Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win32/Small.CA-Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.12.2012, 18:32   #1
flicka184
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hallo,
ich habe ein Problem. Gestern war ich in einem Forum und habe einen Link zu einem Programm gesendet bekommen, was ich auch leider runtergeladen habe. Als ich es ausführen wollte kam die Meldung, dass ich kein passendes Programm hierfür habe.

Nun habe ich von meinem PC, welcher durch Sophos geschützt ist, die Meldung bekommen, dass ich den Win32/Small.CA-Virus habe.

Ich habe das OTL ausgeführt und das Malwarebytes.

Alles habe ich als Anhang hinzugefügt.

Um schnelle Hilfe würde ich mich sehr doll freuen!!
Angehängte Dateien
Dateityp: txt MBAM-log-2012-12-28 (18-23-59).txt (2,7 KB, 158x aufgerufen)
Dateityp: txt Extras.Txt (85,3 KB, 157x aufgerufen)

Alt 28.12.2012, 19:53   #2
markusg
/// Malware-holic
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi
und die Sophos Fundmeldung bzw deren Pfadangabe sollen wir erraten?
Poste die mal bitte :-)
sende mir den Link den du bekommen hast, als private Nachicht.
__________________

__________________

Alt 28.12.2012, 20:17   #3
flicka184
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Die Sophos Meldung war, dass dieser Virus entfernt werden soll, mehr leider nicht. Ich habe eben noch ein Microsoft Programm durchlaufen lassen, das allerdings keinen Virus mehr gefunden hat.

Die Nachricht schicke ich!

Die Meldung ist seit kurzem verschwunden, dass ich einen Virus habe. Warum weiß ich nicht..
__________________

Alt 28.12.2012, 20:42   #4
markusg
/// Malware-holic
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi
die Nachicht hätte dich schon stutzig machen sollen.
1. sieht man doch wer teammitglied ist und wer nicht.
2. hat doch das Forum eine Passwort vergessen abfrage, warum sollte man da also ein tool benötigen.

wurde der Nutzer denn wenigstens gesperrt?
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.12.2012, 20:47   #5
flicka184
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Okay, das habe ich schon gemacht.
Hier einmal der Text von Extras.TxtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.12.2012 16:28:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Imke\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 33,50% Memory free
7,58 Gb Paging File | 4,58 Gb Available in Paging File | 60,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 125,03 Gb Total Space | 43,76 Gb Free Space | 35,00% Space Free | Partition Type: NTFS
Drive D: | 148,06 Gb Total Space | 64,60 Gb Free Space | 43,63% Space Free | Partition Type: NTFS
 
Computer Name: IMKE-PC | User Name: Imke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [open] -- "C:\Program Files (x86)\xplorer2_lite\xplorer2_lite.exe" /M "%1" (ZabKat)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [open] -- "C:\Program Files (x86)\xplorer2_lite\xplorer2_lite.exe" /M "%1" (ZabKat)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0590C064-83BC-45E0-9F27-D332BCF0FD03}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0C5AAB93-3EE7-4A35-BB8E-7135283D55E3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0FB2ED28-3F28-4975-ADB1-F68B09EE410D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{232B4FB0-3546-4F77-A860-4BE3560DF11A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{26A4AA40-6147-496C-94DA-73A13D01BBBC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{68AB2996-67F5-4BF8-92E8-3C99176E3386}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{71BAC30E-9516-4815-B6E6-6347D09C68CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{72602466-F1B8-4115-96F6-1D30420CD6F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{76D3A6FD-3015-4751-B86B-144E4C8372A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{79337EE8-9CBB-44DB-B7FF-C2E2881EABB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7F4BEE18-0228-4866-BEAD-D3A6625654D7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8156F4B0-1D6C-4FFB-B0D9-F3D6649862EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{93EF03F9-DF29-4A84-B152-31D912BB3425}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A04C9F55-7AF1-4A76-9815-3B69EAA3883C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A2C3D190-3413-4DF9-A483-92575533948E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A6E8A87D-DD60-4A0C-A933-762CB5915D63}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A700938C-BE2C-4E1A-AFA0-1E6860BBB543}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{B636125F-47A5-4AF5-AD1E-0BD51C94E9D5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C3985158-EC84-44DF-93AA-94A4E8BC383F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CB4D1FD3-3F9D-4D34-943B-EC0C7E6FAF62}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E0639F82-5FDA-421D-AA68-8AA143DDA96B}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0795BD24-C1AB-4DAC-8BE5-B12169F28290}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{08E04761-A639-4E1E-AA18-3E07504BF58B}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe | 
"{0E5622B7-009A-49CC-B89C-0440DB0FFE5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1350C094-51BD-48B0-ACDE-4AD9603762DC}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe | 
"{1B7B2114-6EB0-451F-AFA8-5A5895324EC4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1BF08248-67A7-4816-AF4F-BAD48890E604}" = protocol=6 | dir=out | app=system | 
"{21282405-6E99-428C-8FB7-C98A793AD65C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3513C2BF-F5A4-459B-BB86-F7D0A7ED09D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F56C49D-7335-4C5F-8196-0E1AC81669F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4886E7F1-87A9-4FD1-B5FA-C3E1FF681AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{49AEBC35-F859-4836-947C-7F25C2251FE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5079F665-110C-4B89-A1AF-8172F0864299}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{50CE5331-EAF7-4D10-9081-3F25CB77AB14}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{52F61FEE-1B24-4E72-9835-617ECA0A7BEF}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{67FE8BC7-7BB6-40DC-928A-7E7DAC711BD1}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{75DA1C06-EBBD-4DA9-AE93-80646377BFE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8247FB2F-CAF1-4A3F-93C5-B9561A7BC4A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{9047F1BD-9C53-4259-8B59-058088160294}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{99024851-D602-4CEA-8E4E-3DDF405755CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B2F341C-29DE-4131-A9F6-84117D3AC9A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AD0F9BA6-B7FD-42CD-9431-BC27CAE26967}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BAA55C87-DCE4-4AAF-90AA-2701FC35BDEC}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe | 
"{BF0991E0-C7B0-48A8-AD79-7E63DA654910}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C5BFCFD2-20A4-4249-AEC2-9093E53FB63D}" = dir=in | app=c:\users\imke\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{C8D3E9D5-48D7-4E83-AE4E-0CC91DD622A9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CCAD5A7D-FABD-4EE3-886C-C3EA4B3C7C96}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D5B6D818-1939-4E1F-8E14-4254EA857E28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D791979B-D2F8-4B1E-A74E-D7E8993AE8A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4D8B10B-8D4F-4C98-8326-3D35AED81E92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EA5014DD-3DF9-49BF-9F32-0E92609706D7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F1898793-B62D-4F46-8DA0-3221F58E581A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F73C4862-BFEA-4D71-864E-BB862DEB3F79}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F91E2F7A-4413-4DD4-87E1-1A8FCBAEFD26}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe | 
"TCP Query User{6F5C5801-F474-49AC-9818-7418301C375A}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{FA1D1753-D9A0-4EA2-8D78-8AD7E59403C3}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{2E40D42C-C142-4381-BDA9-6B9063796932}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{4DDB3BBC-F7DF-442F-A597-F1062E54AC56}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200" = Canon iP4200
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{455804F2-70A9-46BD-BEB8-957000EC20D4}" = SolidWorks eDrawings 2011 x64 Edition SP02
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F113377-0BA1-4552-9ABB-9BF220FAF132}" = SolidWorks 2011 x64 Edition SP02
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7492BCA7-9F62-4265-A727-DC26A9E3DF10}" = Oracle VM VirtualBox 4.1.12
"{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F8689D5-36FE-4BA3-AE55-6D68DE45A2B5}" = SolidWorks Flow Simulation 2011 SP02 x64 Edition 
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{CEF0C5DA-21C5-4FA7-AD05-5D21C525543C}" = SolidWorks 2011 x64 German Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3671EC4B-1A7B-4EB7-A47B-7E70020C7058}" = MatchWare MindView 4.0
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{45B3A3BD-F90D-48FE-A147-D74878A51031}" = Nero 7 Essentials
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5172E572-C175-4F80-A6D5-5CB45826AD61}" = SceneSwitch
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Asus_PSeries_Screensaver" = Asus_PSeries_Screensaver
"Auto Update Service" = Canon Auto Update Service
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Corel Applications" = Corel Applications
"FixFoto_is1" = FixFoto 3.30
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"ManyCam" = ManyCam 2.6.65 (remove only)
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"PRJPRO" = Microsoft Office Project Professional 2007
"SolidWorks Installation Manager 20110-40200-1100-100" = SolidWorks 2011 x64 Edition SP02
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VirtualCloneDrive" = VirtualCloneDrive
"Webcam Spy_is1" = Webcam Spy v2.1
"WinLiveSuite" = Windows Live Essentials
"xplorer2l" = xplorer² lite 32 bit
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.11.2012 17:36:04 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.11.2012 17:36:04 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1311
 
Error - 15.11.2012 17:36:04 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1311
 
Error - 16.11.2012 02:26:53 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.11.2012 02:26:54 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31850615
 
Error - 16.11.2012 02:26:54 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31850615
 
Error - 16.11.2012 08:17:05 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.11.2012 08:17:05 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19942263
 
Error - 16.11.2012 08:17:05 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19942263
 
Error - 16.11.2012 08:51:06 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.11.2012 08:51:06 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2777
 
Error - 16.11.2012 08:51:06 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2777
 
Error - 16.11.2012 11:53:13 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.11.2012 11:53:13 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10929758
 
Error - 16.11.2012 11:53:13 | Computer Name = Imke-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10929758
 
[ System Events ]
Error - 08.11.2012 16:23:21 | Computer Name = Imke-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11.11.2012 14:03:28 | Computer Name = Imke-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 17.11.2012 15:17:46 | Computer Name = Imke-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 17.11.2012 15:18:16 | Computer Name = Imke-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.11.2012 14:01:28 | Computer Name = Imke-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 19.11.2012 17:14:40 | Computer Name = Imke-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 19.11.2012 17:45:52 | Computer Name = Imke-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 25.11.2012 15:50:27 | Computer Name = Imke-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 28.11.2012 04:21:25 | Computer Name = Imke-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.12.2012 16:21:43 | Computer Name = Imke-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >
         
--- --- ---


Und er Text von OTL.TxtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.12.2012 16:28:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Imke\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 33,50% Memory free
7,58 Gb Paging File | 4,58 Gb Available in Paging File | 60,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 125,03 Gb Total Space | 43,76 Gb Free Space | 35,00% Space Free | Partition Type: NTFS
Drive D: | 148,06 Gb Total Space | 64,60 Gb Free Space | 43,63% Space Free | Partition Type: NTFS
 
Computer Name: IMKE-PC | User Name: Imke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.28 16:27:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Imke\Desktop\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.07 21:31:41 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.17 12:57:45 | 002,863,168 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012.09.17 12:57:32 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.08.14 18:52:55 | 000,900,160 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2012.08.14 18:52:53 | 000,232,512 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012.07.08 17:06:11 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012.07.08 12:51:07 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.05.09 17:29:40 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.19 02:43:59 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.04.22 09:11:30 | 000,699,776 | ---- | M] (ZabKat) -- C:\Program Files (x86)\xplorer2_lite\xplorer2_lite.exe
PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.09.23 15:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.19 20:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 20:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.01 03:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.07 21:31:39 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.07.08 17:06:11 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.09.23 15:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.11.29 16:06:08 | 000,037,216 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2012.04.02 15:39:11 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.01.08 07:17:46 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2010.12.01 16:34:36 | 000,110,344 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2011)
SRV:64bit: - [2010.09.30 18:50:30 | 000,377,264 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.07 21:31:39 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.29 16:06:12 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.11.29 16:06:08 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.09.17 12:57:45 | 002,863,168 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.09.17 12:57:32 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.08.14 18:52:53 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.08.14 18:51:31 | 002,009,152 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.08 12:51:07 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.05.09 17:29:40 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.04.02 15:39:11 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.10.01 03:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.09 17:29:21 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.09 18:26:56 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.29 08:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011.05.24 02:17:08 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 07:55:52 | 000,135,184 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 10:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.08 12:39:32 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.07.14 07:17:28 | 000,735,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.06.08 03:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.28 17:59:32 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
DRV:64bit: - [2010.03.02 20:34:09 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2010.03.02 09:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.02.27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.20 03:41:38 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.08.18 09:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.07.21 22:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.18 20:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 17:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2006.12.12 01:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine &#45; Better Web Search
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{1451B931-0588-46F8-9D11-F905DD5DC4D5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=2a77d693-a633-49a3-a9fb-35545ffb6006&apn_sauid=A8161FCA-DD7B-4D39-A651-4AD31C4EBBB1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=102869&gct=hp"
FF - prefs.js..extensions.enabledAddons: %7Bd49175b3-3fd8-43b8-b28e-da5d47f3c398%7D:1.0.45
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF_Exchange_Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF_Exchange_Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF_Exchange_Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Imke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Imke\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.22 15:08:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.22 15:08:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.22 15:08:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.22 15:08:32 | 000,000,000 | ---D | M]
 
[2011.09.15 13:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Imke\AppData\Roaming\mozilla\Extensions
[2012.12.11 14:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Imke\AppData\Roaming\mozilla\Firefox\Profiles\ylnjzub2.default\extensions
[2012.11.22 17:46:16 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Imke\AppData\Roaming\mozilla\Firefox\Profiles\ylnjzub2.default\extensions\toolbar@ask.com
[2012.12.11 14:10:47 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Imke\AppData\Roaming\mozilla\firefox\profiles\ylnjzub2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.24 15:22:44 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Imke\AppData\Roaming\mozilla\firefox\profiles\ylnjzub2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.06 15:42:56 | 000,395,927 | ---- | M] () (No name found) -- C:\Users\Imke\AppData\Roaming\mozilla\firefox\profiles\ylnjzub2.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2012.11.22 17:46:16 | 000,002,328 | ---- | M] () -- C:\Users\Imke\AppData\Roaming\mozilla\firefox\profiles\ylnjzub2.default\searchplugins\askcom.xml
[2012.12.07 21:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.07 21:31:41 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.12.07 21:31:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.07 21:31:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.12.07 21:31:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.07 21:31:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.07 21:31:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.07 21:31:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Imke\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Imke\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Imke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Imke\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Imke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FAA14E6-2068-4399-8AD7-69D6B34432CA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{851FEA2C-3619-4B87-BC78-88A3A98712E8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2183a237-f56a-11e0-bab9-14dae9bd87bc}\Shell - "" = AutoRun
O33 - MountPoints2\{2183a237-f56a-11e0-bab9-14dae9bd87bc}\Shell\AutoRun\command - "" = F:\VFPcAssistant.exe
O33 - MountPoints2\{2183a23b-f56a-11e0-bab9-14dae9bd87bc}\Shell - "" = AutoRun
O33 - MountPoints2\{2183a23b-f56a-11e0-bab9-14dae9bd87bc}\Shell\AutoRun\command - "" = F:\VFPcAssistant.exe
O33 - MountPoints2\{4f1147ed-6e94-11e1-a62e-14dae9bd87bc}\Shell - "" = AutoRun
O33 - MountPoints2\{4f1147ed-6e94-11e1-a62e-14dae9bd87bc}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{4f1147ed-6e94-11e1-a62e-14dae9bd87bc}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{4f1147ed-6e94-11e1-a62e-14dae9bd87bc}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f9606fbf-f94c-11e0-a602-14dae9bd87bc}\Shell - "" = AutoRun
O33 - MountPoints2\{f9606fbf-f94c-11e0-a602-14dae9bd87bc}\Shell\AutoRun\command - "" = F:\VFPcAssistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.28 16:27:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Imke\Desktop\OTL.exe
[2012.12.28 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\Imke\AppData\Roaming\Malwarebytes
[2012.12.28 16:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.28 16:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.28 16:02:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.28 16:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.28 16:01:42 | 000,000,000 | ---D | C] -- C:\Users\Imke\AppData\Local\Programs
[2012.12.27 20:10:31 | 000,037,216 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.12.27 20:10:30 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.12.27 20:09:03 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.12.27 20:09:01 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.12.27 20:09:00 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.12.27 20:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.12.27 20:08:25 | 000,000,000 | ---D | C] -- C:\Users\Imke\AppData\Roaming\TuneUp Software
[2012.12.27 20:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2012.12.27 20:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.27 20:07:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.27 20:07:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.22 15:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.22 15:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.22 15:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.22 15:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.22 15:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.12.22 15:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.12.17 21:13:43 | 000,000,000 | ---D | C] -- C:\Users\Imke\AppData\Local\{1E5DCD80-7C7D-4D25-9B98-9CAB838B0AED}
[2012.12.09 19:22:22 | 000,000,000 | ---D | C] -- C:\Users\Imke\Documents\Bewerbungssachen
[2012.12.08 14:51:30 | 000,054,272 | ---- | C] (CANON INC.) -- C:\Users\Imke\cnmss Canon iP4200 (Local).dll
[2012.12.07 21:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.05 21:50:47 | 000,000,000 | ---D | C] -- C:\Users\Imke\Documents\Seminararbeit 3Semester
[2008.08.12 05:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.28 16:27:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Imke\Desktop\OTL.exe
[2012.12.28 16:25:51 | 000,000,000 | ---- | M] () -- C:\Users\Imke\defogger_reenable
[2012.12.28 16:25:08 | 000,050,477 | ---- | M] () -- C:\Users\Imke\Desktop\Defogger.exe
[2012.12.28 16:23:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.28 16:02:09 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.28 15:47:39 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000377266-435814385-2352994681-1000Core.job
[2012.12.28 15:40:39 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2000377266-435814385-2352994681-1000UA.job
[2012.12.28 15:40:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.27 20:08:57 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.12.27 20:08:57 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.12.27 18:40:27 | 000,001,858 | ---- | M] () -- C:\Users\Imke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP4200.lnk
[2012.12.27 18:10:30 | 797,256,996 | ---- | M] () -- C:\Users\Imke\Documents\logistik.tif
[2012.12.27 18:05:55 | 000,014,603 | ---- | M] () -- C:\Users\Imke\Documents\04_05_Logistik_I_Teil_4_Prozesse_Fallstudie.pdf
[2012.12.27 13:31:45 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.23 22:28:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 22:28:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 22:21:25 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.12.23 22:20:32 | 000,354,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.23 22:20:03 | 3054,735,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.22 15:14:08 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.22 15:08:22 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.12.21 10:17:07 | 001,531,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.21 10:17:07 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.21 10:17:07 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.21 10:17:07 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.21 10:17:07 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.15 17:22:52 | 000,018,949 | ---- | M] () -- C:\Users\Imke\Documents\Prüfungsplan.pdf
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.05 22:24:29 | 000,021,813 | ---- | M] () -- C:\Users\Imke\Documents\Lebenslauf (Hebamme Klinik).odt
[2012.11.29 16:06:14 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.11.29 16:06:08 | 000,037,216 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.11.29 16:06:08 | 000,029,536 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.11.29 16:06:08 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.11.29 16:06:08 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.28 16:25:51 | 000,000,000 | ---- | C] () -- C:\Users\Imke\defogger_reenable
[2012.12.28 16:24:59 | 000,050,477 | ---- | C] () -- C:\Users\Imke\Desktop\Defogger.exe
[2012.12.28 16:02:09 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.27 20:08:57 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.12.27 20:08:57 | 000,002,191 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.12.27 20:08:55 | 000,002,203 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.12.27 18:06:59 | 797,256,996 | ---- | C] () -- C:\Users\Imke\Documents\logistik.tif
[2012.12.27 18:05:53 | 000,014,603 | ---- | C] () -- C:\Users\Imke\Documents\04_05_Logistik_I_Teil_4_Prozesse_Fallstudie.pdf
[2012.12.22 15:14:08 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.22 15:08:22 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.12.15 17:22:42 | 000,018,949 | ---- | C] () -- C:\Users\Imke\Documents\Prüfungsplan.pdf
[2012.12.05 21:47:28 | 000,021,813 | ---- | C] () -- C:\Users\Imke\Documents\Lebenslauf (Hebamme Klinik).odt
[2012.12.01 14:40:32 | 000,001,858 | ---- | C] () -- C:\Users\Imke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP4200.lnk
[2012.10.03 18:29:11 | 000,002,210 | ---- | C] () -- C:\Users\Imke\AppData\Local\recently-used.xbel
[2012.07.08 19:00:00 | 000,000,000 | ---- | C] () -- C:\Users\Imke\AppData\Local\Temptable.xml
[2012.05.16 19:29:18 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2012.05.16 19:29:16 | 000,112,688 | ---- | C] () -- C:\Windows\SysWow64\shw32.dll
[2012.04.02 15:59:20 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012.02.05 18:27:48 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012.01.22 11:05:23 | 001,557,708 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.11 13:26:13 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.10.11 13:26:13 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.06.08 03:51:18 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.06.08 03:51:18 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.06.08 03:51:18 | 000,105,428 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.06.08 03:51:11 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.04.08 18:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.05.22 16:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.11.08 13:53:30 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\ASUS WebStorage
[2012.09.12 17:39:59 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\Canon
[2011.11.30 18:49:59 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2012.04.02 15:56:14 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\DassaultSystemes
[2012.10.05 15:49:30 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\DVDVideoSoft
[2012.09.14 18:23:08 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.14 21:18:40 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\e-academy Inc
[2012.02.05 18:29:00 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\FreeAudioPack
[2012.01.30 18:26:37 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\ManyCam
[2011.09.18 12:41:16 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\OpenOffice.org
[2012.09.28 19:46:03 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\PhotoScape
[2012.12.23 19:43:17 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\SoftGrid Client
[2011.09.18 13:21:55 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\Thunderbird
[2012.01.22 11:06:36 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\TP
[2012.12.27 20:08:25 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\TuneUp Software
[2011.09.16 06:58:05 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:A5B56640

< End of report >
         
--- --- ---


Alt 28.12.2012, 20:49   #6
flicka184
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Ja, die Nachricht hätte mich stutzig machen sollen. Nur ich war leider so naiv sie zu öffnen.. sie schien mir so richtig geschrieben...

Alt 03.01.2013, 17:01   #7
markusg
/// Malware-holic
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



gesundes neues.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 18:34   #8
flicka184
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Das ist bei rausgekommen:
18:33:03.0726 3880 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:33:03.0996 3880 ============================================================
18:33:03.0996 3880 Current date / time: 2013/01/03 18:33:03.0996
18:33:03.0996 3880 SystemInfo:
18:33:03.0996 3880
18:33:03.0996 3880 OS Version: 6.1.7601 ServicePack: 1.0
18:33:03.0996 3880 Product type: Workstation
18:33:03.0996 3880 ComputerName: IMKE-PC
18:33:03.0996 3880 UserName: Imke
18:33:03.0996 3880 Windows directory: C:\Windows
18:33:03.0996 3880 System windows directory: C:\Windows
18:33:03.0996 3880 Running under WOW64
18:33:03.0996 3880 Processor architecture: Intel x64
18:33:03.0996 3880 Number of processors: 4
18:33:03.0996 3880 Page size: 0x1000
18:33:03.0996 3880 Boot type: Normal boot
18:33:03.0996 3880 ============================================================
18:33:05.0386 3880 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:33:05.0406 3880 ============================================================
18:33:05.0406 3880 \Device\Harddisk0\DR0:
18:33:05.0406 3880 MBR partitions:
18:33:05.0406 3880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xFA0E000
18:33:05.0436 3880 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12C0F000, BlocksNum 0x1281F000
18:33:05.0436 3880 ============================================================
18:33:05.0466 3880 C: <-> \Device\Harddisk0\DR0\Partition1
18:33:05.0516 3880 D: <-> \Device\Harddisk0\DR0\Partition2
18:33:05.0516 3880 ============================================================
18:33:05.0516 3880 Initialize success
18:33:05.0516 3880 ============================================================
18:33:12.0377 6016 ============================================================
18:33:12.0377 6016 Scan started
18:33:12.0377 6016 Mode: Manual; SigCheck; TDLFS;
18:33:12.0377 6016 ============================================================
18:33:13.0037 6016 ================ Scan system memory ========================
18:33:13.0037 6016 System memory - ok
18:33:13.0037 6016 ================ Scan services =============================
18:33:13.0218 6016 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:33:13.0358 6016 1394ohci - ok
18:33:13.0398 6016 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:33:13.0428 6016 ACPI - ok
18:33:13.0448 6016 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:33:13.0478 6016 AcpiPmi - ok
18:33:13.0518 6016 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:33:13.0558 6016 adp94xx - ok
18:33:13.0578 6016 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:33:13.0608 6016 adpahci - ok
18:33:13.0658 6016 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:33:13.0688 6016 adpu320 - ok
18:33:13.0718 6016 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:33:13.0808 6016 AeLookupSvc - ok
18:33:13.0888 6016 [ 17AA5993C61425F8428F2FEC491C3E67 ] AFBAgent C:\Windows\system32\FBAgent.exe
18:33:13.0928 6016 AFBAgent ( UnsignedFile.Multi.Generic ) - warning
18:33:13.0928 6016 AFBAgent - detected UnsignedFile.Multi.Generic (1)
18:33:13.0988 6016 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:33:14.0038 6016 AFD - ok
18:33:14.0118 6016 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:33:14.0168 6016 agp440 - ok
18:33:14.0198 6016 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:33:14.0228 6016 ALG - ok
18:33:14.0288 6016 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:33:14.0318 6016 aliide - ok
18:33:14.0318 6016 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:33:14.0348 6016 amdide - ok
18:33:14.0358 6016 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:33:14.0398 6016 AmdK8 - ok
18:33:14.0408 6016 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:33:14.0438 6016 AmdPPM - ok
18:33:14.0528 6016 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:33:14.0558 6016 amdsata - ok
18:33:14.0578 6016 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:33:14.0608 6016 amdsbs - ok
18:33:14.0628 6016 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:33:14.0648 6016 amdxata - ok
18:33:14.0688 6016 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:33:14.0778 6016 AppID - ok
18:33:14.0798 6016 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:33:14.0878 6016 AppIDSvc - ok
18:33:14.0908 6016 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:33:14.0998 6016 Appinfo - ok
18:33:15.0089 6016 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:33:15.0109 6016 Apple Mobile Device - ok
18:33:15.0129 6016 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:33:15.0149 6016 arc - ok
18:33:15.0169 6016 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:33:15.0189 6016 arcsas - ok
18:33:15.0259 6016 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
18:33:15.0299 6016 ASLDRService - ok
18:33:15.0349 6016 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:33:15.0379 6016 ASMMAP64 - ok
18:33:15.0429 6016 [ A7E7AE771A2FCDBD5F28910A38D9A82C ] assd C:\Windows\system32\drivers\assd.sys
18:33:15.0449 6016 assd - ok
18:33:15.0479 6016 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:15.0579 6016 AsyncMac - ok
18:33:15.0619 6016 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:33:15.0639 6016 atapi - ok
18:33:15.0699 6016 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:33:15.0779 6016 athr - ok
18:33:15.0799 6016 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:33:15.0819 6016 ATKGFNEXSrv - ok
18:33:15.0869 6016 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:33:15.0989 6016 AudioEndpointBuilder - ok
18:33:16.0019 6016 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:33:16.0109 6016 AudioSrv - ok
18:33:16.0149 6016 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:33:16.0189 6016 AxInstSV - ok
18:33:16.0219 6016 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:33:16.0259 6016 b06bdrv - ok
18:33:16.0289 6016 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:33:16.0319 6016 b57nd60a - ok
18:33:16.0419 6016 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
18:33:16.0449 6016 BBSvc - ok
18:33:16.0479 6016 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
18:33:16.0519 6016 BBUpdate - ok
18:33:16.0539 6016 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:33:16.0569 6016 BDESVC - ok
18:33:16.0579 6016 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:33:16.0679 6016 Beep - ok
18:33:16.0719 6016 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:33:16.0829 6016 BFE - ok
18:33:16.0889 6016 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:33:16.0989 6016 BITS - ok
18:33:17.0019 6016 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:33:17.0049 6016 blbdrive - ok
18:33:17.0119 6016 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:33:17.0159 6016 Bonjour Service - ok
18:33:17.0199 6016 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:33:17.0229 6016 bowser - ok
18:33:17.0249 6016 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:33:17.0289 6016 BrFiltLo - ok
18:33:17.0299 6016 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:33:17.0329 6016 BrFiltUp - ok
18:33:17.0359 6016 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:33:17.0389 6016 Browser - ok
18:33:17.0409 6016 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:33:17.0439 6016 Brserid - ok
18:33:17.0479 6016 [ 34F6C504B150F99DAE69D7073D2A4DF4 ] BrSerIf C:\Windows\system32\DRIVERS\BrSerIf.sys
18:33:17.0509 6016 BrSerIf - ok
18:33:17.0519 6016 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:17.0549 6016 BrSerWdm - ok
18:33:17.0559 6016 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:17.0599 6016 BrUsbMdm - ok
18:33:17.0649 6016 [ 601CB966FFFEBC6806626DC8E7AA0EF2 ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
18:33:17.0669 6016 BrUsbSer - ok
18:33:17.0719 6016 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:33:17.0749 6016 BthEnum - ok
18:33:17.0749 6016 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:33:17.0789 6016 BTHMODEM - ok
18:33:17.0809 6016 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:33:17.0849 6016 BthPan - ok
18:33:17.0939 6016 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:33:17.0979 6016 BTHPORT - ok
18:33:18.0039 6016 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:33:18.0139 6016 bthserv - ok
18:33:18.0169 6016 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:33:18.0189 6016 BTHUSB - ok
18:33:18.0209 6016 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:33:18.0309 6016 cdfs - ok
18:33:18.0329 6016 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:33:18.0359 6016 cdrom - ok
18:33:18.0389 6016 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:33:18.0469 6016 CertPropSvc - ok
18:33:18.0509 6016 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:33:18.0539 6016 circlass - ok
18:33:18.0579 6016 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:33:18.0619 6016 CLFS - ok
18:33:18.0679 6016 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:18.0709 6016 clr_optimization_v2.0.50727_32 - ok
18:33:18.0769 6016 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:33:18.0789 6016 clr_optimization_v2.0.50727_64 - ok
18:33:18.0839 6016 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:33:18.0859 6016 clr_optimization_v4.0.30319_32 - ok
18:33:18.0889 6016 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:33:18.0909 6016 clr_optimization_v4.0.30319_64 - ok
18:33:18.0939 6016 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:33:18.0969 6016 CmBatt - ok
18:33:18.0999 6016 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:33:19.0029 6016 cmdide - ok
18:33:19.0069 6016 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:33:19.0119 6016 CNG - ok
18:33:19.0189 6016 [ 1D6C3F92AF23E352875438085F6AEDEE ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:33:19.0239 6016 CnxtHdAudService - ok
18:33:19.0249 6016 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:33:19.0279 6016 Compbatt - ok
18:33:19.0299 6016 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:33:19.0329 6016 CompositeBus - ok
18:33:19.0339 6016 COMSysApp - ok
18:33:19.0429 6016 [ 20C701DCBA0704E9D38829BD510CD186 ] CoordinatorServiceHost C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
18:33:19.0449 6016 CoordinatorServiceHost - ok
18:33:19.0469 6016 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:33:19.0489 6016 crcdisk - ok
18:33:19.0539 6016 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:33:19.0569 6016 CryptSvc - ok
18:33:19.0649 6016 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:33:19.0709 6016 cvhsvc - ok
18:33:19.0749 6016 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:33:19.0859 6016 DcomLaunch - ok
18:33:19.0899 6016 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:33:20.0002 6016 defragsvc - ok
18:33:20.0022 6016 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:33:20.0118 6016 DfsC - ok
18:33:20.0144 6016 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:33:20.0179 6016 Dhcp - ok
18:33:20.0201 6016 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:33:20.0299 6016 discache - ok
18:33:20.0319 6016 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:33:20.0347 6016 Disk - ok
18:33:20.0374 6016 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:33:20.0404 6016 Dnscache - ok
18:33:20.0421 6016 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:33:20.0507 6016 dot3svc - ok
18:33:20.0528 6016 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:33:20.0614 6016 DPS - ok
18:33:20.0658 6016 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:33:20.0688 6016 drmkaud - ok
18:33:20.0728 6016 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:33:20.0789 6016 DXGKrnl - ok
18:33:20.0816 6016 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:33:20.0915 6016 EapHost - ok
18:33:21.0026 6016 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:33:21.0146 6016 ebdrv - ok
18:33:21.0176 6016 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:33:21.0206 6016 EFS - ok
18:33:21.0286 6016 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:33:21.0336 6016 ehRecvr - ok
18:33:21.0346 6016 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:33:21.0386 6016 ehSched - ok
18:33:21.0436 6016 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
18:33:21.0466 6016 ElbyCDIO - ok
18:33:21.0496 6016 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:33:21.0536 6016 elxstor - ok
18:33:21.0566 6016 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:33:21.0596 6016 ErrDev - ok
18:33:21.0656 6016 [ 05B0DCDA418E297A1B4CD8D7B8ADE403 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
18:33:21.0676 6016 ETD - ok
18:33:21.0726 6016 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:33:21.0826 6016 EventSystem - ok
18:33:21.0846 6016 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:33:21.0946 6016 exfat - ok
18:33:21.0976 6016 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:33:22.0076 6016 fastfat - ok
18:33:22.0106 6016 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:33:22.0156 6016 Fax - ok
18:33:22.0176 6016 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:33:22.0206 6016 fdc - ok
18:33:22.0236 6016 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:33:22.0336 6016 fdPHost - ok
18:33:22.0366 6016 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:33:22.0476 6016 FDResPub - ok
18:33:22.0506 6016 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:33:22.0536 6016 FileInfo - ok
18:33:22.0556 6016 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:33:22.0666 6016 Filetrace - ok
18:33:22.0756 6016 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:33:22.0836 6016 FLEXnet Licensing Service 64 - ok
18:33:22.0846 6016 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:33:22.0876 6016 flpydisk - ok
18:33:22.0896 6016 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:33:22.0946 6016 FltMgr - ok
18:33:23.0006 6016 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:33:23.0056 6016 FontCache - ok
18:33:23.0107 6016 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:33:23.0127 6016 FontCache3.0.0.0 - ok
18:33:23.0147 6016 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:33:23.0177 6016 FsDepends - ok
18:33:23.0207 6016 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:33:23.0227 6016 fssfltr - ok
18:33:23.0317 6016 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:33:23.0397 6016 fsssvc - ok
18:33:23.0427 6016 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:33:23.0447 6016 Fs_Rec - ok
18:33:23.0487 6016 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:33:23.0527 6016 fvevol - ok
18:33:23.0577 6016 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:33:23.0607 6016 gagp30kx - ok
18:33:23.0637 6016 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:33:23.0657 6016 GEARAspiWDM - ok
18:33:23.0707 6016 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:33:23.0807 6016 gpsvc - ok
18:33:23.0877 6016 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:33:23.0897 6016 gupdate - ok
18:33:23.0927 6016 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:33:23.0947 6016 gupdatem - ok
18:33:23.0977 6016 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:33:23.0997 6016 gusvc - ok
18:33:24.0037 6016 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:33:24.0067 6016 hcw85cir - ok
18:33:24.0077 6016 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:33:24.0127 6016 HdAudAddService - ok
18:33:24.0147 6016 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:33:24.0187 6016 HDAudBus - ok
18:33:24.0227 6016 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:33:24.0247 6016 HECIx64 - ok
18:33:24.0257 6016 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:33:24.0287 6016 HidBatt - ok
18:33:24.0297 6016 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:33:24.0337 6016 HidBth - ok
18:33:24.0347 6016 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:33:24.0387 6016 HidIr - ok
18:33:24.0407 6016 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:33:24.0507 6016 hidserv - ok
18:33:24.0527 6016 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:33:24.0557 6016 HidUsb - ok
18:33:24.0597 6016 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:33:24.0687 6016 hkmsvc - ok
18:33:24.0707 6016 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:33:24.0737 6016 HomeGroupListener - ok
18:33:24.0767 6016 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:33:24.0797 6016 HomeGroupProvider - ok
18:33:24.0827 6016 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:33:24.0847 6016 HpSAMD - ok
18:33:24.0897 6016 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:33:24.0997 6016 HTTP - ok
18:33:25.0017 6016 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:33:25.0037 6016 hwpolicy - ok
18:33:25.0067 6016 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:33:25.0097 6016 i8042prt - ok
18:33:25.0137 6016 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:33:25.0167 6016 iaStor - ok
18:33:25.0207 6016 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:33:25.0257 6016 iaStorV - ok
18:33:25.0327 6016 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:33:25.0377 6016 idsvc - ok
18:33:25.0707 6016 [ E15A809273EA164A7479D2FA64D18988 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:33:26.0107 6016 igfx - ok
18:33:26.0267 6016 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:33:26.0297 6016 iirsp - ok
18:33:26.0337 6016 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:33:26.0457 6016 IKEEXT - ok
18:33:26.0487 6016 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:33:26.0507 6016 Impcd - ok
18:33:26.0547 6016 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:33:26.0577 6016 IntcDAud - ok
18:33:26.0597 6016 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:33:26.0617 6016 intelide - ok
18:33:26.0647 6016 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:33:26.0677 6016 intelppm - ok
18:33:26.0707 6016 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:33:26.0787 6016 IPBusEnum - ok
18:33:26.0807 6016 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:33:26.0887 6016 IpFilterDriver - ok
18:33:26.0947 6016 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:33:26.0987 6016 iphlpsvc - ok
18:33:26.0997 6016 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:33:27.0027 6016 IPMIDRV - ok
18:33:27.0037 6016 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:33:27.0137 6016 IPNAT - ok
18:33:27.0207 6016 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:33:27.0257 6016 iPod Service - ok
18:33:27.0277 6016 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:33:27.0327 6016 IRENUM - ok
18:33:27.0347 6016 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:33:27.0367 6016 isapnp - ok
18:33:27.0397 6016 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:33:27.0427 6016 iScsiPrt - ok
18:33:27.0487 6016 [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
18:33:27.0507 6016 JMCR - ok
18:33:27.0517 6016 [ 57718D15A21DC2388FA430DE27B5F440 ] JME C:\Windows\system32\DRIVERS\JME.sys
18:33:27.0547 6016 JME - ok
18:33:27.0567 6016 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:33:27.0587 6016 kbdclass - ok
18:33:27.0597 6016 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:33:27.0627 6016 kbdhid - ok
18:33:27.0637 6016 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
18:33:27.0657 6016 kbfiltr - ok
18:33:27.0677 6016 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:33:27.0697 6016 KeyIso - ok
18:33:27.0727 6016 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:33:27.0757 6016 KSecDD - ok
18:33:27.0797 6016 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:33:27.0827 6016 KSecPkg - ok
18:33:27.0847 6016 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:33:27.0937 6016 ksthunk - ok
18:33:27.0977 6016 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:33:28.0067 6016 KtmRm - ok
18:33:28.0097 6016 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
18:33:28.0128 6016 L1C - ok
18:33:28.0178 6016 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:33:28.0278 6016 LanmanServer - ok
18:33:28.0288 6016 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:33:28.0388 6016 LanmanWorkstation - ok
18:33:28.0428 6016 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:33:28.0518 6016 lltdio - ok
18:33:28.0568 6016 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:33:28.0668 6016 lltdsvc - ok
18:33:28.0698 6016 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:33:28.0788 6016 lmhosts - ok
18:33:28.0858 6016 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:33:28.0868 6016 LMS ( UnsignedFile.Multi.Generic ) - warning
18:33:28.0868 6016 LMS - detected UnsignedFile.Multi.Generic (1)
18:33:28.0918 6016 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:33:28.0948 6016 LSI_FC - ok
18:33:28.0968 6016 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:33:28.0998 6016 LSI_SAS - ok
18:33:29.0008 6016 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:33:29.0038 6016 LSI_SAS2 - ok
18:33:29.0068 6016 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:33:29.0098 6016 LSI_SCSI - ok
18:33:29.0118 6016 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:33:29.0208 6016 luafv - ok
18:33:29.0228 6016 [ 085435AE1A124361304044029B5CC644 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
18:33:29.0248 6016 lullaby - ok
18:33:29.0308 6016 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys
18:33:29.0328 6016 ManyCam - ok
18:33:29.0378 6016 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:33:29.0408 6016 MBAMProtector - ok
18:33:29.0458 6016 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:33:29.0488 6016 MBAMScheduler - ok
18:33:29.0538 6016 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:33:29.0588 6016 MBAMService - ok
18:33:29.0638 6016 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:33:29.0668 6016 Mcx2Svc - ok
18:33:29.0698 6016 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:33:29.0728 6016 megasas - ok
18:33:29.0758 6016 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:33:29.0798 6016 MegaSR - ok
18:33:29.0818 6016 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:33:29.0918 6016 MMCSS - ok
18:33:29.0938 6016 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:33:30.0028 6016 Modem - ok
18:33:30.0058 6016 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:33:30.0098 6016 monitor - ok
18:33:30.0118 6016 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:33:30.0139 6016 mouclass - ok
18:33:30.0159 6016 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:33:30.0189 6016 mouhid - ok
18:33:30.0199 6016 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:33:30.0229 6016 mountmgr - ok
18:33:30.0329 6016 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:33:30.0349 6016 MozillaMaintenance - ok
18:33:30.0379 6016 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:33:30.0409 6016 mpio - ok
18:33:30.0429 6016 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:33:30.0519 6016 mpsdrv - ok
18:33:30.0569 6016 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:33:30.0689 6016 MpsSvc - ok
18:33:30.0709 6016 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:33:30.0749 6016 MRxDAV - ok
18:33:30.0769 6016 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:30.0799 6016 mrxsmb - ok
18:33:30.0819 6016 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:30.0849 6016 mrxsmb10 - ok
18:33:30.0859 6016 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:30.0889 6016 mrxsmb20 - ok
18:33:30.0899 6016 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:33:30.0929 6016 msahci - ok
18:33:30.0939 6016 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:33:30.0969 6016 msdsm - ok
18:33:30.0989 6016 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:33:31.0019 6016 MSDTC - ok
18:33:31.0049 6016 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:33:31.0129 6016 Msfs - ok
18:33:31.0140 6016 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:33:31.0220 6016 mshidkmdf - ok
18:33:31.0220 6016 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:33:31.0250 6016 msisadrv - ok
18:33:31.0290 6016 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:33:31.0380 6016 MSiSCSI - ok
18:33:31.0390 6016 msiserver - ok
18:33:31.0420 6016 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:33:31.0500 6016 MSKSSRV - ok
18:33:31.0540 6016 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:31.0620 6016 MSPCLOCK - ok
18:33:31.0620 6016 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:33:31.0700 6016 MSPQM - ok
18:33:31.0720 6016 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:33:31.0750 6016 MsRPC - ok
18:33:31.0770 6016 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:33:31.0790 6016 mssmbios - ok
18:33:31.0800 6016 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:33:31.0870 6016 MSTEE - ok
18:33:31.0890 6016 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:33:31.0910 6016 MTConfig - ok
18:33:31.0950 6016 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
18:33:31.0960 6016 MTsensor - ok
18:33:31.0990 6016 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:33:32.0010 6016 Mup - ok
18:33:32.0050 6016 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:33:32.0140 6016 napagent - ok
18:33:32.0170 6016 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:33:32.0210 6016 NativeWifiP - ok
18:33:32.0320 6016 [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
18:33:32.0370 6016 NBService - ok
18:33:32.0420 6016 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:33:32.0480 6016 NDIS - ok
18:33:32.0500 6016 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:32.0600 6016 NdisCap - ok
18:33:32.0630 6016 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:32.0730 6016 NdisTapi - ok
18:33:32.0740 6016 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:32.0830 6016 Ndisuio - ok
18:33:32.0840 6016 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:32.0920 6016 NdisWan - ok
18:33:32.0930 6016 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:33:33.0010 6016 NDProxy - ok
18:33:33.0020 6016 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:33:33.0100 6016 NetBIOS - ok
18:33:33.0130 6016 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:33:33.0210 6016 NetBT - ok
18:33:33.0240 6016 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:33:33.0260 6016 Netlogon - ok
18:33:33.0310 6016 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:33:33.0400 6016 Netman - ok
18:33:33.0420 6016 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:33:33.0530 6016 netprofm - ok
18:33:33.0560 6016 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:33:33.0580 6016 NetTcpPortSharing - ok
18:33:33.0610 6016 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:33:33.0640 6016 nfrd960 - ok
18:33:33.0670 6016 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:33:33.0710 6016 NlaSvc - ok
18:33:33.0790 6016 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
18:33:33.0820 6016 NMIndexingService - ok
18:33:33.0840 6016 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:33:33.0930 6016 Npfs - ok
18:33:33.0960 6016 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:33:34.0050 6016 nsi - ok
18:33:34.0060 6016 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:33:34.0140 6016 nsiproxy - ok
18:33:34.0210 6016 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:33:34.0290 6016 Ntfs - ok
18:33:34.0310 6016 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:33:34.0400 6016 Null - ok
18:33:34.0440 6016 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:33:34.0470 6016 nvraid - ok
18:33:34.0490 6016 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:33:34.0520 6016 nvstor - ok
18:33:34.0550 6016 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:33:34.0580 6016 nv_agp - ok
18:33:34.0660 6016 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:33:34.0700 6016 odserv - ok
18:33:34.0710 6016 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:33:34.0740 6016 ohci1394 - ok
18:33:34.0780 6016 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:33:34.0810 6016 ose - ok
18:33:34.0960 6016 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:33:35.0201 6016 osppsvc - ok
18:33:35.0251 6016 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:33:35.0281 6016 p2pimsvc - ok
18:33:35.0301 6016 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:33:35.0341 6016 p2psvc - ok
18:33:35.0351 6016 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:33:35.0371 6016 Parport - ok
18:33:35.0401 6016 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:33:35.0431 6016 partmgr - ok
18:33:35.0441 6016 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:33:35.0491 6016 PcaSvc - ok
18:33:35.0501 6016 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:33:35.0541 6016 pci - ok
18:33:35.0541 6016 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:33:35.0571 6016 pciide - ok
18:33:35.0611 6016 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:33:35.0641 6016 pcmcia - ok
18:33:35.0661 6016 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:33:35.0691 6016 pcw - ok
18:33:35.0721 6016 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:33:35.0841 6016 PEAUTH - ok
18:33:35.0951 6016 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:33:35.0981 6016 PerfHost - ok
18:33:36.0051 6016 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:33:36.0191 6016 pla - ok
18:33:36.0241 6016 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:33:36.0281 6016 PlugPlay - ok
18:33:36.0301 6016 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:33:36.0351 6016 PNRPAutoReg - ok
18:33:36.0371 6016 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:33:36.0411 6016 PNRPsvc - ok
18:33:36.0441 6016 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:33:36.0531 6016 PolicyAgent - ok
18:33:36.0581 6016 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:33:36.0671 6016 Power - ok
18:33:36.0721 6016 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:33:36.0861 6016 PptpMiniport - ok
18:33:36.0871 6016 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:33:36.0901 6016 Processor - ok
18:33:36.0941 6016 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:33:36.0991 6016 ProfSvc - ok
18:33:37.0011 6016 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:33:37.0041 6016 ProtectedStorage - ok
18:33:37.0051 6016 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:33:37.0141 6016 Psched - ok
18:33:37.0202 6016 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:33:37.0282 6016 ql2300 - ok
18:33:37.0302 6016 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:33:37.0322 6016 ql40xx - ok
18:33:37.0362 6016 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:33:37.0402 6016 QWAVE - ok
18:33:37.0412 6016 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:33:37.0452 6016 QWAVEdrv - ok
18:33:37.0462 6016 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:33:37.0532 6016 RasAcd - ok
18:33:37.0562 6016 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:37.0622 6016 RasAgileVpn - ok
18:33:37.0632 6016 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:33:37.0702 6016 RasAuto - ok
18:33:37.0712 6016 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:37.0782 6016 Rasl2tp - ok
18:33:37.0812 6016 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:33:37.0892 6016 RasMan - ok
18:33:37.0902 6016 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:37.0972 6016 RasPppoe - ok
18:33:37.0982 6016 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:33:38.0052 6016 RasSstp - ok
18:33:38.0072 6016 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:33:38.0142 6016 rdbss - ok
18:33:38.0162 6016 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:33:38.0183 6016 rdpbus - ok
18:33:38.0233 6016 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:38.0303 6016 RDPCDD - ok
18:33:38.0313 6016 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:33:38.0383 6016 RDPENCDD - ok
18:33:38.0403 6016 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:33:38.0473 6016 RDPREFMP - ok
18:33:38.0503 6016 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:33:38.0523 6016 RDPWD - ok
18:33:38.0553 6016 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:33:38.0573 6016 rdyboost - ok
18:33:38.0653 6016 [ BC0DB8AE78ADA06E54EB442932AF6CFD ] Remote Solver for Flow Simulation 2011 C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
18:33:38.0673 6016 Remote Solver for Flow Simulation 2011 - ok
18:33:38.0693 6016 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:33:38.0773 6016 RemoteAccess - ok
18:33:38.0813 6016 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:33:38.0913 6016 RemoteRegistry - ok
18:33:38.0953 6016 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:33:38.0993 6016 RFCOMM - ok
18:33:39.0023 6016 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:33:39.0113 6016 RpcEptMapper - ok
18:33:39.0133 6016 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:33:39.0163 6016 RpcLocator - ok
18:33:39.0183 6016 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:33:39.0293 6016 RpcSs - ok
18:33:39.0343 6016 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:33:39.0433 6016 rspndr - ok
18:33:39.0443 6016 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:33:39.0473 6016 SamSs - ok
18:33:39.0563 6016 [ A0540477B5283DD06642A184756C63FF ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
18:33:39.0583 6016 SAVAdminService - ok
18:33:39.0623 6016 [ 2192AE4D310ADB821B38595150F5A384 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
18:33:39.0643 6016 SAVOnAccess - ok
18:33:39.0703 6016 [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
18:33:39.0733 6016 SAVService - ok
18:33:39.0753 6016 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:33:39.0783 6016 sbp2port - ok
18:33:39.0813 6016 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:33:39.0913 6016 SCardSvr - ok
18:33:39.0923 6016 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:33:40.0013 6016 scfilter - ok
18:33:40.0076 6016 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:33:40.0204 6016 Schedule - ok
18:33:40.0228 6016 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:33:40.0322 6016 SCPolicySvc - ok
18:33:40.0355 6016 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:33:40.0394 6016 sdbus - ok
18:33:40.0449 6016 [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
18:33:40.0469 6016 sdcfilter - ok
18:33:40.0496 6016 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:33:40.0525 6016 SDRSVC - ok
18:33:40.0537 6016 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:33:40.0624 6016 secdrv - ok
18:33:40.0638 6016 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:33:40.0732 6016 seclogon - ok
18:33:40.0748 6016 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:33:40.0852 6016 SENS - ok
18:33:40.0876 6016 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:33:40.0913 6016 SensrSvc - ok
18:33:40.0932 6016 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:33:40.0961 6016 Serenum - ok
18:33:40.0984 6016 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:33:41.0014 6016 Serial - ok
18:33:41.0022 6016 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:33:41.0051 6016 sermouse - ok
18:33:41.0075 6016 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:33:41.0167 6016 SessionEnv - ok
18:33:41.0177 6016 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:33:41.0217 6016 sffdisk - ok
18:33:41.0227 6016 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:33:41.0267 6016 sffp_mmc - ok
18:33:41.0277 6016 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:33:41.0307 6016 sffp_sd - ok
18:33:41.0317 6016 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:33:41.0347 6016 sfloppy - ok
18:33:41.0407 6016 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:33:41.0447 6016 Sftfs - ok
18:33:41.0507 6016 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:33:41.0537 6016 sftlist - ok
18:33:41.0557 6016 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:33:41.0587 6016 Sftplay - ok
18:33:41.0597 6016 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:33:41.0617 6016 Sftredir - ok
18:33:41.0637 6016 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:33:41.0657 6016 Sftvol - ok
18:33:41.0677 6016 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:33:41.0697 6016 sftvsa - ok
18:33:41.0727 6016 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:33:41.0837 6016 SharedAccess - ok
18:33:41.0867 6016 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:33:41.0967 6016 ShellHWDetection - ok
18:33:42.0007 6016 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
18:33:42.0037 6016 SiSGbeLH - ok
18:33:42.0057 6016 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:33:42.0087 6016 SiSRaid2 - ok
18:33:42.0097 6016 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:33:42.0127 6016 SiSRaid4 - ok
18:33:42.0197 6016 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:33:42.0217 6016 SkypeUpdate - ok
18:33:42.0227 6016 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:33:42.0327 6016 Smb - ok
18:33:42.0387 6016 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:33:42.0427 6016 SNMPTRAP - ok
18:33:42.0517 6016 [ 2114518E55B380A3ACC28B2C27FD499A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
18:33:42.0577 6016 SNP2UVC - ok
18:33:42.0647 6016 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
18:33:42.0657 6016 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:33:42.0657 6016 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:33:42.0707 6016 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
18:33:42.0727 6016 Sophos AutoUpdate Service - ok
18:33:42.0807 6016 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
18:33:42.0837 6016 Sophos Web Control Service - ok
18:33:42.0867 6016 [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
18:33:42.0887 6016 SophosBootDriver - ok
18:33:42.0907 6016 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:33:42.0937 6016 spldr - ok
18:33:42.0967 6016 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:33:43.0007 6016 Spooler - ok
18:33:43.0127 6016 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:33:43.0327 6016 sppsvc - ok
18:33:43.0337 6016 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:33:43.0467 6016 sppuinotify - ok
18:33:43.0497 6016 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:33:43.0537 6016 srv - ok
18:33:43.0557 6016 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:33:43.0597 6016 srv2 - ok
18:33:43.0607 6016 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:33:43.0637 6016 srvnet - ok
18:33:43.0657 6016 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:33:43.0767 6016 SSDPSRV - ok
18:33:43.0777 6016 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:33:43.0877 6016 SstpSvc - ok
18:33:43.0927 6016 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:33:43.0947 6016 stexstor - ok
18:33:44.0067 6016 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:33:44.0127 6016 stisvc - ok
18:33:44.0187 6016 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:33:44.0208 6016 swenum - ok
18:33:44.0408 6016 [ 6A91F997BB4B569BF993801017E7122C ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
18:33:44.0558 6016 swi_service - ok
18:33:44.0678 6016 [ AA17EA2EF6E050904426C027C8F5BD01 ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
18:33:44.0778 6016 swi_update_64 - ok
18:33:44.0808 6016 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:33:44.0948 6016 swprv - ok
18:33:45.0028 6016 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:33:45.0118 6016 SysMain - ok
18:33:45.0128 6016 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:33:45.0178 6016 TabletInputService - ok
18:33:45.0198 6016 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:33:45.0308 6016 TapiSrv - ok
18:33:45.0318 6016 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:33:45.0418 6016 TBS - ok
18:33:45.0498 6016 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:33:45.0608 6016 Tcpip - ok
18:33:45.0658 6016 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:33:45.0758 6016 TCPIP6 - ok
18:33:45.0778 6016 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:33:45.0798 6016 tcpipreg - ok
18:33:45.0868 6016 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:33:45.0888 6016 TDPIPE - ok
18:33:45.0918 6016 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:33:45.0938 6016 TDTCP - ok
18:33:45.0988 6016 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:33:46.0088 6016 tdx - ok
18:33:46.0118 6016 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:33:46.0148 6016 TermDD - ok
18:33:46.0198 6016 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:33:46.0358 6016 TermService - ok
18:33:46.0398 6016 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:33:46.0448 6016 Themes - ok
18:33:46.0478 6016 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:33:46.0578 6016 THREADORDER - ok
18:33:46.0608 6016 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:33:46.0698 6016 TrkWks - ok
18:33:46.0758 6016 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:33:46.0848 6016 TrustedInstaller - ok
18:33:46.0868 6016 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:33:46.0968 6016 tssecsrv - ok
18:33:46.0998 6016 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:33:47.0028 6016 TsUsbFlt - ok
18:33:47.0038 6016 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:33:47.0068 6016 TsUsbGD - ok
18:33:47.0209 6016 [ E8985332F611F56ADBCFF987E7D67D51 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
18:33:47.0329 6016 TuneUp.UtilitiesSvc - ok
18:33:47.0369 6016 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
18:33:47.0389 6016 TuneUpUtilitiesDrv - ok
18:33:47.0429 6016 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:33:47.0509 6016 tunnel - ok
18:33:47.0529 6016 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:33:47.0549 6016 uagp35 - ok
18:33:47.0599 6016 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:33:47.0689 6016 udfs - ok
18:33:47.0719 6016 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:33:47.0749 6016 UI0Detect - ok
18:33:47.0769 6016 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:33:47.0799 6016 uliagpkx - ok
18:33:47.0829 6016 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:33:47.0849 6016 umbus - ok
18:33:47.0859 6016 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:33:47.0879 6016 UmPass - ok
18:33:47.0999 6016 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:33:48.0089 6016 UNS ( UnsignedFile.Multi.Generic ) - warning
18:33:48.0089 6016 UNS - detected UnsignedFile.Multi.Generic (1)
18:33:48.0109 6016 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:33:48.0219 6016 upnphost - ok
18:33:48.0269 6016 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:33:48.0279 6016 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:33:48.0279 6016 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:33:48.0299 6016 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:33:48.0329 6016 usbccgp - ok
18:33:48.0339 6016 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:33:48.0379 6016 usbcir - ok
18:33:48.0389 6016 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:33:48.0419 6016 usbehci - ok
18:33:48.0449 6016 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:33:48.0489 6016 usbhub - ok
18:33:48.0529 6016 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:33:48.0559 6016 usbohci - ok
18:33:48.0589 6016 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:33:48.0619 6016 usbprint - ok
18:33:48.0679 6016 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:33:48.0709 6016 usbscan - ok
18:33:48.0749 6016 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:33:48.0779 6016 USBSTOR - ok
18:33:48.0789 6016 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:33:48.0819 6016 usbuhci - ok
18:33:48.0859 6016 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:33:48.0899 6016 usbvideo - ok
18:33:48.0929 6016 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:33:49.0019 6016 UxSms - ok
18:33:49.0109 6016 [ 0089C14DFBBEB6B3A22BE14A44A4CE1F ] UxTuneUp C:\Windows\System32\uxtuneup.dll
18:33:49.0119 6016 UxTuneUp - ok
18:33:49.0139 6016 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:33:49.0169 6016 VaultSvc - ok
18:33:49.0209 6016 [ 03837B80AD5D8A00996148AD57C09791 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
18:33:49.0239 6016 VBoxDrv - ok
18:33:49.0269 6016 [ 27C9A9F2FA94140DDCF7B9131E13E1B4 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
18:33:49.0299 6016 VBoxUSBMon - ok
18:33:49.0319 6016 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
18:33:49.0339 6016 VClone - ok
18:33:49.0369 6016 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:33:49.0399 6016 vdrvroot - ok
18:33:49.0429 6016 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:33:49.0539 6016 vds - ok
18:33:49.0559 6016 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:33:49.0599 6016 vga - ok
18:33:49.0619 6016 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:33:49.0709 6016 VgaSave - ok
18:33:49.0719 6016 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:33:49.0759 6016 vhdmp - ok
18:33:49.0779 6016 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:33:49.0799 6016 viaide - ok
18:33:49.0809 6016 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:33:49.0839 6016 volmgr - ok
18:33:49.0849 6016 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:33:49.0889 6016 volmgrx - ok
18:33:49.0899 6016 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:33:49.0929 6016 volsnap - ok
18:33:49.0969 6016 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:33:49.0989 6016 vsmraid - ok
18:33:50.0059 6016 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:33:50.0189 6016 VSS - ok
18:33:50.0239 6016 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:33:50.0279 6016 vwifibus - ok
18:33:50.0309 6016 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:33:50.0369 6016 vwififlt - ok
18:33:50.0409 6016 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:33:50.0499 6016 W32Time - ok
18:33:50.0519 6016 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:33:50.0539 6016 WacomPen - ok
18:33:50.0559 6016 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:33:50.0649 6016 WANARP - ok
18:33:50.0659 6016 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:33:50.0759 6016 Wanarpv6 - ok
18:33:50.0809 6016 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:33:50.0889 6016 wbengine - ok
18:33:50.0919 6016 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:33:51.0019 6016 WbioSrvc - ok
18:33:51.0039 6016 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:33:51.0119 6016 wcncsvc - ok
18:33:51.0129 6016 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:33:51.0159 6016 WcsPlugInService - ok
18:33:51.0189 6016 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:33:51.0221 6016 Wd - ok
18:33:51.0271 6016 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:33:51.0321 6016 Wdf01000 - ok
18:33:51.0341 6016 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:33:51.0391 6016 WdiServiceHost - ok
18:33:51.0411 6016 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:33:51.0451 6016 WdiSystemHost - ok
18:33:51.0471 6016 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:33:51.0531 6016 WebClient - ok
18:33:51.0541 6016 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:33:51.0641 6016 Wecsvc - ok
18:33:51.0651 6016 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:33:51.0761 6016 wercplsupport - ok
18:33:51.0781 6016 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:33:51.0901 6016 WerSvc - ok
18:33:51.0911 6016 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:33:52.0041 6016 WfpLwf - ok
18:33:52.0081 6016 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:33:52.0111 6016 WimFltr - ok
18:33:52.0131 6016 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:33:52.0161 6016 WIMMount - ok
18:33:52.0181 6016 WinDefend - ok
18:33:52.0191 6016 WinHttpAutoProxySvc - ok
18:33:52.0251 6016 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:33:52.0341 6016 Winmgmt - ok
18:33:52.0401 6016 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:33:52.0561 6016 WinRM - ok
18:33:52.0621 6016 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:33:52.0651 6016 WinUsb - ok
18:33:52.0691 6016 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:33:52.0761 6016 Wlansvc - ok
18:33:52.0811 6016 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:33:52.0831 6016 wlcrasvc - ok
18:33:52.0941 6016 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:33:53.0051 6016 wlidsvc - ok
18:33:53.0101 6016 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:33:53.0131 6016 WmiAcpi - ok
18:33:53.0151 6016 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:33:53.0191 6016 wmiApSrv - ok
18:33:53.0211 6016 WMPNetworkSvc - ok
18:33:53.0231 6016 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:33:53.0261 6016 WPCSvc - ok
18:33:53.0271 6016 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:33:53.0311 6016 WPDBusEnum - ok
18:33:53.0321 6016 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:33:53.0401 6016 ws2ifsl - ok
18:33:53.0421 6016 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:33:53.0471 6016 wscsvc - ok
18:33:53.0471 6016 WSearch - ok
18:33:53.0521 6016 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
18:33:53.0541 6016 wsvd - ok
18:33:53.0631 6016 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:33:53.0761 6016 wuauserv - ok
18:33:53.0791 6016 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:33:53.0821 6016 WudfPf - ok
18:33:53.0871 6016 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:33:53.0901 6016 WUDFRd - ok
18:33:53.0931 6016 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:33:53.0961 6016 wudfsvc - ok
18:33:53.0981 6016 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:33:54.0041 6016 WwanSvc - ok
18:33:54.0061 6016 ================ Scan global ===============================
18:33:54.0091 6016 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:33:54.0131 6016 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:33:54.0151 6016 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:33:54.0191 6016 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:33:54.0231 6016 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:33:54.0241 6016 [Global] - ok
18:33:54.0241 6016 ================ Scan MBR ==================================
18:33:54.0251 6016 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:33:54.0981 6016 \Device\Harddisk0\DR0 - ok
18:33:54.0981 6016 ================ Scan VBR ==================================
18:33:54.0991 6016 [ DB14BB261C898317B39FEFA69D3C2E34 ] \Device\Harddisk0\DR0\Partition1
18:33:54.0991 6016 \Device\Harddisk0\DR0\Partition1 - ok
18:33:55.0031 6016 [ B8B6CE27C7F682FADF9FD324488BB7EC ] \Device\Harddisk0\DR0\Partition2
18:33:55.0031 6016 \Device\Harddisk0\DR0\Partition2 - ok
18:33:55.0031 6016 ============================================================
18:33:55.0031 6016 Scan finished
18:33:55.0031 6016 ============================================================
18:33:55.0051 7096 Detected object count: 5
18:33:55.0051 7096 Actual detected object count: 5
18:34:09.0177 7096 AFBAgent ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:09.0177 7096 AFBAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:09.0177 7096 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:09.0177 7096 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:09.0187 7096 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:09.0187 7096 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:09.0187 7096 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:09.0187 7096 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:09.0197 7096 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:09.0197 7096 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 03.01.2013, 19:27   #9
markusg
/// Malware-holic
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Win32/Small.CA-Virus
anhang, ausführen, ausgeführt, forum, freue, geschützt, gesendet, gestern, link, meldung, programm, runtergeladen, schnelle, schnelle hilfe, sophos, win, win32/small.ca-virus, würde



Ähnliche Themen: Win32/Small.CA-Virus


  1. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 16.12.2013 (4)
  2. Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 28.11.2013 (2)
  3. WIN 7 Starter: Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 15.11.2013 (3)
  4. Win 7 x64: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 31.10.2013 (15)
  5. win32/small.ca virus
    Plagegeister aller Art und deren Bekämpfung - 22.09.2013 (22)
  6. win32/small.ca-virus
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (9)
  7. Win32/Small.ca Virus
    Log-Analyse und Auswertung - 24.07.2013 (11)
  8. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 22.07.2013 (13)
  9. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (17)
  10. Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (41)
  11. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (10)
  12. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 03.07.2013 (13)
  13. Win32/Small.CA-Virus .... 100.000-ste -.-
    Plagegeister aller Art und deren Bekämpfung - 01.06.2013 (11)
  14. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (48)
  15. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (7)
  16. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (13)
  17. Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 06.03.2013 (1)

Zum Thema Win32/Small.CA-Virus - Hallo, ich habe ein Problem. Gestern war ich in einem Forum und habe einen Link zu einem Programm gesendet bekommen, was ich auch leider runtergeladen habe. Als ich es ausführen - Win32/Small.CA-Virus...
Archiv
Du betrachtest: Win32/Small.CA-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.