| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Datei chatzum_nt.exe unter c:\ gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.12.2012, 19:49
| #1 |
 |  Datei chatzum_nt.exe unter c:\ gefunden Hallo, habe heute zufällig die Datei chatzum_nt.exe im Root entdeckt. Benutze Windows 7, 64 Bit und google chrome. Symptome habe ich keine bemerkt. Nachdem ich im Internet gelesen habe, dass es sich um einen Virus handeln könnte, habe ich versucht, diesen mit gängigen Scannern zu lokalisieren, leider vergeblich. Deinstallieren ging nicht, da nicht in Softwareliste unter Systemsteuerung enthalten. Habe dann die Datei gelöscht - ich hoffe, dies war kein Fehler. Was sollte ich tun bzw. wie kann ich feststellen, ob mein PC ein Virus-Problem hat? Vielen Dank im Voraus. Grüße, Tom |
|
23.12.2012, 21:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Datei chatzum_nt.exe unter c:\ gefunden Hallo und
__________________ Schon irgendwelche Scans mit Malwarebytes oder anderen Tools gemacht? Log mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten!
__________________ |
|
26.12.2012, 19:43
| #3 |
| | Datei chatzum_nt.exe unter c:\ gefunden Hallo cosinus,
__________________vielen Dank für die Antwort. Habe log mit malwarebyte versucht, PC blieb dabei hängen. Seither keine neuen logs versucht. |
|
26.12.2012, 22:02
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Datei chatzum_nt.exe unter c:\ gefunden Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.12.2012, 11:31
| #5 |
| | Datei chatzum_nt.exe unter c:\ gefunden OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.12.2012 11:05:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snoopy\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,62% Memory free 4,00 Gb Paging File | 2,48 Gb Available in Paging File | 61,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 127,99 Gb Total Space | 61,21 Gb Free Space | 47,82% Space Free | Partition Type: NTFS Drive D: | 25,39 Gb Total Space | 20,29 Gb Free Space | 79,88% Space Free | Partition Type: NTFS Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Snoopy\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe () PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe (Symantec Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe () ========== Services (SafeList) ========== SRV - (HOSTS Anti-PUPs) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe () SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe (Symantec Corporation) SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (cmuda3) -- C:\Windows\SysNative\drivers\cmudax3.sys (C-Media Inc) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1004\..\SearchScopes,DefaultScope = ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Snoopy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Snoopy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.11.25 23:06:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.11.25 23:06:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.09.20 19:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: Google Update (Enabled) = C:\Users\Snoopy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Define your own new tab! = C:\Users\Snoopy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjjapmfhhmcikhcfkiolockmndbbpng\3.2_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe () O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) O4 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001..\Run: [Driver Mender] C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe (PC Drivers Headquarters) O4 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B58D3164-785E-44A2-977C-1D419DEC199F}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.12.23 18:14:50 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.24 20:48:00 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\RavensburgerTipToi [2012.12.24 20:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\RavensburgerTipToi [2012.12.24 20:47:35 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager [2012.12.24 20:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ravensburger tiptoi [2012.12.23 19:16:01 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\LavasoftStatistics [2012.12.23 19:02:13 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Local\Downloaded Installations [2012.12.23 19:01:54 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012.12.23 19:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012.12.23 19:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012.12.23 19:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012.12.23 18:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.12.23 18:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.12.23 17:51:31 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\Malwarebytes [2012.12.23 17:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.15 19:03:44 | 000,000,000 | ---D | C] -- C:\Zirkusvorstellung [2012.12.13 20:18:48 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Documents\Neuer Ordner [2012.11.30 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs [2012.11.30 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Documents\DVDVideoSoft [2012.11.30 21:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.11.30 21:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.11.30 21:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.11.30 21:10:22 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\DVDVideoSoft [2012.11.30 20:52:07 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\PerformerSoft [2012.11.30 20:52:04 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2012.11.30 20:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Performer Manager [2012.11.30 18:45:47 | 000,000,000 | ---D | C] -- C:\Stundenpläne [3 C:\Users\Snoopy\Documents\*.tmp files -> C:\Users\Snoopy\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.27 10:58:19 | 000,001,107 | ---- | M] () -- C:\Users\Snoopy\Desktop\OTL - Verknüpfung.lnk [2012.12.27 10:12:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516118728-1142162036-4191355624-1001UA.job [2012.12.27 09:59:13 | 000,026,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 09:59:13 | 000,026,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 09:50:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.27 09:50:47 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012.12.24 20:49:14 | 000,001,076 | ---- | M] () -- C:\Users\Snoopy\Desktop\tiptoi.lnk [2012.12.24 20:27:40 | 001,470,496 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.24 20:27:40 | 000,855,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.24 20:27:40 | 000,382,524 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.24 20:27:40 | 000,333,100 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.24 20:27:40 | 000,005,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.23 19:04:01 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.12.23 19:01:53 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012.12.23 18:14:50 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2012.12.22 18:24:18 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.21 11:52:09 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516118728-1142162036-4191355624-1001Core.job [2012.12.14 13:43:23 | 000,002,493 | ---- | M] () -- C:\Users\Snoopy\Desktop\Google Chrome.lnk [2012.12.13 00:12:28 | 000,002,809 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat [2012.11.30 22:10:16 | 000,001,185 | ---- | M] () -- C:\Users\Snoopy\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk [2012.11.30 21:11:17 | 000,001,409 | ---- | M] () -- C:\Users\Snoopy\Desktop\Free Audio CD to MP3 Converter.lnk [2012.11.30 20:51:31 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini [2012.11.30 20:50:52 | 002,686,592 | ---- | M] () -- C:\Users\Snoopy\Desktop\freeripmp3-92-setup.exe [3 C:\Users\Snoopy\Documents\*.tmp files -> C:\Users\Snoopy\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.27 10:58:19 | 000,001,107 | ---- | C] () -- C:\Users\Snoopy\Desktop\OTL - Verknüpfung.lnk [2012.12.24 20:47:36 | 000,001,076 | ---- | C] () -- C:\Users\Snoopy\Desktop\tiptoi.lnk [2012.12.23 19:04:01 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.12.23 18:14:50 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2012.11.30 22:10:16 | 000,001,185 | ---- | C] () -- C:\Users\Snoopy\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk [2012.11.30 21:11:17 | 000,001,409 | ---- | C] () -- C:\Users\Snoopy\Desktop\Free Audio CD to MP3 Converter.lnk [2012.11.30 20:51:31 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012.11.30 20:50:44 | 002,686,592 | ---- | C] () -- C:\Users\Snoopy\Desktop\freeripmp3-92-setup.exe [2012.11.30 16:47:59 | 000,002,809 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat [2012.10.07 17:26:40 | 000,003,584 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.07 17:25:35 | 000,061,208 | ---- | C] () -- C:\Windows\SysWow64\MPEG4E-uninstall.exe [2012.09.25 18:18:55 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.19 01:29:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll [2012.09.19 01:29:34 | 000,000,376 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl [2012.09.19 01:28:24 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg [2012.09.19 01:28:24 | 000,000,249 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi [2012.09.19 01:28:18 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.23 18:59:29 | 000,000,000 | ---D | M] -- C:\Users\Snoopy\AppData\Roaming\Canneverbe Limited [2012.09.24 23:14:38 | 000,000,000 | ---D | M] -- C:\Users\Snoopy\AppData\Roaming\CD-LabelPrint [2012.09.18 22:55:26 | 000,000,000 | ---D | M] -- C:\Users\Snoopy\AppData\Roaming\CheckPoint [2012.11.30 21:11:29 | 000,000,000 | ---D | M] -- C:\Users\Snoopy\AppData\Roaming\DVDVideoSoft [2012.11.03 20:18:38 | 000,000,000 | ---D | M] -- C:\Users\Snoopy\AppData\Roaming\Garmin [2012.10.05 23:18:17 | 000,000,000 | ---D | M] -- C:\Users\Snoopy\AppData\Roaming\PCCUStubInstaller [2012.11.30 20:53:39 | 000,000,000 | ---D | M] -- C:\Users\Snoopy\AppData\Roaming\PerformerSoft [2012.12.24 20:48:00 | 000,000,000 | ---D | M] -- C:\Users\Snoopy\AppData\Roaming\RavensburgerTipToi [2012.09.19 21:28:54 | 000,000,000 | ---D | M] -- C:\Users\Snoopy\AppData\Roaming\Stellarium [2012.11.10 06:27:43 | 000,000,000 | ---D | M] -- C:\Users\Snoopy\AppData\Roaming\WinTrack ========== Purity Check ========== < End of report > |
|
27.12.2012, 11:37
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Datei chatzum_nt.exe unter c:\ gefunden 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Datei chatzum_nt.exe unter c:\ gefunden |
|
27.12.2012, 12:52
| #7 |
| | Datei chatzum_nt.exe unter c:\ gefunden [CODE ]aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-27 12:47:37 ----------------------------- 12:47:37.802 OS Version: Windows x64 6.1.7601 Service Pack 1 12:47:37.803 Number of processors: 2 586 0x6B02 12:47:37.804 ComputerName: SNOOPY-PC UserName: Snoopy 12:47:38.237 Initialize success 12:47:48.179 AVAST engine defs: 12122700 12:47:54.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057 12:47:54.798 Disk 0 Vendor: ExcelSto P22O Size: 157066MB BusType: 3 12:47:54.810 Disk 0 MBR read successfully 12:47:54.814 Disk 0 MBR scan 12:47:54.822 Disk 0 Windows 7 default MBR code 12:47:54.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63 12:47:54.851 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 26003 MB offset 268414020 12:47:54.903 Disk 0 scanning C:\Windows\system32\drivers 12:48:04.502 Service scanning 12:48:30.955 Modules scanning 12:48:30.972 Disk 0 trace - called modules: 12:48:30.990 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys 12:48:31.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024d96e0] 12:48:31.361 3 CLASSPNP.SYS[fffff8800194743f] -> nt!IofCallDriver -> [0xfffffa8002274bf0] 12:48:31.374 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa800228d9c0] 12:48:31.386 Scan finished successfully 12:50:25.140 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat" 12:50:25.146 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-27 12:47:37 ----------------------------- 12:47:37.802 OS Version: Windows x64 6.1.7601 Service Pack 1 12:47:37.803 Number of processors: 2 586 0x6B02 12:47:37.804 ComputerName: SNOOPY-PC UserName: Snoopy 12:47:38.237 Initialize success 12:47:48.179 AVAST engine defs: 12122700 12:47:54.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057 12:47:54.798 Disk 0 Vendor: ExcelSto P22O Size: 157066MB BusType: 3 12:47:54.810 Disk 0 MBR read successfully 12:47:54.814 Disk 0 MBR scan 12:47:54.822 Disk 0 Windows 7 default MBR code 12:47:54.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63 12:47:54.851 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 26003 MB offset 268414020 12:47:54.903 Disk 0 scanning C:\Windows\system32\drivers 12:48:04.502 Service scanning 12:48:30.955 Modules scanning 12:48:30.972 Disk 0 trace - called modules: 12:48:30.990 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys 12:48:31.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024d96e0] 12:48:31.361 3 CLASSPNP.SYS[fffff8800194743f] -> nt!IofCallDriver -> [0xfffffa8002274bf0] 12:48:31.374 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa800228d9c0] 12:48:31.386 Scan finished successfully 12:50:25.140 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat" 12:50:25.146 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt" 12:50:46.659 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat" 12:50:46.666 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-27 12:47:37 ----------------------------- 12:47:37.802 OS Version: Windows x64 6.1.7601 Service Pack 1 12:47:37.803 Number of processors: 2 586 0x6B02 12:47:37.804 ComputerName: SNOOPY-PC UserName: Snoopy 12:47:38.237 Initialize success 12:47:48.179 AVAST engine defs: 12122700 12:47:54.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057 12:47:54.798 Disk 0 Vendor: ExcelSto P22O Size: 157066MB BusType: 3 12:47:54.810 Disk 0 MBR read successfully 12:47:54.814 Disk 0 MBR scan 12:47:54.822 Disk 0 Windows 7 default MBR code 12:47:54.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63 12:47:54.851 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 26003 MB offset 268414020 12:47:54.903 Disk 0 scanning C:\Windows\system32\drivers 12:48:04.502 Service scanning 12:48:30.955 Modules scanning 12:48:30.972 Disk 0 trace - called modules: 12:48:30.990 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys 12:48:31.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024d96e0] 12:48:31.361 3 CLASSPNP.SYS[fffff8800194743f] -> nt!IofCallDriver -> [0xfffffa8002274bf0] 12:48:31.374 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa800228d9c0] 12:48:31.386 Scan finished successfully 12:50:25.140 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat" 12:50:25.146 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt" 12:50:46.659 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat" 12:50:46.666 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt" 12:51:19.708 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat" 12:51:19.716 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt" [/CODE] |
|
27.12.2012, 12:58
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Datei chatzum_nt.exe unter c:\ gefunden Bitte korrigiere die CODE-Tags
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2012, 12:59
| #9 |
| | Datei chatzum_nt.exe unter c:\ gefundenCode:
ATTFilter 12:56:29.0027 5060 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:56:29.0250 5060 ============================================================
12:56:29.0250 5060 Current date / time: 2012/12/27 12:56:29.0250
12:56:29.0250 5060 SystemInfo:
12:56:29.0250 5060
12:56:29.0250 5060 OS Version: 6.1.7601 ServicePack: 1.0
12:56:29.0250 5060 Product type: Workstation
12:56:29.0250 5060 ComputerName: SNOOPY-PC
12:56:29.0250 5060 UserName: Snoopy
12:56:29.0250 5060 Windows directory: C:\Windows
12:56:29.0250 5060 System windows directory: C:\Windows
12:56:29.0250 5060 Running under WOW64
12:56:29.0250 5060 Processor architecture: Intel x64
12:56:29.0250 5060 Number of processors: 2
12:56:29.0250 5060 Page size: 0x1000
12:56:29.0250 5060 Boot type: Normal boot
12:56:29.0250 5060 ============================================================
12:56:30.0771 5060 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:56:30.0776 5060 ============================================================
12:56:30.0776 5060 \Device\Harddisk0\DR0:
12:56:30.0779 5060 MBR partitions:
12:56:30.0779 5060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
12:56:30.0779 5060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0x32C9D33
12:56:30.0779 5060 ============================================================
12:56:30.0830 5060 C: <-> \Device\Harddisk0\DR0\Partition1
12:56:30.0909 5060 D: <-> \Device\Harddisk0\DR0\Partition2
12:56:30.0909 5060 ============================================================
12:56:30.0909 5060 Initialize success
12:56:30.0909 5060 ============================================================
12:57:32.0769 5044 ============================================================
12:57:32.0769 5044 Scan started
12:57:32.0769 5044 Mode: Manual; SigCheck; TDLFS;
12:57:32.0769 5044 ============================================================
12:57:33.0137 5044 ================ Scan system memory ========================
12:57:33.0137 5044 System memory - ok
12:57:33.0138 5044 ================ Scan services =============================
12:57:33.0256 5044 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:57:33.0476 5044 1394ohci - ok
12:57:33.0509 5044 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:57:33.0533 5044 ACPI - ok
12:57:33.0580 5044 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:57:33.0813 5044 AcpiPmi - ok
12:57:33.0910 5044 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:57:33.0946 5044 AdobeARMservice - ok
12:57:33.0990 5044 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:57:34.0019 5044 adp94xx - ok
12:57:34.0075 5044 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:57:34.0096 5044 adpahci - ok
12:57:34.0110 5044 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:57:34.0128 5044 adpu320 - ok
12:57:34.0157 5044 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:57:34.0269 5044 AeLookupSvc - ok
12:57:34.0313 5044 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:57:34.0387 5044 AFD - ok
12:57:34.0429 5044 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:57:34.0460 5044 agp440 - ok
12:57:34.0504 5044 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:57:34.0563 5044 ALG - ok
12:57:34.0595 5044 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:57:34.0614 5044 aliide - ok
12:57:34.0626 5044 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:57:34.0643 5044 amdide - ok
12:57:34.0691 5044 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:57:34.0756 5044 AmdK8 - ok
12:57:34.0775 5044 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:57:34.0808 5044 AmdPPM - ok
12:57:34.0846 5044 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:57:34.0863 5044 amdsata - ok
12:57:34.0883 5044 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:57:34.0902 5044 amdsbs - ok
12:57:34.0919 5044 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:57:34.0935 5044 amdxata - ok
12:57:35.0014 5044 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:57:35.0083 5044 AntiVirSchedulerService - ok
12:57:35.0110 5044 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:57:35.0129 5044 AntiVirService - ok
12:57:35.0176 5044 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:57:35.0312 5044 AppID - ok
12:57:35.0347 5044 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:57:35.0402 5044 AppIDSvc - ok
12:57:35.0423 5044 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:57:35.0479 5044 Appinfo - ok
12:57:35.0520 5044 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:57:35.0537 5044 arc - ok
12:57:35.0553 5044 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:57:35.0571 5044 arcsas - ok
12:57:35.0594 5044 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:57:35.0647 5044 AsyncMac - ok
12:57:35.0658 5044 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:57:35.0674 5044 atapi - ok
12:57:35.0718 5044 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:57:35.0787 5044 AudioEndpointBuilder - ok
12:57:35.0798 5044 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:57:35.0844 5044 AudioSrv - ok
12:57:35.0870 5044 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:57:35.0890 5044 avgntflt - ok
12:57:35.0914 5044 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:57:35.0930 5044 avipbb - ok
12:57:35.0945 5044 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:57:35.0959 5044 avkmgr - ok
12:57:36.0002 5044 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:57:36.0110 5044 AxInstSV - ok
12:57:36.0168 5044 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:57:36.0246 5044 b06bdrv - ok
12:57:36.0286 5044 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:57:36.0330 5044 b57nd60a - ok
12:57:36.0374 5044 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:57:36.0418 5044 BDESVC - ok
12:57:36.0435 5044 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:57:36.0489 5044 Beep - ok
12:57:36.0537 5044 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:57:36.0597 5044 BFE - ok
12:57:36.0643 5044 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:57:36.0712 5044 BITS - ok
12:57:36.0749 5044 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:57:36.0781 5044 blbdrive - ok
12:57:36.0815 5044 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:57:36.0882 5044 bowser - ok
12:57:36.0922 5044 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:57:36.0977 5044 BrFiltLo - ok
12:57:36.0995 5044 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:57:37.0041 5044 BrFiltUp - ok
12:57:37.0082 5044 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:57:37.0111 5044 Browser - ok
12:57:37.0133 5044 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:57:37.0190 5044 Brserid - ok
12:57:37.0197 5044 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:57:37.0232 5044 BrSerWdm - ok
12:57:37.0261 5044 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:57:37.0293 5044 BrUsbMdm - ok
12:57:37.0299 5044 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:57:37.0342 5044 BrUsbSer - ok
12:57:37.0349 5044 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:57:37.0383 5044 BTHMODEM - ok
12:57:37.0416 5044 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:57:37.0456 5044 bthserv - ok
12:57:37.0471 5044 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:57:37.0532 5044 cdfs - ok
12:57:37.0569 5044 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:57:37.0588 5044 cdrom - ok
12:57:37.0625 5044 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:57:37.0678 5044 CertPropSvc - ok
12:57:37.0722 5044 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:57:37.0788 5044 circlass - ok
12:57:37.0830 5044 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:57:37.0877 5044 CLFS - ok
12:57:37.0943 5044 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:57:37.0959 5044 clr_optimization_v2.0.50727_32 - ok
12:57:38.0003 5044 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:57:38.0020 5044 clr_optimization_v2.0.50727_64 - ok
12:57:38.0084 5044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:57:38.0120 5044 clr_optimization_v4.0.30319_32 - ok
12:57:38.0147 5044 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:57:38.0164 5044 clr_optimization_v4.0.30319_64 - ok
12:57:38.0201 5044 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:57:38.0235 5044 CmBatt - ok
12:57:38.0257 5044 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:57:38.0273 5044 cmdide - ok
12:57:38.0399 5044 [ 2835BF2A864CDE9184C80CF4E6A485F9 ] cmuda3 C:\Windows\system32\drivers\cmudax3.sys
12:57:38.0476 5044 cmuda3 - ok
12:57:38.0514 5044 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:57:38.0600 5044 CNG - ok
12:57:38.0653 5044 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:57:38.0668 5044 Compbatt - ok
12:57:38.0714 5044 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:57:38.0758 5044 CompositeBus - ok
12:57:38.0772 5044 COMSysApp - ok
12:57:38.0806 5044 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:57:38.0822 5044 crcdisk - ok
12:57:38.0867 5044 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:57:38.0951 5044 CryptSvc - ok
12:57:39.0000 5044 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:57:39.0097 5044 DcomLaunch - ok
12:57:39.0134 5044 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:57:39.0192 5044 defragsvc - ok
12:57:39.0225 5044 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:57:39.0288 5044 DfsC - ok
12:57:39.0317 5044 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:57:39.0378 5044 Dhcp - ok
12:57:39.0385 5044 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:57:39.0450 5044 discache - ok
12:57:39.0485 5044 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:57:39.0500 5044 Disk - ok
12:57:39.0523 5044 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:57:39.0581 5044 Dnscache - ok
12:57:39.0603 5044 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:57:39.0661 5044 dot3svc - ok
12:57:39.0679 5044 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:57:39.0735 5044 DPS - ok
12:57:39.0766 5044 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:57:39.0799 5044 drmkaud - ok
12:57:39.0843 5044 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:57:39.0876 5044 DXGKrnl - ok
12:57:39.0900 5044 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:57:39.0957 5044 EapHost - ok
12:57:40.0081 5044 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:57:40.0176 5044 ebdrv - ok
12:57:40.0205 5044 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:57:40.0261 5044 EFS - ok
12:57:40.0316 5044 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:57:40.0381 5044 ehRecvr - ok
12:57:40.0399 5044 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:57:40.0426 5044 ehSched - ok
12:57:40.0488 5044 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:57:40.0548 5044 elxstor - ok
12:57:40.0570 5044 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:57:40.0607 5044 ErrDev - ok
12:57:40.0655 5044 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:57:40.0724 5044 EventSystem - ok
12:57:40.0747 5044 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:57:40.0789 5044 exfat - ok
12:57:40.0815 5044 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:57:40.0868 5044 fastfat - ok
12:57:40.0905 5044 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:57:40.0968 5044 Fax - ok
12:57:41.0000 5044 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:57:41.0039 5044 fdc - ok
12:57:41.0071 5044 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:57:41.0124 5044 fdPHost - ok
12:57:41.0153 5044 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:57:41.0207 5044 FDResPub - ok
12:57:41.0229 5044 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:57:41.0245 5044 FileInfo - ok
12:57:41.0251 5044 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:57:41.0309 5044 Filetrace - ok
12:57:41.0336 5044 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:57:41.0353 5044 flpydisk - ok
12:57:41.0379 5044 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:57:41.0400 5044 FltMgr - ok
12:57:41.0456 5044 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:57:41.0572 5044 FontCache - ok
12:57:41.0612 5044 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:57:41.0632 5044 FontCache3.0.0.0 - ok
12:57:41.0639 5044 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:57:41.0663 5044 FsDepends - ok
12:57:41.0691 5044 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:57:41.0712 5044 Fs_Rec - ok
12:57:41.0760 5044 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:57:41.0782 5044 fvevol - ok
12:57:41.0819 5044 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:57:41.0834 5044 gagp30kx - ok
12:57:41.0881 5044 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
12:57:41.0895 5044 gfibto - ok
12:57:41.0933 5044 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:57:41.0982 5044 gpsvc - ok
12:57:41.0999 5044 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:57:42.0054 5044 hcw85cir - ok
12:57:42.0092 5044 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:57:42.0134 5044 HdAudAddService - ok
12:57:42.0155 5044 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:57:42.0188 5044 HDAudBus - ok
12:57:42.0204 5044 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:57:42.0222 5044 HidBatt - ok
12:57:42.0239 5044 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:57:42.0277 5044 HidBth - ok
12:57:42.0285 5044 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:57:42.0305 5044 HidIr - ok
12:57:42.0329 5044 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:57:42.0382 5044 hidserv - ok
12:57:42.0392 5044 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
12:57:42.0410 5044 HidUsb - ok
12:57:42.0438 5044 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:57:42.0495 5044 hkmsvc - ok
12:57:42.0518 5044 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:57:42.0549 5044 HomeGroupListener - ok
12:57:42.0583 5044 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:57:42.0615 5044 HomeGroupProvider - ok
12:57:42.0638 5044 HOSTS Anti-PUPs - ok
12:57:42.0682 5044 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:57:42.0699 5044 HpSAMD - ok
12:57:42.0742 5044 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:57:42.0807 5044 HTTP - ok
12:57:42.0813 5044 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:57:42.0829 5044 hwpolicy - ok
12:57:42.0848 5044 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:57:42.0866 5044 i8042prt - ok
12:57:42.0919 5044 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:57:42.0943 5044 iaStorV - ok
12:57:42.0999 5044 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:57:43.0069 5044 idsvc - ok
12:57:43.0094 5044 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:57:43.0111 5044 iirsp - ok
12:57:43.0142 5044 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:57:43.0208 5044 IKEEXT - ok
12:57:43.0228 5044 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:57:43.0245 5044 intelide - ok
12:57:43.0289 5044 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
12:57:43.0317 5044 intelppm - ok
12:57:43.0342 5044 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:57:43.0401 5044 IPBusEnum - ok
12:57:43.0408 5044 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:57:43.0447 5044 IpFilterDriver - ok
12:57:43.0486 5044 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:57:43.0540 5044 iphlpsvc - ok
12:57:43.0568 5044 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:57:43.0601 5044 IPMIDRV - ok
12:57:43.0608 5044 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:57:43.0655 5044 IPNAT - ok
12:57:43.0675 5044 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:57:43.0710 5044 IRENUM - ok
12:57:43.0728 5044 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:57:43.0743 5044 isapnp - ok
12:57:43.0765 5044 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:57:43.0786 5044 iScsiPrt - ok
12:57:43.0894 5044 [ AD1A85CA5535CC0EE40E0BADFB8DFB27 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
12:57:43.0931 5044 ISWKL - ok
12:57:44.0006 5044 [ 9DFAE38F2E13C003EEB62AEAEAE61259 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
12:57:44.0037 5044 IswSvc - ok
12:57:44.0076 5044 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:57:44.0091 5044 kbdclass - ok
12:57:44.0124 5044 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:57:44.0155 5044 kbdhid - ok
12:57:44.0179 5044 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:57:44.0196 5044 KeyIso - ok
12:57:44.0275 5044 [ BDCDA87DD466867A8A7C405D52DD9260 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
12:57:44.0301 5044 KLIF - ok
12:57:44.0322 5044 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:57:44.0338 5044 KSecDD - ok
12:57:44.0351 5044 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:57:44.0369 5044 KSecPkg - ok
12:57:44.0413 5044 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:57:44.0516 5044 ksthunk - ok
12:57:44.0557 5044 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:57:44.0607 5044 KtmRm - ok
12:57:44.0656 5044 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:57:44.0710 5044 LanmanServer - ok
12:57:44.0737 5044 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:57:44.0789 5044 LanmanWorkstation - ok
12:57:44.0833 5044 [ 02538E602280C07438C94489DCBE77D5 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
12:57:44.0848 5044 libusb0 - ok
12:57:44.0879 5044 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:57:44.0937 5044 lltdio - ok
12:57:44.0982 5044 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:57:45.0086 5044 lltdsvc - ok
12:57:45.0106 5044 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:57:45.0174 5044 lmhosts - ok
12:57:45.0207 5044 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:57:45.0223 5044 LSI_FC - ok
12:57:45.0240 5044 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:57:45.0256 5044 LSI_SAS - ok
12:57:45.0272 5044 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:57:45.0290 5044 LSI_SAS2 - ok
12:57:45.0301 5044 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:57:45.0318 5044 LSI_SCSI - ok
12:57:45.0337 5044 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:57:45.0395 5044 luafv - ok
12:57:45.0426 5044 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:57:45.0463 5044 Mcx2Svc - ok
12:57:45.0483 5044 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:57:45.0498 5044 megasas - ok
12:57:45.0557 5044 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:57:45.0607 5044 MegaSR - ok
12:57:45.0678 5044 Microsoft SharePoint Workspace Audit Service - ok
12:57:45.0731 5044 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:57:45.0817 5044 MMCSS - ok
12:57:45.0835 5044 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:57:45.0893 5044 Modem - ok
12:57:45.0925 5044 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:57:45.0960 5044 monitor - ok
12:57:45.0971 5044 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:57:45.0988 5044 mouclass - ok
12:57:46.0000 5044 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
12:57:46.0024 5044 mouhid - ok
12:57:46.0031 5044 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:57:46.0048 5044 mountmgr - ok
12:57:46.0070 5044 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:57:46.0087 5044 mpio - ok
12:57:46.0105 5044 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:57:46.0145 5044 mpsdrv - ok
12:57:46.0185 5044 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:57:46.0236 5044 MpsSvc - ok
12:57:46.0249 5044 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:57:46.0290 5044 MRxDAV - ok
12:57:46.0320 5044 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:57:46.0385 5044 mrxsmb - ok
12:57:46.0416 5044 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:57:46.0458 5044 mrxsmb10 - ok
12:57:46.0472 5044 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:57:46.0491 5044 mrxsmb20 - ok
12:57:46.0517 5044 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:57:46.0533 5044 msahci - ok
12:57:46.0553 5044 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:57:46.0571 5044 msdsm - ok
12:57:46.0601 5044 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:57:46.0631 5044 MSDTC - ok
12:57:46.0657 5044 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:57:46.0708 5044 Msfs - ok
12:57:46.0739 5044 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:57:46.0792 5044 mshidkmdf - ok
12:57:46.0798 5044 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:57:46.0814 5044 msisadrv - ok
12:57:46.0844 5044 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:57:46.0900 5044 MSiSCSI - ok
12:57:46.0906 5044 msiserver - ok
12:57:46.0930 5044 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:57:46.0980 5044 MSKSSRV - ok
12:57:46.0998 5044 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:57:47.0055 5044 MSPCLOCK - ok
12:57:47.0061 5044 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:57:47.0106 5044 MSPQM - ok
12:57:47.0131 5044 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:57:47.0153 5044 MsRPC - ok
12:57:47.0163 5044 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:57:47.0179 5044 mssmbios - ok
12:57:47.0191 5044 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:57:47.0242 5044 MSTEE - ok
12:57:47.0248 5044 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:57:47.0274 5044 MTConfig - ok
12:57:47.0282 5044 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:57:47.0298 5044 Mup - ok
12:57:47.0337 5044 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:57:47.0397 5044 napagent - ok
12:57:47.0429 5044 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:57:47.0471 5044 NativeWifiP - ok
12:57:47.0518 5044 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:57:47.0550 5044 NDIS - ok
12:57:47.0567 5044 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:57:47.0606 5044 NdisCap - ok
12:57:47.0647 5044 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:57:47.0686 5044 NdisTapi - ok
12:57:47.0704 5044 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:57:47.0751 5044 Ndisuio - ok
12:57:47.0759 5044 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:57:47.0805 5044 NdisWan - ok
12:57:47.0812 5044 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:57:47.0858 5044 NDProxy - ok
12:57:47.0871 5044 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:57:47.0916 5044 NetBIOS - ok
12:57:47.0939 5044 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:57:47.0981 5044 NetBT - ok
12:57:47.0996 5044 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:57:48.0013 5044 Netlogon - ok
12:57:48.0066 5044 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:57:48.0129 5044 Netman - ok
12:57:48.0154 5044 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:57:48.0213 5044 netprofm - ok
12:57:48.0240 5044 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:57:48.0267 5044 NetTcpPortSharing - ok
12:57:48.0304 5044 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:57:48.0320 5044 nfrd960 - ok
12:57:48.0365 5044 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:57:48.0402 5044 NlaSvc - ok
12:57:48.0455 5044 Norton PC Checkup Application Launcher - ok
12:57:48.0464 5044 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:57:48.0503 5044 Npfs - ok
12:57:48.0526 5044 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:57:48.0583 5044 nsi - ok
12:57:48.0588 5044 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:57:48.0635 5044 nsiproxy - ok
12:57:48.0697 5044 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:57:48.0743 5044 Ntfs - ok
12:57:48.0766 5044 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:57:48.0818 5044 Null - ok
12:57:48.0844 5044 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
12:57:48.0909 5044 nusb3hub - ok
12:57:48.0945 5044 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
12:57:49.0013 5044 nusb3xhc - ok
12:57:49.0073 5044 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
12:57:49.0111 5044 NVENETFD - ok
12:57:49.0392 5044 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:57:49.0821 5044 nvlddmkm - ok
12:57:49.0852 5044 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
12:57:49.0873 5044 NVNET - ok
12:57:49.0902 5044 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:57:49.0919 5044 nvraid - ok
12:57:49.0937 5044 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:57:49.0955 5044 nvstor - ok
12:57:50.0013 5044 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
12:57:50.0048 5044 nvsvc - ok
12:57:50.0135 5044 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:57:50.0211 5044 nvUpdatusService - ok
12:57:50.0250 5044 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:57:50.0267 5044 nv_agp - ok
12:57:50.0280 5044 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:57:50.0326 5044 ohci1394 - ok
12:57:50.0417 5044 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:57:50.0435 5044 ose - ok
12:57:50.0575 5044 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:57:50.0727 5044 osppsvc - ok
12:57:50.0783 5044 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:57:50.0865 5044 p2pimsvc - ok
12:57:50.0900 5044 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:57:50.0932 5044 p2psvc - ok
12:57:50.0953 5044 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:57:50.0994 5044 Parport - ok
12:57:51.0021 5044 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:57:51.0037 5044 partmgr - ok
12:57:51.0046 5044 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:57:51.0086 5044 PcaSvc - ok
12:57:51.0136 5044 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
12:57:51.0152 5044 PCCUJobMgr - ok
12:57:51.0168 5044 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:57:51.0186 5044 pci - ok
12:57:51.0192 5044 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:57:51.0208 5044 pciide - ok
12:57:51.0225 5044 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:57:51.0244 5044 pcmcia - ok
12:57:51.0250 5044 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:57:51.0266 5044 pcw - ok
12:57:51.0296 5044 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:57:51.0362 5044 PEAUTH - ok
12:57:51.0424 5044 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:57:51.0489 5044 PerfHost - ok
12:57:51.0558 5044 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:57:51.0634 5044 pla - ok
12:57:51.0681 5044 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:57:51.0739 5044 PlugPlay - ok
12:57:51.0756 5044 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:57:51.0788 5044 PNRPAutoReg - ok
12:57:51.0814 5044 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:57:51.0834 5044 PNRPsvc - ok
12:57:51.0860 5044 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:57:51.0919 5044 PolicyAgent - ok
12:57:51.0949 5044 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:57:52.0006 5044 Power - ok
12:57:52.0046 5044 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:57:52.0101 5044 PptpMiniport - ok
12:57:52.0120 5044 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:57:52.0149 5044 Processor - ok
12:57:52.0187 5044 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:57:52.0240 5044 ProfSvc - ok
12:57:52.0253 5044 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:57:52.0271 5044 ProtectedStorage - ok
12:57:52.0299 5044 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:57:52.0355 5044 Psched - ok
12:57:52.0388 5044 [ 24DD667D22DBD29618947C804E23AA03 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:57:52.0403 5044 PxHlpa64 - ok
12:57:52.0469 5044 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:57:52.0557 5044 ql2300 - ok
12:57:52.0578 5044 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:57:52.0599 5044 ql40xx - ok
12:57:52.0626 5044 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:57:52.0660 5044 QWAVE - ok
12:57:52.0675 5044 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:57:52.0714 5044 QWAVEdrv - ok
12:57:52.0738 5044 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:57:52.0794 5044 RasAcd - ok
12:57:52.0829 5044 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:57:52.0885 5044 RasAgileVpn - ok
12:57:52.0914 5044 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:57:52.0969 5044 RasAuto - ok
12:57:52.0994 5044 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:57:53.0052 5044 Rasl2tp - ok
12:57:53.0075 5044 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:57:53.0119 5044 RasMan - ok
12:57:53.0174 5044 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:57:53.0286 5044 RasPppoe - ok
12:57:53.0374 5044 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:57:53.0462 5044 RasSstp - ok
12:57:53.0486 5044 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:57:53.0540 5044 rdbss - ok
12:57:53.0556 5044 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:57:53.0587 5044 rdpbus - ok
12:57:53.0602 5044 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:57:53.0659 5044 RDPCDD - ok
12:57:53.0689 5044 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:57:53.0747 5044 RDPENCDD - ok
12:57:53.0768 5044 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:57:53.0806 5044 RDPREFMP - ok
12:57:53.0839 5044 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:57:53.0885 5044 RDPWD - ok
12:57:53.0930 5044 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:57:53.0948 5044 rdyboost - ok
12:57:53.0971 5044 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:57:54.0031 5044 RemoteAccess - ok
12:57:54.0069 5044 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:57:54.0131 5044 RemoteRegistry - ok
12:57:54.0142 5044 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:57:54.0187 5044 RpcEptMapper - ok
12:57:54.0207 5044 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:57:54.0243 5044 RpcLocator - ok
12:57:54.0271 5044 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:57:54.0316 5044 RpcSs - ok
12:57:54.0361 5044 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:57:54.0401 5044 rspndr - ok
12:57:54.0412 5044 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:57:54.0429 5044 SamSs - ok
12:57:54.0447 5044 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:57:54.0462 5044 sbp2port - ok
12:57:54.0489 5044 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:57:54.0533 5044 SCardSvr - ok
12:57:54.0546 5044 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:57:54.0598 5044 scfilter - ok
12:57:54.0640 5044 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:57:54.0708 5044 Schedule - ok
12:57:54.0740 5044 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:57:54.0780 5044 SCPolicySvc - ok
12:57:54.0811 5044 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:57:54.0864 5044 SDRSVC - ok
12:57:54.0911 5044 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:57:55.0017 5044 secdrv - ok
12:57:55.0040 5044 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:57:55.0087 5044 seclogon - ok
12:57:55.0094 5044 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:57:55.0136 5044 SENS - ok
12:57:55.0143 5044 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:57:55.0188 5044 SensrSvc - ok
12:57:55.0217 5044 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:57:55.0241 5044 Serenum - ok
12:57:55.0250 5044 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:57:55.0276 5044 Serial - ok
12:57:55.0304 5044 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:57:55.0333 5044 sermouse - ok
12:57:55.0375 5044 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:57:55.0430 5044 SessionEnv - ok
12:57:55.0436 5044 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:57:55.0456 5044 sffdisk - ok
12:57:55.0461 5044 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:57:55.0490 5044 sffp_mmc - ok
12:57:55.0495 5044 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:57:55.0521 5044 sffp_sd - ok
12:57:55.0526 5044 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:57:55.0549 5044 sfloppy - ok
12:57:55.0584 5044 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:57:55.0648 5044 SharedAccess - ok
12:57:55.0683 5044 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:57:55.0744 5044 ShellHWDetection - ok
12:57:55.0771 5044 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:57:55.0788 5044 SiSRaid2 - ok
12:57:55.0811 5044 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:57:55.0828 5044 SiSRaid4 - ok
12:57:55.0863 5044 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:57:55.0902 5044 Smb - ok
12:57:55.0957 5044 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:57:55.0997 5044 SNMPTRAP - ok
12:57:56.0038 5044 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:57:56.0063 5044 spldr - ok
12:57:56.0096 5044 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:57:56.0131 5044 Spooler - ok
12:57:56.0207 5044 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:57:56.0317 5044 sppsvc - ok
12:57:56.0338 5044 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:57:56.0379 5044 sppuinotify - ok
12:57:56.0412 5044 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:57:56.0469 5044 srv - ok
12:57:56.0495 5044 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:57:56.0531 5044 srv2 - ok
12:57:56.0557 5044 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:57:56.0576 5044 srvnet - ok
12:57:56.0623 5044 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
12:57:56.0713 5044 ssadbus - ok
12:57:56.0753 5044 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
12:57:56.0793 5044 ssadmdfl - ok
12:57:56.0825 5044 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
12:57:56.0869 5044 ssadmdm - ok
12:57:56.0901 5044 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:57:56.0969 5044 SSDPSRV - ok
12:57:56.0975 5044 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:57:57.0017 5044 SstpSvc - ok
12:57:57.0072 5044 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:57:57.0094 5044 Stereo Service - ok
12:57:57.0111 5044 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:57:57.0126 5044 stexstor - ok
12:57:57.0161 5044 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:57:57.0192 5044 stisvc - ok
12:57:57.0207 5044 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:57:57.0221 5044 swenum - ok
12:57:57.0254 5044 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:57:57.0319 5044 swprv - ok
12:57:57.0371 5044 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:57:57.0434 5044 SysMain - ok
12:57:57.0457 5044 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:57:57.0491 5044 TabletInputService - ok
12:57:57.0513 5044 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:57:57.0558 5044 TapiSrv - ok
12:57:57.0572 5044 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:57:57.0613 5044 TBS - ok
12:57:57.0708 5044 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:57:57.0788 5044 Tcpip - ok
12:57:57.0831 5044 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:57:57.0873 5044 TCPIP6 - ok
12:57:57.0899 5044 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:57:57.0916 5044 tcpipreg - ok
12:57:57.0943 5044 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:57:57.0989 5044 TDPIPE - ok
12:57:58.0013 5044 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:57:58.0032 5044 TDTCP - ok
12:57:58.0067 5044 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:57:58.0122 5044 tdx - ok
12:57:58.0128 5044 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:57:58.0144 5044 TermDD - ok
12:57:58.0183 5044 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:57:58.0293 5044 TermService - ok
12:57:58.0300 5044 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:57:58.0326 5044 Themes - ok
12:57:58.0346 5044 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:57:58.0387 5044 THREADORDER - ok
12:57:58.0394 5044 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:57:58.0450 5044 TrkWks - ok
12:57:58.0502 5044 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:57:58.0542 5044 TrustedInstaller - ok
12:57:58.0559 5044 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:57:58.0611 5044 tssecsrv - ok
12:57:58.0650 5044 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:57:58.0676 5044 TsUsbFlt - ok
12:57:58.0684 5044 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:57:58.0717 5044 TsUsbGD - ok
12:57:58.0753 5044 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:57:58.0856 5044 tunnel - ok
12:57:58.0879 5044 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:57:58.0898 5044 uagp35 - ok
12:57:58.0932 5044 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:57:58.0996 5044 udfs - ok
12:57:59.0031 5044 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:57:59.0065 5044 UI0Detect - ok
12:57:59.0098 5044 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:57:59.0114 5044 uliagpkx - ok
12:57:59.0150 5044 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:57:59.0185 5044 umbus - ok
12:57:59.0190 5044 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:57:59.0212 5044 UmPass - ok
12:57:59.0249 5044 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:57:59.0314 5044 upnphost - ok
12:57:59.0338 5044 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:57:59.0385 5044 usbccgp - ok
12:57:59.0422 5044 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:57:59.0443 5044 usbcir - ok
12:57:59.0467 5044 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:57:59.0499 5044 usbehci - ok
12:57:59.0522 5044 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:57:59.0557 5044 usbhub - ok
12:57:59.0582 5044 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:57:59.0616 5044 usbohci - ok
12:57:59.0649 5044 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:57:59.0687 5044 usbprint - ok
12:57:59.0722 5044 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:57:59.0742 5044 usbscan - ok
12:57:59.0765 5044 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:57:59.0842 5044 USBSTOR - ok
12:57:59.0863 5044 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:57:59.0921 5044 usbuhci - ok
12:57:59.0946 5044 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:58:00.0007 5044 UxSms - ok
12:58:00.0029 5044 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:58:00.0059 5044 VaultSvc - ok
12:58:00.0100 5044 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:58:00.0117 5044 vdrvroot - ok
12:58:00.0223 5044 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:58:00.0288 5044 vds - ok
12:58:00.0320 5044 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:58:00.0340 5044 vga - ok
12:58:00.0351 5044 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:58:00.0401 5044 VgaSave - ok
12:58:00.0427 5044 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:58:00.0445 5044 vhdmp - ok
12:58:00.0455 5044 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:58:00.0469 5044 viaide - ok
12:58:00.0487 5044 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:58:00.0502 5044 volmgr - ok
12:58:00.0512 5044 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:58:00.0535 5044 volmgrx - ok
12:58:00.0543 5044 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:58:00.0564 5044 volsnap - ok
12:58:00.0620 5044 [ DBB357B5C3D97039CDD010E01D165870 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
12:58:00.0643 5044 Vsdatant - ok
12:58:00.0729 5044 vsmon - ok
12:58:00.0775 5044 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:58:00.0820 5044 vsmraid - ok
12:58:00.0881 5044 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:58:00.0959 5044 VSS - ok
12:58:00.0981 5044 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:58:01.0018 5044 vwifibus - ok
12:58:01.0047 5044 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:58:01.0094 5044 W32Time - ok
12:58:01.0122 5044 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:58:01.0152 5044 WacomPen - ok
12:58:01.0173 5044 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:58:01.0223 5044 WANARP - ok
12:58:01.0228 5044 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:58:01.0267 5044 Wanarpv6 - ok
12:58:01.0321 5044 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:58:01.0390 5044 wbengine - ok
12:58:01.0398 5044 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:58:01.0424 5044 WbioSrvc - ok
12:58:01.0440 5044 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:58:01.0487 5044 wcncsvc - ok
12:58:01.0493 5044 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:58:01.0537 5044 WcsPlugInService - ok
12:58:01.0553 5044 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:58:01.0568 5044 Wd - ok
12:58:01.0601 5044 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:58:01.0632 5044 Wdf01000 - ok
12:58:01.0648 5044 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:58:01.0746 5044 WdiServiceHost - ok
12:58:01.0755 5044 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:58:01.0801 5044 WdiSystemHost - ok
12:58:01.0833 5044 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:58:01.0887 5044 WebClient - ok
12:58:01.0909 5044 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:58:01.0965 5044 Wecsvc - ok
12:58:01.0983 5044 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:58:02.0027 5044 wercplsupport - ok
12:58:02.0064 5044 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:58:02.0106 5044 WerSvc - ok
12:58:02.0150 5044 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:58:02.0188 5044 WfpLwf - ok
12:58:02.0201 5044 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:58:02.0216 5044 WIMMount - ok
12:58:02.0234 5044 WinDefend - ok
12:58:02.0242 5044 WinHttpAutoProxySvc - ok
12:58:02.0291 5044 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:58:02.0398 5044 Winmgmt - ok
12:58:02.0470 5044 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:58:02.0543 5044 WinRM - ok
12:58:02.0604 5044 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:58:02.0638 5044 WinUsb - ok
12:58:02.0686 5044 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:58:02.0740 5044 Wlansvc - ok
12:58:02.0759 5044 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:58:02.0777 5044 WmiAcpi - ok
12:58:02.0813 5044 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:58:02.0851 5044 wmiApSrv - ok
12:58:02.0889 5044 WMPNetworkSvc - ok
12:58:02.0907 5044 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:58:02.0935 5044 WPCSvc - ok
12:58:02.0947 5044 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:58:02.0979 5044 WPDBusEnum - ok
12:58:03.0000 5044 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:58:03.0041 5044 ws2ifsl - ok
12:58:03.0061 5044 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:58:03.0098 5044 wscsvc - ok
12:58:03.0103 5044 WSearch - ok
12:58:03.0197 5044 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:58:03.0289 5044 wuauserv - ok
12:58:03.0349 5044 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:58:03.0404 5044 WudfPf - ok
12:58:03.0446 5044 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:58:03.0477 5044 WUDFRd - ok
12:58:03.0507 5044 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:58:03.0541 5044 wudfsvc - ok
12:58:03.0576 5044 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:58:03.0621 5044 WwanSvc - ok
12:58:03.0629 5044 ================ Scan global ===============================
12:58:03.0660 5044 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:58:03.0688 5044 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:58:03.0699 5044 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:58:03.0728 5044 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:58:03.0756 5044 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:58:03.0762 5044 [Global] - ok
12:58:03.0763 5044 ================ Scan MBR ==================================
12:58:03.0772 5044 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:58:03.0973 5044 \Device\Harddisk0\DR0 - ok
12:58:03.0974 5044 ================ Scan VBR ==================================
12:58:03.0981 5044 [ A974091D6454CA8DFD7DEB8C68449B4C ] \Device\Harddisk0\DR0\Partition1
12:58:03.0984 5044 \Device\Harddisk0\DR0\Partition1 - ok
12:58:04.0013 5044 [ CE111B2E35E6F3CD371DE5AD7C82A68A ] \Device\Harddisk0\DR0\Partition2
12:58:04.0014 5044 \Device\Harddisk0\DR0\Partition2 - ok
12:58:04.0014 5044 ============================================================
12:58:04.0015 5044 Scan finished
12:58:04.0015 5044 ============================================================
12:58:04.0039 3488 Detected object count: 0
12:58:04.0039 3488 Actual detected object count: 0
ich habe es exakt wie beschrieben gemacht. Strg. + A, Strg + C, Doppelkreuz, einfügen. Was soll ich nochmals posten bzw. was mache ich falsch. Sorry! Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-27 12:47:37
-----------------------------
12:47:37.802 OS Version: Windows x64 6.1.7601 Service Pack 1
12:47:37.803 Number of processors: 2 586 0x6B02
12:47:37.804 ComputerName: SNOOPY-PC UserName: Snoopy
12:47:38.237 Initialize success
12:47:48.179 AVAST engine defs: 12122700
12:47:54.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
12:47:54.798 Disk 0 Vendor: ExcelSto P22O Size: 157066MB BusType: 3
12:47:54.810 Disk 0 MBR read successfully
12:47:54.814 Disk 0 MBR scan
12:47:54.822 Disk 0 Windows 7 default MBR code
12:47:54.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
12:47:54.851 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 26003 MB offset 268414020
12:47:54.903 Disk 0 scanning C:\Windows\system32\drivers
12:48:04.502 Service scanning
12:48:30.955 Modules scanning
12:48:30.972 Disk 0 trace - called modules:
12:48:30.990 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
12:48:31.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024d96e0]
12:48:31.361 3 CLASSPNP.SYS[fffff8800194743f] -> nt!IofCallDriver -> [0xfffffa8002274bf0]
12:48:31.374 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa800228d9c0]
12:48:31.386 Scan finished successfully
12:50:25.140 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat"
12:50:25.146 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-27 12:47:37
-----------------------------
12:47:37.802 OS Version: Windows x64 6.1.7601 Service Pack 1
12:47:37.803 Number of processors: 2 586 0x6B02
12:47:37.804 ComputerName: SNOOPY-PC UserName: Snoopy
12:47:38.237 Initialize success
12:47:48.179 AVAST engine defs: 12122700
12:47:54.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
12:47:54.798 Disk 0 Vendor: ExcelSto P22O Size: 157066MB BusType: 3
12:47:54.810 Disk 0 MBR read successfully
12:47:54.814 Disk 0 MBR scan
12:47:54.822 Disk 0 Windows 7 default MBR code
12:47:54.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
12:47:54.851 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 26003 MB offset 268414020
12:47:54.903 Disk 0 scanning C:\Windows\system32\drivers
12:48:04.502 Service scanning
12:48:30.955 Modules scanning
12:48:30.972 Disk 0 trace - called modules:
12:48:30.990 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
12:48:31.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024d96e0]
12:48:31.361 3 CLASSPNP.SYS[fffff8800194743f] -> nt!IofCallDriver -> [0xfffffa8002274bf0]
12:48:31.374 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa800228d9c0]
12:48:31.386 Scan finished successfully
12:50:25.140 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat"
12:50:25.146 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt"
12:50:46.659 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat"
12:50:46.666 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-27 12:47:37
-----------------------------
12:47:37.802 OS Version: Windows x64 6.1.7601 Service Pack 1
12:47:37.803 Number of processors: 2 586 0x6B02
12:47:37.804 ComputerName: SNOOPY-PC UserName: Snoopy
12:47:38.237 Initialize success
12:47:48.179 AVAST engine defs: 12122700
12:47:54.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
12:47:54.798 Disk 0 Vendor: ExcelSto P22O Size: 157066MB BusType: 3
12:47:54.810 Disk 0 MBR read successfully
12:47:54.814 Disk 0 MBR scan
12:47:54.822 Disk 0 Windows 7 default MBR code
12:47:54.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
12:47:54.851 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 26003 MB offset 268414020
12:47:54.903 Disk 0 scanning C:\Windows\system32\drivers
12:48:04.502 Service scanning
12:48:30.955 Modules scanning
12:48:30.972 Disk 0 trace - called modules:
12:48:30.990 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
12:48:31.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024d96e0]
12:48:31.361 3 CLASSPNP.SYS[fffff8800194743f] -> nt!IofCallDriver -> [0xfffffa8002274bf0]
12:48:31.374 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa800228d9c0]
12:48:31.386 Scan finished successfully
12:50:25.140 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat"
12:50:25.146 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt"
12:50:46.659 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat"
12:50:46.666 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt"
12:51:19.708 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat"
12:51:19.716 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt"
|
|
27.12.2012, 13:20
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Datei chatzum_nt.exe unter c:\ gefunden Gut, ist unauffällig adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2012, 13:31
| #11 |
| | Datei chatzum_nt.exe unter c:\ gefundenCode:
ATTFilter # AdwCleaner v2.103 - Datei am 27/12/2012 um 13:30:17 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Snoopy - SNOOPY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Snoopy\Desktop\adwcleaner (2).exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\ProgramData\blekko toolbars
Ordner Gefunden : C:\ProgramData\pc performer manager
Ordner Gefunden : C:\Users\Snoopy\AppData\Roaming\PerformerSoft
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gefunden : HKCU\Software\9ede8fe63be410
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\9ede8fe63be410
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{dfefbe51-ca52-484b-adf0-6b158b05262d}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Snoopy\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R3].txt - [1949 octets] - [27/12/2012 13:30:17]
########## EOF - C:\AdwCleaner[R3].txt - [2009 octets] ##########
|
|
27.12.2012, 13:36
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Datei chatzum_nt.exe unter c:\ gefunden adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2012, 14:04
| #13 |
| | Datei chatzum_nt.exe unter c:\ gefundenCode:
ATTFilter # AdwCleaner v2.103 - Datei am 27/12/2012 um 13:51:27 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Snoopy - SNOOPY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Snoopy\Desktop\adwcleaner (2).exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\pc performer manager
Ordner Gelöscht : C:\Users\Snoopy\AppData\Roaming\PerformerSoft
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\9ede8fe63be410
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\9ede8fe63be410
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{dfefbe51-ca52-484b-adf0-6b158b05262d}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Snoopy\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R3].txt - [2076 octets] - [27/12/2012 13:30:17]
AdwCleaner[S1].txt - [2011 octets] - [27/12/2012 13:51:27]
########## EOF - C:\AdwCleaner[S1].txt - [2071 octets] ##########
Code:
ATTFilter OTL logfile created on: 27.12.2012 14:06:14 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snoopy\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,69% Memory free 4,00 Gb Paging File | 2,28 Gb Available in Paging File | 57,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 127,99 Gb Total Space | 60,52 Gb Free Space | 47,28% Space Free | Partition Type: NTFS Drive D: | 25,39 Gb Total Space | 20,29 Gb Free Space | 79,88% Space Free | Partition Type: NTFS Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Snoopy\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe () PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe (Symantec Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll () MOD - C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll () MOD - C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll () MOD - C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll () MOD - C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll () MOD - C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll () MOD - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe () ========== Services (SafeList) ========== SRV - (HOSTS Anti-PUPs) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe () SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe (Symantec Corporation) SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (cmuda3) -- C:\Windows\SysNative\drivers\cmudax3.sys (C-Media Inc) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3516118728-1142162036-4191355624-1004\..\SearchScopes,DefaultScope = ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Snoopy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Snoopy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.11.25 23:06:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.11.25 23:06:41 | 000,000,000 | ---D | M] [2012.09.20 19:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Snoopy\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: Google Update (Enabled) = C:\Users\Snoopy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Define your own new tab! = C:\Users\Snoopy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjjapmfhhmcikhcfkiolockmndbbpng\3.2_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe () O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) O4 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001..\Run: [Driver Mender] C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe (PC Drivers Headquarters) O4 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1001..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3516118728-1142162036-4191355624-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B58D3164-785E-44A2-977C-1D419DEC199F}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.12.23 18:14:50 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.27 12:55:16 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Snoopy\Desktop\tdsskiller.exe [2012.12.27 12:33:58 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Snoopy\Desktop\aswMBR.exe [2012.12.24 20:48:00 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\RavensburgerTipToi [2012.12.24 20:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\RavensburgerTipToi [2012.12.24 20:47:35 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager [2012.12.24 20:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ravensburger tiptoi [2012.12.23 19:16:01 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\LavasoftStatistics [2012.12.23 19:02:13 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Local\Downloaded Installations [2012.12.23 19:01:54 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012.12.23 19:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012.12.23 19:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012.12.23 18:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.12.23 18:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.12.23 17:51:31 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\Malwarebytes [2012.12.23 17:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.21 23:12:26 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 23:12:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 23:12:25 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 23:12:24 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.15 19:03:44 | 000,000,000 | ---D | C] -- C:\Zirkusvorstellung [2012.12.13 20:18:48 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Documents\Neuer Ordner [2012.12.12 14:43:48 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 14:43:48 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 14:43:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 14:43:47 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 14:43:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 14:43:47 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 14:43:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 14:43:22 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 14:43:22 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 14:43:21 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 14:43:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 14:43:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 14:43:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 14:43:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 14:43:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 14:43:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 14:43:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 14:43:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 14:43:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 14:43:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 14:43:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 14:43:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 14:43:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 14:43:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 14:43:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 14:43:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 14:43:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 14:43:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 14:43:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 14:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 14:43:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 14:43:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 14:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 14:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 14:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 14:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 14:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 14:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 14:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 14:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 14:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 14:43:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 14:43:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 14:43:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 14:43:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 14:43:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 14:43:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 14:43:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 14:43:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 14:43:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 14:41:31 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 14:41:31 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.11.30 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs [2012.11.30 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Documents\DVDVideoSoft [2012.11.30 21:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.11.30 21:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.11.30 21:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.11.30 21:10:22 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\DVDVideoSoft [2012.11.30 20:52:04 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2012.11.30 18:45:47 | 000,000,000 | ---D | C] -- C:\Stundenpläne [3 C:\Users\Snoopy\Documents\*.tmp files -> C:\Users\Snoopy\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.27 14:12:08 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516118728-1142162036-4191355624-1001UA.job [2012.12.27 14:08:41 | 000,026,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 14:08:41 | 000,026,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 14:00:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.27 14:00:21 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012.12.27 13:29:21 | 000,550,017 | ---- | M] () -- C:\Users\Snoopy\Desktop\adwcleaner (2).exe [2012.12.27 12:55:25 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Snoopy\Desktop\tdsskiller.exe [2012.12.27 12:51:19 | 000,000,512 | ---- | M] () -- C:\Users\Snoopy\Desktop\MBR.dat [2012.12.27 12:36:41 | 000,004,489 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat [2012.12.27 12:33:12 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Snoopy\Desktop\aswMBR.exe [2012.12.27 11:12:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516118728-1142162036-4191355624-1001Core.job [2012.12.27 10:58:19 | 000,001,107 | ---- | M] () -- C:\Users\Snoopy\Desktop\OTL - Verknüpfung.lnk [2012.12.24 20:49:14 | 000,001,076 | ---- | M] () -- C:\Users\Snoopy\Desktop\tiptoi.lnk [2012.12.24 20:27:40 | 001,470,496 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.24 20:27:40 | 000,855,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.24 20:27:40 | 000,382,524 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.24 20:27:40 | 000,333,100 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.24 20:27:40 | 000,005,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.23 19:04:01 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.12.23 19:01:53 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012.12.23 18:14:50 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2012.12.22 18:24:18 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.14 13:43:23 | 000,002,493 | ---- | M] () -- C:\Users\Snoopy\Desktop\Google Chrome.lnk [2012.11.30 22:10:16 | 000,001,185 | ---- | M] () -- C:\Users\Snoopy\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk [2012.11.30 21:11:17 | 000,001,409 | ---- | M] () -- C:\Users\Snoopy\Desktop\Free Audio CD to MP3 Converter.lnk [2012.11.30 20:51:31 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini [2012.11.30 20:50:52 | 002,686,592 | ---- | M] () -- C:\Users\Snoopy\Desktop\freeripmp3-92-setup.exe [3 C:\Users\Snoopy\Documents\*.tmp files -> C:\Users\Snoopy\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.27 13:29:13 | 000,550,017 | ---- | C] () -- C:\Users\Snoopy\Desktop\adwcleaner (2).exe [2012.12.27 12:50:25 | 000,000,512 | ---- | C] () -- C:\Users\Snoopy\Desktop\MBR.dat [2012.12.27 10:58:19 | 000,001,107 | ---- | C] () -- C:\Users\Snoopy\Desktop\OTL - Verknüpfung.lnk [2012.12.24 20:47:36 | 000,001,076 | ---- | C] () -- C:\Users\Snoopy\Desktop\tiptoi.lnk [2012.12.23 19:04:01 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.12.23 18:14:50 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2012.11.30 22:10:16 | 000,001,185 | ---- | C] () -- C:\Users\Snoopy\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk [2012.11.30 21:11:17 | 000,001,409 | ---- | C] () -- C:\Users\Snoopy\Desktop\Free Audio CD to MP3 Converter.lnk [2012.11.30 20:51:31 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012.11.30 20:50:44 | 002,686,592 | ---- | C] () -- C:\Users\Snoopy\Desktop\freeripmp3-92-setup.exe [2012.11.30 16:47:59 | 000,004,489 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat [2012.10.07 17:26:40 | 000,003,584 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.07 17:25:35 | 000,061,208 | ---- | C] () -- C:\Windows\SysWow64\MPEG4E-uninstall.exe [2012.09.25 18:18:55 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.19 01:29:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll [2012.09.19 01:29:34 | 000,000,376 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl [2012.09.19 01:28:24 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg [2012.09.19 01:28:24 | 000,000,249 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi [2012.09.19 01:28:18 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.12.2012 14:06:14 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snoopy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,69% Memory free
4,00 Gb Paging File | 2,28 Gb Available in Paging File | 57,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 127,99 Gb Total Space | 60,52 Gb Free Space | 47,28% Space Free | Partition Type: NTFS
Drive D: | 25,39 Gb Total Space | 20,29 Gb Free Space | 79,88% Space Free | Partition Type: NTFS
Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A3B62B-4FEA-4947-8CB3-0536E20FB1DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A25EB5E-501E-4CE7-9FF8-E7A97EFF8818}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2E2D71C1-B0A3-4B32-815C-F7291D1CAF04}" = lport=139 | protocol=6 | dir=in | app=system |
"{30A494E4-16B0-4541-B597-E753787701E7}" = rport=138 | protocol=17 | dir=out | app=system |
"{41CEF77C-C4DE-4B35-BD16-E6723BBFA6C9}" = lport=137 | protocol=17 | dir=in | app=system |
"{5DD73BC2-D890-4388-B92A-552051FC7B9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D72B528-7CB0-4ADB-8FAF-43B3BB322CA8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D7B144F-D917-4533-BD1D-E93F08CAD563}" = lport=138 | protocol=17 | dir=in | app=system |
"{9D64C1D0-EAF2-4D24-9CA2-EB11E13870CA}" = rport=139 | protocol=6 | dir=out | app=system |
"{C71D6309-DF29-4C39-824E-7B37403B57C4}" = lport=445 | protocol=6 | dir=in | app=system |
"{EE5FD945-5AB6-4CC6-A8B2-05DD27B7D699}" = rport=137 | protocol=17 | dir=out | app=system |
"{F55830D4-B722-46FB-898A-7C67A91D488B}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01210C24-D26E-43C0-A1FD-FED7BAE079D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7BA64574-2441-4279-BA5C-FF533A869536}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E0AC2C3-5B40-4F7B-8781-2845EBE7E7C2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8D477B6E-2952-4EA8-A937-9723CF13392B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64
"{74E85F31-573F-45BF-8939-4D2BCDCC2083}" = LEGO MINDSTORMS NXT Driver for x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10D4BC5F-F73E-4CD1-A7C2-DF215307A811}" = ZoneAlarm Firewall
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2756F572-C383-4A2E-B1F6-7315E6DA308A}" = ZoneAlarm Security
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{36415915-0B92-4F82-A240-42D3C14304F0}" = Driver Mender
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{611ED207-22E5-4543-B9D3-E73096759A4F}" = LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}" = LEGO MINDSTORMS NXT Software v2.0
"{CB5F6422-502E-477C-B31D-25ECE8F829E6}" = Garmin ANT Agent
"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{DA15069B-7DD3-445B-8488-E46A38CCF939}" = ZoneAlarm Antivirus
"{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FarmingSimulator2011_CEDE_is1" = Landwirtschafts Simulator 2011
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Video Converter" = Free Video Converter
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Modelleisenbahn-Simulator_is1" = ModelleisenbahnSimulator
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"Müller Foto" = Müller Foto
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Norton PC Checkup
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Ravensburger tiptoi" = Ravensburger tiptoi
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Stellarium_is1" = Stellarium 0.11.4
"WinRail 11.0 Demo" = WinRail 11.0 Demo
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3516118728-1142162036-4191355624-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.12.2012 05:40:17 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.12.2012 14:33:22 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 04:53:06 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 04:58:00 | Computer Name = Snoopy-PC | Source = Application Hang | ID = 1002
Description = Programm avnotify.exe, Version 12.3.0.34 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 112c Startzeit:
01cde41010da2225 Endzeit: 14 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
Desktop\avnotify.exe Berichts-ID: 6266883c-5003-11e2-ad28-001bb9e2cfda
Error - 27.12.2012 06:03:48 | Computer Name = Snoopy-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7a4 Startzeit:
01cde418b88e9534 Endzeit: 159 Anwendungspfad: C:\Users\Snoopy\Downloads\OTL.exe Berichts-ID:
Error - 27.12.2012 07:13:38 | Computer Name = Snoopy-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\WinZip\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\WinZip\adxloader.dll.Manifest" in Zeile 2. Das Stammelement
der Manifestdatei muss assembliert sein.
Error - 27.12.2012 07:47:00 | Computer Name = Snoopy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0x1090 Startzeit der fehlerhaften Anwendung: 0x01cde42693da5724 Pfad der
fehlerhaften Anwendung: C:\Users\Snoopy\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 1f7a6cbb-501b-11e2-ad28-001bb9e2cfda
Error - 27.12.2012 08:51:20 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 08:55:57 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 09:02:49 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.12.2012 08:50:17 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HOSTS Anti-PUPs erreicht.
Error - 27.12.2012 08:50:17 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 27.12.2012 08:53:04 | Computer Name = Snoopy-PC | Source = HTTP | ID = 15016
Description =
Error - 27.12.2012 08:53:04 | Computer Name = Snoopy-PC | Source = HTTP | ID = 15016
Description =
Error - 27.12.2012 08:53:04 | Computer Name = Snoopy-PC | Source = HTTP | ID = 15016
Description =
Error - 27.12.2012 08:53:04 | Computer Name = Snoopy-PC | Source = HTTP | ID = 15016
Description =
Error - 27.12.2012 08:54:55 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HOSTS Anti-PUPs erreicht.
Error - 27.12.2012 08:54:55 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 27.12.2012 09:01:18 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HOSTS Anti-PUPs erreicht.
Error - 27.12.2012 09:01:18 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 27.12.2012 14:06:14 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snoopy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,69% Memory free
4,00 Gb Paging File | 2,28 Gb Available in Paging File | 57,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 127,99 Gb Total Space | 60,52 Gb Free Space | 47,28% Space Free | Partition Type: NTFS
Drive D: | 25,39 Gb Total Space | 20,29 Gb Free Space | 79,88% Space Free | Partition Type: NTFS
Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A3B62B-4FEA-4947-8CB3-0536E20FB1DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A25EB5E-501E-4CE7-9FF8-E7A97EFF8818}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2E2D71C1-B0A3-4B32-815C-F7291D1CAF04}" = lport=139 | protocol=6 | dir=in | app=system |
"{30A494E4-16B0-4541-B597-E753787701E7}" = rport=138 | protocol=17 | dir=out | app=system |
"{41CEF77C-C4DE-4B35-BD16-E6723BBFA6C9}" = lport=137 | protocol=17 | dir=in | app=system |
"{5DD73BC2-D890-4388-B92A-552051FC7B9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D72B528-7CB0-4ADB-8FAF-43B3BB322CA8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D7B144F-D917-4533-BD1D-E93F08CAD563}" = lport=138 | protocol=17 | dir=in | app=system |
"{9D64C1D0-EAF2-4D24-9CA2-EB11E13870CA}" = rport=139 | protocol=6 | dir=out | app=system |
"{C71D6309-DF29-4C39-824E-7B37403B57C4}" = lport=445 | protocol=6 | dir=in | app=system |
"{EE5FD945-5AB6-4CC6-A8B2-05DD27B7D699}" = rport=137 | protocol=17 | dir=out | app=system |
"{F55830D4-B722-46FB-898A-7C67A91D488B}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01210C24-D26E-43C0-A1FD-FED7BAE079D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7BA64574-2441-4279-BA5C-FF533A869536}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E0AC2C3-5B40-4F7B-8781-2845EBE7E7C2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8D477B6E-2952-4EA8-A937-9723CF13392B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64
"{74E85F31-573F-45BF-8939-4D2BCDCC2083}" = LEGO MINDSTORMS NXT Driver for x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10D4BC5F-F73E-4CD1-A7C2-DF215307A811}" = ZoneAlarm Firewall
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2756F572-C383-4A2E-B1F6-7315E6DA308A}" = ZoneAlarm Security
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{36415915-0B92-4F82-A240-42D3C14304F0}" = Driver Mender
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{611ED207-22E5-4543-B9D3-E73096759A4F}" = LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}" = LEGO MINDSTORMS NXT Software v2.0
"{CB5F6422-502E-477C-B31D-25ECE8F829E6}" = Garmin ANT Agent
"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{DA15069B-7DD3-445B-8488-E46A38CCF939}" = ZoneAlarm Antivirus
"{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FarmingSimulator2011_CEDE_is1" = Landwirtschafts Simulator 2011
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Video Converter" = Free Video Converter
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Modelleisenbahn-Simulator_is1" = ModelleisenbahnSimulator
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"Müller Foto" = Müller Foto
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Norton PC Checkup
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Ravensburger tiptoi" = Ravensburger tiptoi
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Stellarium_is1" = Stellarium 0.11.4
"WinRail 11.0 Demo" = WinRail 11.0 Demo
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3516118728-1142162036-4191355624-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.12.2012 05:40:17 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.12.2012 14:33:22 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 04:53:06 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 04:58:00 | Computer Name = Snoopy-PC | Source = Application Hang | ID = 1002
Description = Programm avnotify.exe, Version 12.3.0.34 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 112c Startzeit:
01cde41010da2225 Endzeit: 14 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
Desktop\avnotify.exe Berichts-ID: 6266883c-5003-11e2-ad28-001bb9e2cfda
Error - 27.12.2012 06:03:48 | Computer Name = Snoopy-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7a4 Startzeit:
01cde418b88e9534 Endzeit: 159 Anwendungspfad: C:\Users\Snoopy\Downloads\OTL.exe Berichts-ID:
Error - 27.12.2012 07:13:38 | Computer Name = Snoopy-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\WinZip\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\WinZip\adxloader.dll.Manifest" in Zeile 2. Das Stammelement
der Manifestdatei muss assembliert sein.
Error - 27.12.2012 07:47:00 | Computer Name = Snoopy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0x1090 Startzeit der fehlerhaften Anwendung: 0x01cde42693da5724 Pfad der
fehlerhaften Anwendung: C:\Users\Snoopy\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 1f7a6cbb-501b-11e2-ad28-001bb9e2cfda
Error - 27.12.2012 08:51:20 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 08:55:57 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 09:02:49 | Computer Name = Snoopy-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.12.2012 08:50:17 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HOSTS Anti-PUPs erreicht.
Error - 27.12.2012 08:50:17 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 27.12.2012 08:53:04 | Computer Name = Snoopy-PC | Source = HTTP | ID = 15016
Description =
Error - 27.12.2012 08:53:04 | Computer Name = Snoopy-PC | Source = HTTP | ID = 15016
Description =
Error - 27.12.2012 08:53:04 | Computer Name = Snoopy-PC | Source = HTTP | ID = 15016
Description =
Error - 27.12.2012 08:53:04 | Computer Name = Snoopy-PC | Source = HTTP | ID = 15016
Description =
Error - 27.12.2012 08:54:55 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HOSTS Anti-PUPs erreicht.
Error - 27.12.2012 08:54:55 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 27.12.2012 09:01:18 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HOSTS Anti-PUPs erreicht.
Error - 27.12.2012 09:01:18 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
< End of report >
|
|
27.12.2012, 14:24
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Datei chatzum_nt.exe unter c:\ gefundenFixen mit OTL
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzum.com/?q={searchTerms}
:Files
C:\Users\Snoopy\Desktop\MBR.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2012, 14:33
| #15 |
| | Datei chatzum_nt.exe unter c:\ gefundenCode:
ATTFilter All processes killed
Error: Unable to interpret <:OTL IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} :Files C:\Users\Snoopy\Desktop\MBR.dat ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 12272012_142749
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu Datei chatzum_nt.exe unter c:\ gefunden |
| datei, datei gelöscht, deinstalliere, deinstallieren, entdeck, feststellen, gefunde, gelöscht, google, gängige, heute, hoffe, inter, interne, internet, scan, scanner, stelle, systems, systemsteuerung, versuch, versucht, virus, windows, windows 7, zufällig |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
