15:56:19.0858 4580 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:56:19.0921 4580 b06bdrv - ok
15:56:20.0045 4580 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:56:20.0092 4580 b57nd60a - ok
15:56:20.0186 4580 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:56:20.0264 4580 BDESVC - ok
15:56:20.0373 4580 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:56:20.0435 4580 Beep - ok
15:56:20.0654 4580 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:56:20.0732 4580 BFE - ok
15:56:21.0356 4580 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
15:56:21.0371 4580 BHDrvx64 - ok
15:56:21.0574 4580 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:56:21.0652 4580 BITS - ok
15:56:21.0668 4580 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:56:21.0746 4580 blbdrive - ok
15:56:21.0902 4580 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:56:21.0917 4580 Bonjour Service - ok
15:56:21.0995 4580 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:56:22.0089 4580 bowser - ok
15:56:22.0105 4580 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:56:22.0682 4580 BrFiltLo - ok
15:56:22.0729 4580 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:56:22.0838 4580 BrFiltUp - ok
15:56:22.0853 4580 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:56:22.0931 4580 Browser - ok
15:56:22.0963 4580 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:56:23.0119 4580 Brserid - ok
15:56:23.0134 4580 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:56:23.0212 4580 BrSerWdm - ok
15:56:23.0228 4580 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:56:23.0275 4580 BrUsbMdm - ok
15:56:23.0290 4580 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:56:23.0384 4580 BrUsbSer - ok
15:56:23.0431 4580 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:56:23.0493 4580 BTHMODEM - ok
15:56:23.0509 4580 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:56:23.0587 4580 bthserv - ok
15:56:23.0727 4580 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_MCLIENT C:\Windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys
15:56:23.0743 4580 ccSet_MCLIENT - ok
15:56:23.0899 4580 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys
15:56:23.0914 4580 ccSet_NIS - ok
15:56:24.0008 4580 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:56:24.0086 4580 cdfs - ok
15:56:24.0179 4580 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:56:24.0211 4580 cdrom - ok
15:56:24.0320 4580 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:56:24.0382 4580 CertPropSvc - ok
15:56:24.0429 4580 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:56:24.0491 4580 circlass - ok
15:56:24.0601 4580 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:56:24.0632 4580 CLFS - ok
15:56:24.0789 4580 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:24.0898 4580 clr_optimization_v2.0.50727_32 - ok
15:56:25.0179 4580 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:56:25.0210 4580 clr_optimization_v2.0.50727_64 - ok
15:56:25.0475 4580 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:25.0584 4580 clr_optimization_v4.0.30319_32 - ok
15:56:25.0725 4580 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:56:25.0725 4580 clr_optimization_v4.0.30319_64 - ok
15:56:25.0803 4580 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:56:25.0881 4580 CmBatt - ok
15:56:25.0928 4580 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:56:25.0943 4580 cmdide - ok
15:56:26.0084 4580 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:56:26.0115 4580 CNG - ok
15:56:26.0130 4580 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:56:26.0162 4580 Compbatt - ok
15:56:26.0224 4580 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:56:26.0286 4580 CompositeBus - ok
15:56:26.0302 4580 COMSysApp - ok
15:56:26.0333 4580 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:56:26.0364 4580 crcdisk - ok
15:56:26.0489 4580 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:56:26.0583 4580 CryptSvc - ok
15:56:26.0708 4580 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:56:26.0786 4580 CSC - ok
15:56:26.0957 4580 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:56:27.0035 4580 CscService - ok
15:56:27.0144 4580 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
15:56:27.0160 4580 dc3d - ok
15:56:27.0332 4580 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:56:27.0410 4580 DcomLaunch - ok
15:56:27.0488 4580 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:56:27.0550 4580 defragsvc - ok
15:56:27.0612 4580 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:56:27.0675 4580 DfsC - ok
15:56:27.0815 4580 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:56:27.0924 4580 Dhcp - ok
15:56:27.0940 4580 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:56:28.0018 4580 discache - ok
15:56:28.0096 4580 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:56:28.0112 4580 Disk - ok
15:56:28.0190 4580 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:56:28.0283 4580 Dnscache - ok
15:56:28.0377 4580 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:56:28.0455 4580 dot3svc - ok
15:56:28.0517 4580 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:56:28.0611 4580 DPS - ok
15:56:28.0689 4580 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:56:28.0767 4580 drmkaud - ok
15:56:29.0016 4580 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:56:29.0032 4580 DXGKrnl - ok
15:56:29.0079 4580 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:56:29.0172 4580 EapHost - ok
15:56:29.0874 4580 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:56:29.0968 4580 ebdrv - ok
15:56:30.0140 4580 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:56:30.0155 4580 eeCtrl - ok
15:56:30.0171 4580 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:56:30.0264 4580 EFS - ok
15:56:30.0467 4580 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:56:30.0686 4580 ehRecvr - ok
15:56:30.0748 4580 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:56:30.0966 4580 ehSched - ok
15:56:31.0138 4580 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:56:31.0216 4580 elxstor - ok
15:56:31.0278 4580 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:56:31.0294 4580 EraserUtilRebootDrv - ok
15:56:31.0372 4580 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:56:31.0481 4580 ErrDev - ok
15:56:31.0653 4580 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:56:31.0700 4580 EventSystem - ok
15:56:31.0715 4580 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:56:31.0762 4580 exfat - ok
15:56:31.0809 4580 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:56:31.0887 4580 fastfat - ok
15:56:32.0074 4580 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:56:32.0168 4580 Fax - ok
15:56:32.0199 4580 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:56:32.0261 4580 fdc - ok
15:56:32.0324 4580 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:56:32.0370 4580 fdPHost - ok
15:56:32.0402 4580 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:56:32.0495 4580 FDResPub - ok
15:56:32.0542 4580 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:56:32.0558 4580 FileInfo - ok
15:56:32.0589 4580 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:56:32.0667 4580 Filetrace - ok
15:56:32.0698 4580 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:56:32.0760 4580 flpydisk - ok
15:56:32.0885 4580 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:56:32.0901 4580 FltMgr - ok
15:56:33.0119 4580 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:56:33.0213 4580 FontCache - ok
15:56:33.0306 4580 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:56:33.0322 4580 FontCache3.0.0.0 - ok
15:56:33.0369 4580 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:56:33.0400 4580 FsDepends - ok
15:56:33.0462 4580 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:56:33.0478 4580 Fs_Rec - ok
15:56:33.0634 4580 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:56:33.0665 4580 fvevol - ok
15:56:33.0743 4580 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:56:33.0759 4580 gagp30kx - ok
15:56:33.0806 4580 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:56:33.0806 4580 GEARAspiWDM - ok
15:56:33.0899 4580 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
15:56:33.0915 4580 ggflt - ok
15:56:33.0930 4580 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
15:56:33.0962 4580 ggsemc - ok
15:56:34.0133 4580 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:56:34.0211 4580 gpsvc - ok
15:56:34.0414 4580 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:56:34.0414 4580 gupdate - ok
15:56:34.0430 4580 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:56:34.0430 4580 gupdatem - ok
15:56:34.0461 4580 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:56:34.0554 4580 hcw85cir - ok
15:56:34.0710 4580 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:56:34.0757 4580 HdAudAddService - ok
15:56:34.0851 4580 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:56:34.0882 4580 HDAudBus - ok
15:56:34.0898 4580 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:56:34.0944 4580 HidBatt - ok
15:56:34.0960 4580 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:56:35.0007 4580 HidBth - ok
15:56:35.0022 4580 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:56:35.0069 4580 HidIr - ok
15:56:35.0085 4580 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:56:35.0178 4580 hidserv - ok
15:56:35.0334 4580 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:56:35.0366 4580 HidUsb - ok
15:56:35.0412 4580 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:56:35.0490 4580 hkmsvc - ok
15:56:35.0537 4580 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:56:35.0615 4580 HomeGroupListener - ok
15:56:35.0662 4580 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:56:35.0678 4580 HomeGroupProvider - ok
15:56:35.0756 4580 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:56:35.0787 4580 HpSAMD - ok
15:56:35.0943 4580 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:56:35.0990 4580 HTTP - ok
15:56:36.0021 4580 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:56:36.0021 4580 hwpolicy - ok
15:56:36.0130 4580 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:56:36.0146 4580 i8042prt - ok
15:56:36.0192 4580 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:56:36.0224 4580 iaStorV - ok
15:56:36.0458 4580 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:56:36.0473 4580 idsvc - ok
15:56:36.0707 4580 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20121218.001\IDSvia64.sys
15:56:36.0723 4580 IDSVia64 - ok
15:56:36.0770 4580 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:56:36.0801 4580 iirsp - ok
15:56:36.0926 4580 [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
15:56:36.0926 4580 IJPLMSVC - ok
15:56:37.0160 4580 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:56:37.0222 4580 IKEEXT - ok
15:56:37.0830 4580 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:56:37.0877 4580 IntcAzAudAddService - ok
15:56:37.0908 4580 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:56:37.0908 4580 intelide - ok
15:56:37.0986 4580 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:56:38.0049 4580 intelppm - ok
15:56:38.0096 4580 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:56:38.0158 4580 IPBusEnum - ok
15:56:38.0189 4580 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:56:38.0267 4580 IpFilterDriver - ok
15:56:38.0392 4580 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:56:38.0501 4580 iphlpsvc - ok
15:56:38.0532 4580 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:56:38.0579 4580 IPMIDRV - ok
15:56:38.0626 4580 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:56:38.0704 4580 IPNAT - ok
15:56:38.0985 4580 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:56:39.0000 4580 iPod Service - ok
15:56:39.0032 4580 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:56:39.0531 4580 IRENUM - ok
15:56:39.0546 4580 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:56:39.0562 4580 isapnp - ok
15:56:39.0656 4580 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:56:39.0671 4580 iScsiPrt - ok
15:56:39.0702 4580 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:56:39.0718 4580 kbdclass - ok
15:56:39.0765 4580 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:56:39.0812 4580 kbdhid - ok
15:56:39.0843 4580 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:56:39.0858 4580 KeyIso - ok
15:56:39.0905 4580 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:56:39.0921 4580 KSecDD - ok
15:56:39.0983 4580 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:56:40.0014 4580 KSecPkg - ok
15:56:40.0030 4580 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:56:40.0092 4580 ksthunk - ok
15:56:40.0124 4580 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:56:40.0186 4580 KtmRm - ok
15:56:40.0248 4580 [ B8E670D7EF61615FA03104552854FAC9 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
15:56:40.0326 4580 L1E - ok
15:56:40.0436 4580 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:56:40.0514 4580 LanmanServer - ok
15:56:40.0592 4580 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:56:40.0623 4580 LanmanWorkstation - ok
15:56:40.0701 4580 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:56:40.0748 4580 lltdio - ok
15:56:40.0857 4580 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:56:40.0935 4580 lltdsvc - ok
15:56:40.0966 4580 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:56:40.0997 4580 lmhosts - ok
15:56:41.0044 4580 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:56:41.0075 4580 LSI_FC - ok
15:56:41.0106 4580 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:56:41.0122 4580 LSI_SAS - ok
15:56:41.0153 4580 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:56:41.0184 4580 LSI_SAS2 - ok
15:56:41.0216 4580 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:56:41.0231 4580 LSI_SCSI - ok
15:56:41.0294 4580 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:56:41.0340 4580 luafv - ok
15:56:41.0434 4580 [ B285CB154E5DC2F52216836B883AC352 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:56:41.0481 4580 LVPr2M64 - ok
15:56:41.0840 4580 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
15:56:41.0855 4580 LVRS64 - ok
15:56:42.0869 4580 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
15:56:42.0916 4580 LVUVC64 - ok
15:56:42.0978 4580 [ B3B7C5F26F3F8C7992350B7EDE64F5C9 ] Magic Tune C:\Windows\system32\Drivers\MtiCtwl.sys
15:56:42.0978 4580 Magic Tune - ok
15:56:43.0103 4580 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:56:43.0103 4580 MBAMProtector - ok
15:56:43.0244 4580 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler F:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:56:43.0259 4580 MBAMScheduler - ok
15:56:43.0306 4580 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
15:56:43.0322 4580 MBAMService - ok
15:56:43.0431 4580 [ 4A9258B9597A31DB68EC9740F3A8A70B ] MCLIENT C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
15:56:43.0446 4580 MCLIENT - ok
15:56:43.0478 4580 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:56:43.0524 4580 Mcx2Svc - ok
15:56:43.0540 4580 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:56:43.0556 4580 megasas - ok
15:56:43.0665 4580 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:56:43.0680 4580 MegaSR - ok
15:56:43.0712 4580 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:56:43.0914 4580 MMCSS - ok
15:56:43.0930 4580 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:56:44.0055 4580 Modem - ok
15:56:44.0117 4580 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:56:44.0148 4580 monitor - ok
15:56:44.0211 4580 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:56:44.0226 4580 mouclass - ok
15:56:44.0273 4580 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:56:44.0320 4580 mouhid - ok
15:56:44.0367 4580 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:56:44.0382 4580 mountmgr - ok
15:56:44.0476 4580 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:56:44.0476 4580 MpFilter - ok
15:56:44.0554 4580 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:56:44.0585 4580 mpio - ok
15:56:44.0616 4580 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:56:44.0679 4580 mpsdrv - ok
15:56:44.0897 4580 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:56:44.0960 4580 MpsSvc - ok
15:56:45.0069 4580 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:56:45.0178 4580 MRxDAV - ok
15:56:45.0225 4580 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:56:45.0381 4580 mrxsmb - ok
15:56:45.0474 4580 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:56:45.0521 4580 mrxsmb10 - ok
15:56:45.0584 4580 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:56:45.0646 4580 mrxsmb20 - ok
15:56:45.0708 4580 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:56:45.0818 4580 msahci - ok
15:56:45.0864 4580 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:56:45.0880 4580 msdsm - ok
15:56:45.0911 4580 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:56:45.0989 4580 MSDTC - ok
15:56:46.0052 4580 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:56:46.0098 4580 Msfs - ok
15:56:46.0161 4580 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:56:46.0317 4580 mshidkmdf - ok
15:56:46.0426 4580 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:56:46.0426 4580 msisadrv - ok
15:56:46.0473 4580 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:56:46.0535 4580 MSiSCSI - ok
15:56:46.0551 4580 msiserver - ok
15:56:46.0613 4580 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:56:46.0691 4580 MSKSSRV - ok
15:56:46.0816 4580 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:56:46.0816 4580 MsMpSvc - ok
15:56:46.0863 4580 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:56:46.0925 4580 MSPCLOCK - ok
15:56:46.0956 4580 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:56:47.0066 4580 MSPQM - ok
15:56:47.0097 4580 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:56:47.0112 4580 MsRPC - ok
15:56:47.0144 4580 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:56:47.0144 4580 mssmbios - ok
15:56:47.0222 4580 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:56:47.0268 4580 MSTEE - ok
15:56:47.0268 4580 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:56:47.0346 4580 MTConfig - ok
15:56:47.0456 4580 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
15:56:47.0518 4580 MTsensor - ok
15:56:47.0565 4580 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:56:47.0596 4580 Mup - ok
15:56:47.0643 4580 [ 7E045AF28F71851AA5ECE8C78AEFCE46 ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
15:56:47.0658 4580 mv61xx - ok
15:56:47.0690 4580 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:56:47.0736 4580 napagent - ok
15:56:47.0877 4580 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:56:47.0939 4580 NativeWifiP - ok
15:56:48.0080 4580 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121218.020\ENG64.SYS
15:56:48.0111 4580 NAVENG - ok
15:56:48.0516 4580 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20121218.020\EX64.SYS
15:56:48.0594 4580 NAVEX15 - ok
15:56:48.0657 4580 [ B3B7C5F26F3F8C7992350B7EDE64F5C9 ] NCPro C:\Windows\system32\drivers\MTictwl.sys
15:56:48.0657 4580 NCPro - ok
15:56:48.0860 4580 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:56:48.0891 4580 NDIS - ok
15:56:48.0922 4580 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:56:48.0969 4580 NdisCap - ok
15:56:49.0031 4580 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:56:49.0062 4580 NdisTapi - ok
15:56:49.0140 4580 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:56:49.0203 4580 Ndisuio - ok
15:56:49.0265 4580 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:56:49.0312 4580 NdisWan - ok
15:56:49.0359 4580 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:56:49.0406 4580 NDProxy - ok
15:56:49.0702 4580 [ 27FE4B70C12A2C67A58D799B9A4E8D81 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:56:49.0733 4580 Nero BackItUp Scheduler 4.0 - ok
15:56:49.0811 4580 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:56:49.0858 4580 NetBIOS - ok
15:56:49.0874 4580 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:56:49.0967 4580 NetBT - ok
15:56:49.0983 4580 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:56:49.0998 4580 Netlogon - ok
15:56:50.0217 4580 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:56:50.0342 4580 Netman - ok
15:56:50.0435 4580 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:56:50.0498 4580 netprofm - ok
15:56:50.0513 4580 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:56:50.0544 4580 NetTcpPortSharing - ok
15:56:50.0591 4580 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:56:50.0622 4580 nfrd960 - ok
15:56:50.0778 4580 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
15:56:50.0778 4580 NIS - ok
15:56:50.0856 4580 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:56:50.0872 4580 NisDrv - ok
15:56:50.0966 4580 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:56:50.0981 4580 NisSrv - ok
15:56:51.0122 4580 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:56:51.0184 4580 NlaSvc - ok
15:56:51.0215 4580 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:56:51.0246 4580 Npfs - ok
15:56:51.0262 4580 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:56:51.0324 4580 nsi - ok
15:56:51.0340 4580 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:56:51.0387 4580 nsiproxy - ok
15:56:51.0527 4580 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:56:51.0574 4580 Ntfs - ok
15:56:51.0621 4580 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:56:51.0777 4580 Null - ok
15:56:51.0933 4580 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:56:51.0948 4580 NVHDA - ok
15:56:54.0101 4580 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:56:54.0226 4580 nvlddmkm - ok
15:56:57.0409 4580 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:56:57.0409 4580 nvraid - ok
15:56:57.0519 4580 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:56:57.0534 4580 nvstor - ok
15:56:57.0753 4580 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
15:56:57.0815 4580 nvsvc - ok
15:56:57.0909 4580 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:56:57.0924 4580 nvUpdatusService - ok
15:56:57.0971 4580 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:56:57.0971 4580 nv_agp - ok
15:56:58.0065 4580 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:56:58.0080 4580 odserv - ok
15:56:58.0127 4580 [ 0182074B2B8915C8371EA5A006BAC44E ] ogmservice C:\Program Files (x86)\Online Games Manager\ogmservice.exe
15:56:58.0143 4580 ogmservice - ok
15:56:58.0158 4580 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:56:58.0205 4580 ohci1394 - ok
15:56:58.0252 4580 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:56:58.0267 4580 ose - ok
15:56:58.0314 4580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:56:58.0345 4580 p2pimsvc - ok
15:56:58.0408 4580 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:56:58.0439 4580 p2psvc - ok
15:56:58.0470 4580 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:56:58.0501 4580 Parport - ok
15:56:58.0533 4580 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:56:58.0533 4580 partmgr - ok
15:56:58.0548 4580 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:56:58.0595 4580 PcaSvc - ok
15:56:58.0611 4580 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:56:58.0626 4580 pci - ok
15:56:58.0642 4580 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:56:58.0642 4580 pciide - ok
15:56:58.0673 4580 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:56:58.0689 4580 pcmcia - ok
15:56:58.0704 4580 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:56:58.0704 4580 pcw - ok
15:56:58.0735 4580 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:56:58.0782 4580 PEAUTH - ok
15:56:58.0907 4580 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:56:58.0969 4580 PeerDistSvc - ok
15:56:59.0562 4580 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:56:59.0625 4580 PerfHost - ok
15:56:59.0703 4580 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:56:59.0765 4580 pla - ok
15:56:59.0796 4580 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:56:59.0843 4580 PlugPlay - ok
15:56:59.0874 4580 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:56:59.0890 4580 PNRPAutoReg - ok
15:56:59.0921 4580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:56:59.0921 4580 PNRPsvc - ok
15:56:59.0952 4580 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
15:56:59.0968 4580 Point64 - ok
15:57:00.0061 4580 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:57:00.0342 4580 PolicyAgent - ok
15:57:00.0436 4580 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:57:00.0529 4580 Power - ok
15:57:00.0576 4580 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:57:00.0607 4580 PptpMiniport - ok
15:57:00.0639 4580 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:57:00.0685 4580 Processor - ok
15:57:00.0732 4580 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:57:00.0810 4580 ProfSvc - ok
15:57:00.0826 4580 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:57:00.0841 4580 ProtectedStorage - ok
15:57:00.0888 4580 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:57:00.0919 4580 Psched - ok
15:57:00.0997 4580 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
15:57:01.0044 4580 PSI - ok
15:57:01.0091 4580 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:57:01.0091 4580 PSI_SVC_2 - ok
15:57:01.0138 4580 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:57:01.0200 4580 ql2300 - ok
15:57:01.0247 4580 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:57:01.0263 4580 ql40xx - ok
15:57:01.0325 4580 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:57:01.0356 4580 QWAVE - ok
15:57:01.0387 4580 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:57:01.0481 4580 QWAVEdrv - ok
15:57:01.0528 4580 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:57:01.0637 4580 RasAcd - ok
15:57:01.0684 4580 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:57:01.0731 4580 RasAgileVpn - ok
15:57:01.0746 4580 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:57:01.0793 4580 RasAuto - ok
15:57:01.0840 4580 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:57:01.0871 4580 Rasl2tp - ok
15:57:01.0902 4580 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:57:01.0965 4580 RasMan - ok
15:57:02.0027 4580 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:57:02.0105 4580 RasPppoe - ok
15:57:02.0167 4580 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:57:02.0214 4580 RasSstp - ok
15:57:02.0261 4580 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:57:02.0339 4580 rdbss - ok
15:57:02.0370 4580 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:57:02.0433 4580 rdpbus - ok
15:57:02.0448 4580 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:57:02.0495 4580 RDPCDD - ok
15:57:02.0557 4580 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:57:02.0635 4580 RDPDR - ok
15:57:02.0682 4580 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:57:02.0776 4580 RDPENCDD - ok
15:57:02.0807 4580 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:57:02.0869 4580 RDPREFMP - ok
15:57:02.0947 4580 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:57:03.0041 4580 RdpVideoMiniport - ok
15:57:03.0166 4580 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:57:03.0275 4580 RDPWD - ok
15:57:03.0369 4580 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:57:03.0384 4580 rdyboost - ok
15:57:03.0431 4580 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:57:03.0493 4580 RemoteAccess - ok
15:57:03.0540 4580 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:57:03.0618 4580 RemoteRegistry - ok
15:57:03.0649 4580 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:57:03.0727 4580 RpcEptMapper - ok
15:57:03.0759 4580 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:57:03.0790 4580 RpcLocator - ok
15:57:03.0852 4580 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:57:03.0883 4580 RpcSs - ok
15:57:03.0930 4580 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:57:03.0977 4580 rspndr - ok
15:57:04.0024 4580 [ 301FBA4594FB5C0A469299A65106B4AA ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys
15:57:04.0039 4580 s1018bus - ok
15:57:04.0071 4580 [ D1D7C744F79710357E60FC04D125ED01 ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys
15:57:04.0086 4580 s1018mdfl - ok
15:57:04.0133 4580 [ 7DBE12CCCD837D4266B2DDD80A329C09 ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys
15:57:04.0149 4580 s1018mdm - ok
15:57:04.0195 4580 [ 065FF5E62D2D18A6D93FD925546CD549 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys
15:57:04.0211 4580 s1018mgmt - ok
15:57:04.0242 4580 [ 5101D815BDF0D667E3D5F0EA727CAAEE ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys
15:57:04.0258 4580 s1018nd5 - ok
15:57:04.0273 4580 [ 13F220C65B444AC9BDA49DACFC3230BB ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys
15:57:04.0320 4580 s1018obex - ok
15:57:04.0351 4580 [ CE7D8BCE80211D8A35F6BD7A87791860 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys
15:57:04.0383 4580 s1018unic - ok
15:57:04.0414 4580 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:57:04.0507 4580 s3cap - ok
15:57:04.0523 4580 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:57:04.0523 4580 SamSs - ok
15:57:04.0570 4580 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:57:04.0601 4580 sbp2port - ok
15:57:04.0663 4580 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:57:04.0710 4580 SCardSvr - ok
15:57:04.0757 4580 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:57:04.0819 4580 scfilter - ok
15:57:04.0975 4580 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:57:05.0022 4580 Schedule - ok
15:57:05.0069 4580 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:57:05.0085 4580 SCPolicySvc - ok
15:57:05.0163 4580 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:57:05.0256 4580 SDRSVC - ok
15:57:05.0334 4580 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService F:\Programme\Spy\Spybot - Search & Destroy 2\SDFSSvc.exe
15:57:05.0350 4580 SDScannerService - ok
15:57:05.0443 4580 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService F:\Programme\Spy\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:57:05.0459 4580 SDUpdateService - ok
15:57:05.0475 4580 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService F:\Programme\Spy\Spybot - Search & Destroy 2\SDWSCSvc.exe
15:57:05.0490 4580 SDWSCService - ok
15:57:05.0568 4580 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:57:05.0615 4580 secdrv - ok
15:57:05.0646 4580 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:57:05.0724 4580 seclogon - ok
15:57:05.0911 4580 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:57:05.0943 4580 Secunia PSI Agent - ok
15:57:06.0052 4580 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
15:57:06.0067 4580 Secunia Update Agent - ok
15:57:06.0145 4580 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
15:57:06.0192 4580 seehcri - ok
15:57:06.0223 4580 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:57:06.0270 4580 SENS - ok
15:57:06.0301 4580 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:57:06.0364 4580 SensrSvc - ok
15:57:06.0411 4580 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:57:06.0442 4580 Serenum - ok
15:57:06.0457 4580 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:57:06.0473 4580 Serial - ok
15:57:06.0504 4580 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:57:06.0535 4580 sermouse - ok
15:57:06.0567 4580 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:57:06.0629 4580 SessionEnv - ok
15:57:06.0645 4580 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:57:06.0676 4580 sffdisk - ok
15:57:06.0691 4580 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:57:06.0738 4580 sffp_mmc - ok
15:57:06.0754 4580 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:57:06.0785 4580 sffp_sd - ok
15:57:06.0832 4580 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:57:06.0847 4580 sfloppy - ok
15:57:06.0894 4580 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:57:06.0941 4580 SharedAccess - ok
15:57:07.0019 4580 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:57:07.0081 4580 ShellHWDetection - ok
15:57:07.0097 4580 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:57:07.0113 4580 SiSRaid2 - ok
15:57:07.0128 4580 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:57:07.0159 4580 SiSRaid4 - ok
15:57:07.0347 4580 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:57:07.0378 4580 Skype C2C Service - ok
15:57:07.0456 4580 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:57:07.0456 4580 SkypeUpdate - ok
15:57:07.0503 4580 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:57:07.0534 4580 Smb - ok
15:57:07.0643 4580 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:57:07.0643 4580 SNMPTRAP - ok
15:57:07.0721 4580 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
15:57:07.0737 4580 Sony PC Companion - ok
15:57:07.0768 4580 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:57:07.0768 4580 spldr - ok
15:57:07.0815 4580 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:57:07.0846 4580 Spooler - ok
15:57:08.0345 4580 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:57:08.0407 4580 sppsvc - ok
15:57:08.0439 4580 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:57:08.0517 4580 sppuinotify - ok
15:57:08.0719 4580 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS
15:57:08.0751 4580 SRTSP - ok
15:57:08.0782 4580 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS
15:57:08.0782 4580 SRTSPX - ok
15:57:08.0844 4580 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:57:08.0907 4580 srv - ok
15:57:08.0938 4580 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:57:09.0000 4580 srv2 - ok
15:57:09.0031 4580 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:57:09.0078 4580 srvnet - ok
15:57:09.0265 4580 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:57:09.0328 4580 SSDPSRV - ok
15:57:09.0343 4580 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:57:09.0390 4580 SstpSvc - ok
15:57:09.0453 4580 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:57:09.0468 4580 Stereo Service - ok
15:57:09.0515 4580 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:57:09.0515 4580 stexstor - ok
15:57:09.0609 4580 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:57:09.0640 4580 stisvc - ok
15:57:09.0655 4580 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:57:09.0671 4580 storflt - ok
15:57:09.0687 4580 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:57:09.0702 4580 storvsc - ok
15:57:09.0733 4580 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:57:09.0733 4580 swenum - ok
15:57:09.0874 4580 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:57:09.0921 4580 swprv - ok
15:57:09.0999 4580 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS
15:57:10.0014 4580 SymDS - ok
15:57:10.0045 4580 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS
15:57:10.0077 4580 SymEFA - ok
15:57:10.0108 4580 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:57:10.0108 4580 SymEvent - ok
15:57:10.0139 4580 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS
15:57:10.0155 4580 SymIRON - ok
15:57:10.0201 4580 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS
15:57:10.0217 4580 SymNetS - ok
15:57:10.0233 4580 Synth3dVsc - ok
15:57:10.0279 4580 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:57:10.0326 4580 SysMain - ok
15:57:10.0357 4580 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:57:10.0389 4580 TabletInputService - ok
15:57:10.0420 4580 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:57:10.0467 4580 TapiSrv - ok
15:57:10.0513 4580 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:57:10.0545 4580 TBS - ok
15:57:10.0685 4580 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:57:10.0747 4580 Tcpip - ok
15:57:10.0779 4580 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:57:10.0810 4580 TCPIP6 - ok
15:57:10.0857 4580 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:57:10.0903 4580 tcpipreg - ok
15:57:10.0981 4580 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:57:11.0013 4580 TDPIPE - ok
15:57:11.0059 4580 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:57:11.0075 4580 TDTCP - ok
15:57:11.0106 4580 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:57:11.0137 4580 tdx - ok
15:57:11.0169 4580 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:57:11.0184 4580 TermDD - ok
15:57:11.0215 4580 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:57:11.0262 4580 TermService - ok
15:57:11.0309 4580 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:57:11.0340 4580 Themes - ok
15:57:11.0371 4580 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:57:11.0387 4580 THREADORDER - ok
15:57:11.0418 4580 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:57:11.0465 4580 TrkWks - ok
15:57:11.0512 4580 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:57:11.0559 4580 TrustedInstaller - ok
15:57:11.0590 4580 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:57:11.0621 4580 tssecsrv - ok
15:57:11.0652 4580 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:57:11.0683 4580 TsUsbFlt - ok
15:57:11.0683 4580 tsusbhub - ok
15:57:11.0715 4580 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:57:11.0761 4580 tunnel - ok
15:57:11.0777 4580 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:57:11.0793 4580 uagp35 - ok
15:57:11.0808 4580 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:57:11.0871 4580 udfs - ok
15:57:11.0917 4580 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:57:11.0964 4580 UI0Detect - ok
15:57:12.0011 4580 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:57:12.0011 4580 uliagpkx - ok
15:57:12.0042 4580 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:57:12.0073 4580 umbus - ok
15:57:12.0089 4580 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:57:12.0105 4580 UmPass - ok
15:57:12.0120 4580 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:57:12.0151 4580 UmRdpService - ok
15:57:12.0307 4580 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:57:12.0323 4580 UMVPFSrv - ok
15:57:12.0432 4580 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:57:12.0495 4580 upnphost - ok
15:57:12.0526 4580 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:57:12.0557 4580 usbaudio - ok
15:57:12.0573 4580 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:57:12.0619 4580 usbccgp - ok
15:57:12.0635 4580 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:57:12.0682 4580 usbcir - ok
15:57:12.0682 4580 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:57:12.0713 4580 usbehci - ok
15:57:12.0760 4580 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:57:12.0791 4580 usbhub - ok
15:57:12.0807 4580 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:57:12.0822 4580 usbohci - ok
15:57:12.0838 4580 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:57:12.0900 4580 usbprint - ok
15:57:12.0947 4580 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:57:12.0963 4580 usbscan - ok
15:57:12.0994 4580 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:57:13.0056 4580 USBSTOR - ok
15:57:13.0072 4580 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:57:13.0103 4580 usbuhci - ok
15:57:13.0150 4580 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:57:13.0165 4580 usbvideo - ok
15:57:13.0243 4580 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:57:13.0306 4580 UxSms - ok
15:57:13.0337 4580 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:57:13.0337 4580 VaultSvc - ok
15:57:13.0353 4580 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:57:13.0368 4580 vdrvroot - ok
15:57:13.0399 4580 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:57:13.0431 4580 vds - ok
15:57:13.0477 4580 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:57:13.0509 4580 vga - ok
15:57:13.0524 4580 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:57:13.0555 4580 VgaSave - ok
15:57:13.0571 4580 VGPU - ok
15:57:13.0602 4580 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:57:13.0602 4580 vhdmp - ok
15:57:13.0633 4580 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:57:13.0649 4580 viaide - ok
15:57:13.0665 4580 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:57:13.0680 4580 vmbus - ok
15:57:13.0696 4580 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:57:13.0711 4580 VMBusHID - ok
15:57:13.0727 4580 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:57:13.0743 4580 volmgr - ok
15:57:13.0758 4580 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:57:13.0774 4580 volmgrx - ok
15:57:13.0789 4580 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:57:13.0805 4580 volsnap - ok
15:57:13.0836 4580 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:57:13.0852 4580 vsmraid - ok
15:57:13.0914 4580 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:57:13.0992 4580 VSS - ok
15:57:13.0992 4580 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:57:14.0039 4580 vwifibus - ok
15:57:14.0148 4580 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:57:14.0195 4580 W32Time - ok
15:57:14.0226 4580 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:57:14.0289 4580 WacomPen - ok
15:57:14.0320 4580 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:57:14.0367 4580 WANARP - ok
15:57:14.0382 4580 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:57:14.0413 4580 Wanarpv6 - ok
15:57:14.0491 4580 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:57:14.0538 4580 WatAdminSvc - ok
15:57:14.0679 4580 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:57:14.0725 4580 wbengine - ok
15:57:14.0757 4580 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:57:14.0788 4580 WbioSrvc - ok
15:57:14.0803 4580 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:57:14.0850 4580 wcncsvc - ok
15:57:14.0881 4580 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:57:14.0944 4580 WcsPlugInService - ok
15:57:14.0975 4580 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:57:14.0991 4580 Wd - ok
15:57:15.0037 4580 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:57:15.0069 4580 Wdf01000 - ok
15:57:15.0084 4580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:57:15.0162 4580 WdiServiceHost - ok
15:57:15.0162 4580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:57:15.0178 4580 WdiSystemHost - ok
15:57:15.0209 4580 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:57:15.0271 4580 WebClient - ok
15:57:15.0303 4580 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:57:15.0334 4580 Wecsvc - ok
15:57:15.0412 4580 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:57:15.0474 4580 wercplsupport - ok
15:57:15.0505 4580 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:57:15.0661 4580 WerSvc - ok
15:57:15.0693 4580 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:57:15.0755 4580 WfpLwf - ok
15:57:15.0771 4580 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:57:15.0786 4580 WIMMount - ok
15:57:15.0802 4580 WinDefend - ok
15:57:15.0802 4580 WinHttpAutoProxySvc - ok
15:57:15.0864 4580 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:57:15.0911 4580 Winmgmt - ok
15:57:15.0989 4580 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:57:16.0129 4580 WinRM - ok
15:57:16.0254 4580 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:57:16.0301 4580 WinUsb - ok
15:57:16.0348 4580 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:57:16.0395 4580 Wlansvc - ok
15:57:16.0831 4580 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:57:16.0863 4580 wlidsvc - ok
15:57:16.0894 4580 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:57:16.0941 4580 WmiAcpi - ok
15:57:16.0972 4580 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:57:16.0987 4580 wmiApSrv - ok
15:57:17.0003 4580 WMPNetworkSvc - ok
15:57:17.0034 4580 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:57:17.0065 4580 WPCSvc - ok
15:57:17.0081 4580 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:57:17.0112 4580 WPDBusEnum - ok
15:57:17.0159 4580 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:57:17.0190 4580 ws2ifsl - ok
15:57:17.0206 4580 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:57:17.0253 4580 wscsvc - ok
15:57:17.0253 4580 WSearch - ok
15:57:17.0533 4580 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:57:17.0565 4580 wuauserv - ok
15:57:17.0596 4580 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:57:17.0658 4580 WudfPf - ok
15:57:17.0689 4580 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:57:17.0736 4580 WUDFRd - ok
15:57:17.0767 4580 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:57:17.0799 4580 wudfsvc - ok
15:57:17.0830 4580 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:57:17.0845 4580 WwanSvc - ok
15:57:17.0861 4580 ================ Scan global ===============================
15:57:17.0877 4580 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:57:17.0908 4580 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:57:17.0908 4580 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:57:17.0939 4580 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:57:18.0033 4580 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:57:18.0033 4580 [Global] - ok
15:57:18.0033 4580 ================ Scan MBR ==================================
15:57:18.0048 4580 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:57:18.0111 4580 \Device\Harddisk0\DR0 - ok
15:57:18.0111 4580 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
15:57:18.0189 4580 \Device\Harddisk1\DR1 - ok
15:57:18.0204 4580 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
15:57:18.0251 4580 \Device\Harddisk2\DR2 - ok
15:57:18.0282 4580 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
15:57:21.0870 4580 \Device\Harddisk3\DR3 - ok
15:57:21.0886 4580 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
15:57:22.0011 4580 \Device\Harddisk5\DR5 - ok
15:57:22.0011 4580 ================ Scan VBR ==================================
15:57:22.0026 4580 [ 3BAF8004BF7D5C3C6F48AA41A406A2AD ] \Device\Harddisk0\DR0\Partition1
15:57:22.0026 4580 \Device\Harddisk0\DR0\Partition1 - ok
15:57:22.0026 4580 [ 1A0872D7495D33D658EE55D490759F1E ] \Device\Harddisk1\DR1\Partition1
15:57:22.0026 4580 \Device\Harddisk1\DR1\Partition1 - ok
15:57:22.0042 4580 [ 01BDA8CFB1C6CFCCE35F1B50EB727DA2 ] \Device\Harddisk2\DR2\Partition1
15:57:22.0042 4580 \Device\Harddisk2\DR2\Partition1 - ok
15:57:22.0057 4580 [ 972C9F725639FC9C3F23BB07494B79F2 ] \Device\Harddisk3\DR3\Partition1
15:57:22.0057 4580 \Device\Harddisk3\DR3\Partition1 - ok
15:57:22.0089 4580 [ 66AE0DF7852FA19888B7F0B2E36AF2B4 ] \Device\Harddisk3\DR3\Partition2
15:57:22.0089 4580 \Device\Harddisk3\DR3\Partition2 - ok
15:57:22.0089 4580 [ 0C06FF11F7B8D168D86A2B5A098D9928 ] \Device\Harddisk5\DR5\Partition1
15:57:22.0089 4580 \Device\Harddisk5\DR5\Partition1 - ok
15:57:22.0089 4580 [ 9FE992A9A2CE576553865EC7B68A780E ] \Device\Harddisk5\DR5\Partition2
15:57:22.0089 4580 \Device\Harddisk5\DR5\Partition2 - ok
15:57:22.0089 4580 ============================================================
15:57:22.0089 4580 Scan finished
15:57:22.0089 4580 ============================================================
15:57:22.0104 4572 Detected object count: 0
15:57:22.0104 4572 Actual detected object count: 0
15:57:50.0559 2500 Deinitialize success

Alt 20.12.2012, 14:56   #12
t'john
/// Helfer-Team
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



Sehr gut!

Wie laeuft der Rechner?


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.12.2012, 21:56   #13
Laschmunzel
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



Sodala! Scan hat etwas gedauert. Ja also dem Rechner gehts gut - Performance is auch schon viel besser. Hab auch einiges an Wartunf vorgenommen was ich lang vernachlässigt hab - wie Festplatten bereinigen und auf Fehler überprüfen und solche Dinge. Na und der Scan? Hat NIX gefunden! :

Emsisoft Anti-Malware - Version 7.0
Letztes Update: 20.12.2012 16:44:57

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, F:\, G:\, H:\, M:\, N:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 20.12.2012 16:47:55


Gescannt 1010096
Gefunden 0

Scan Ende: 20.12.2012 21:12:45
Scan Zeit: 4:24:50


Das sollte wohl heißen, ich bin jetzt sauber, oder? ABER:

wenn ich über msconfig in die Systemsteuerung gehem, dann gibt es immer noch die Möglichkeit tbhcn anzuklicken. Auch für die NeroBackitup.exe, welche ja bei einem Scan gelöscht wurde, hab ich diese Möglichkeit noch. Kann ich das irgendwie rausbekommen aus dem Systart?

Und dann hätt ich noch ein paar Fragen, wenn ich darf. Wie tu ich jetzt weiter bezüglich Virenschutz? Es heißt immer: Bloß nur ein Programm haben. Nur ich hatte trotzdem 2 und keines davon hat die Viren gefunden. Ich habe keinen Plan wie ich in Zukunft den Rechner schützen möchte, außer das ich mir endlich ein Benutzerkonto anlegen werde und das Admin Konto deaktiviere - so wie Windows das vorschlägt. Aber ich kann mich offensichtlich ja nicht auf ein Programm verlassen. Also Vollschutz und dazu einen Nur-Scanner? Was wäre den da klug? Momentan hab ich Norton Vollschutz, Windows live essential dekativiert, Spybot 2, Malwarebytes und Emisoft auf dem Rechner. Scheinen sich gegenseitig aber nicht zu stören. Zusätzlich noch die Entfernertools. Wenn ich mehrere behalte, worauf muss ich dann achten. Und die Remove-Tools? Behalten? Und wenn, die müssen auf dem Desktop bleiben, oder?

Sorry, wegen der vielen Fragen....

Und jez möcht ich mal ein gaaaaanz gaaaanz großes aussprechen! Und glei nochmal:

Lg

Alt 22.12.2012, 13:08   #14
t'john
/// Helfer-Team
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



Auf die Fragen kommen wir zum Schluss, wenn wir mit allem fertig sind.

Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.12.2012, 21:32   #15
Laschmunzel
 
tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Standard

tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up



Hallo!
Hier das logfile von Eset:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=2bab637d8c80474c90807c0c8844049a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-23 09:13:13
# local_time=2012-12-23 10:13:13 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 714724 118922577 0 0
# compatibility_mode=5892 16777213 88 94 7478506 9940165 0 0
# scanned=694895
# found=0
# cleaned=0
# scan_time=15338


Sieht gut aus, oder?



Falls wir uns nicht mehr lesen: Frohe Weihnachten wünsch ich mal!

Antwort

Themen zu tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up
administrator, anti-malware, appdata, ausmisten, autostart, datei, dateien, desktop, explorer, fix, helper, install.exe, internet, jquery, löschen, malwarebytes, microsoft, neustart, norton, rechner, roaming, security, software, speicher, systemstart, tbhcn, trojaner, trojaner-board, unbekannte herkunft, uninstall.exe, windows



Ähnliche Themen: tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up


  1. C:\Users\name\AppData\Roaming\Microsoft\Windows\Recent\wmpnetwk.dll - nicht gefunden
    Log-Analyse und Auswertung - 14.09.2014 (13)
  2. Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe
    Log-Analyse und Auswertung - 22.08.2014 (6)
  3. Windows 8: Verdacht auf Virus, c:\users\*******\appdata\roaming\newnext.me\nenginge.dll
    Log-Analyse und Auswertung - 07.04.2014 (9)
  4. Lästiges Ding unter users\appdata\roaming
    Log-Analyse und Auswertung - 15.03.2014 (13)
  5. Windows 7: Virenfund mit AVIRA C:\Users\*****\AppData\Roaming\OpenCandy\0353524FC3A84BC188BDC2A76B84F948\Softonic_chr_p1v3.exe
    Log-Analyse und Auswertung - 16.09.2013 (9)
  6. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  7. BDS/Delf.MN.19 in C:\Users\admin\AppData\Roaming\Microsoft\Windows\unicode2.nls und weitere...
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (2)
  8. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio
    Log-Analyse und Auswertung - 13.01.2013 (10)
  9. RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls
    Log-Analyse und Auswertung - 10.12.2012 (1)
  10. Malewarebytes Fund Trojan.Ransom.Gen c:\..\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\ctfmon.Ink und Hijack.Shell.Gen
    Log-Analyse und Auswertung - 01.11.2012 (8)
  11. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  12. TR/Ransom.EB.28 in C:\Users\***\AppData\Roaming\Microsoft\torrent.exe
    Log-Analyse und Auswertung - 30.07.2012 (8)
  13. 0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon
    Log-Analyse und Auswertung - 09.07.2012 (3)
  14. TR/Offend.kdv.495935 | C:\Users\****\AppData\Roaming\Microsoft\Windows\Templates\audiodi.exe
    Log-Analyse und Auswertung - 19.02.2012 (1)
  15. Trojaner TR/Offend.KD.484629 in Users\***\AppData\Roaming\Microsoft\hostrun.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2011 (6)
  16. Win32:Cycbot-Fo fund in C:\USERS\DARK\APPDATA\ROAMING\MICROSOFT\CONHOST.EXE
    Plagegeister aller Art und deren Bekämpfung - 03.07.2011 (3)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)

Zum Thema tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up - Hallo! Ich habe heute unter msconfig mein Startmenü ausmisten wollen weil mein Rechner so lange braucht um hoch zu fahren und habe dabei oben genannte Datei entdeckt (tbhcn). Nach Nachforschungen - tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up...
Archiv
Du betrachtest: tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.