Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Beseitigung von EXP/JS.Expack durch Avira ausreichend?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.12.2012, 13:56   #1
Michi XXX
 
Beseitigung von EXP/JS.Expack durch Avira ausreichend? - Standard

Beseitigung von EXP/JS.Expack durch Avira ausreichend?



Hallo zusammen,

ich habe bei einem Systemcheck mit Avira vor drei Tagen folgende Meldung gehabt und versuche mich seitdem an der Problemlösung:
Code:
ATTFilter
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
C:\Users\LR\AppData\Local\Mozilla\Firefox\Profiles\p3lb01yr.default\Cache\A\8D\CCAA2d01
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JS.Expack.DQ
Beginne mit der Suche in 'D:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\LR\AppData\Local\Mozilla\Firefox\Profiles\p3lb01yr.default\Cache\A\8D\CCAA2d01
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JS.Expack.DQ
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54aa33c5.qua' verschoben!
         
Weil Avira beim darauffolgenden Scan hängen geblieben ist, habe ich es neu installiert und dann noch einmal laufen lassen: keine Funde mehr.

Wenn ich jetzt Malewarebytes durchlaufen lasse (hier aus dem Forum ergoogelt), findet er auch nichts:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
LR :: LR-PC [Administrator]

30.12.12 12:30:45
mbam-log-2012-12-30 (12-30-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205967
Laufzeit: 4 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

OTL-Logs (auch von "hier") habe ich immerhin geschafft:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.12.12 12:45:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LR\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
3,91 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 66,12% Memory free
7,81 Gb Paging File | 6,27 Gb Available in Paging File | 80,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 79,56 Gb Free Space | 66,72% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 80,39 Gb Free Space | 52,25% Space Free | Partition Type: NTFS
 
Computer Name: LR-PC | User Name: LR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\LR\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
PRC - C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
PRC - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
SRV - (Radio.fx) -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/calendar/re [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/messages/#!/messages/
IE - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=008edbb0000000000000000000000000
IE - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\..\SearchScopes\{82B0F6A7-A97D-4EC4-9C17-7547F7F6BE21}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\..\SearchScopes\{8D20BBC7-232E-4EA2-9F61-41196D477E4D}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\..\SearchScopes\{9138385E-1BA3-4A74-9452-FE722CE7D77A}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\..\SearchScopes\{CAB1DE66-79AF-4CD8-BB60-05100224D89E}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: alarm%40gutscheinsammler.de:2.0.3
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B9220f99f-5b7d-4a4d-97ca-209991796400%7D:1.6.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100930
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=111304&babsrc=KW_ss&mntrId=008edbb0000000000000000000000000&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 13:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.01 13:11:53 | 000,000,000 | ---D | M]
 
[2012.04.26 20:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LR\AppData\Roaming\mozilla\Extensions
[2012.11.25 15:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LR\AppData\Roaming\mozilla\Firefox\Profiles\p3lb01yr.default\extensions
[2012.04.28 10:52:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LR\AppData\Roaming\mozilla\Firefox\Profiles\p3lb01yr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.28 10:52:53 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\LR\AppData\Roaming\mozilla\Firefox\Profiles\p3lb01yr.default\extensions\moveplayer@movenetworks.com
[2012.11.07 22:55:36 | 000,018,981 | ---- | M] () (No name found) -- C:\Users\LR\AppData\Roaming\mozilla\firefox\profiles\p3lb01yr.default\extensions\alarm@gutscheinsammler.de.xpi
[2012.09.26 21:34:13 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\LR\AppData\Roaming\mozilla\firefox\profiles\p3lb01yr.default\extensions\amznUWL2@amazon.com.xpi
[2012.11.15 01:11:26 | 000,062,076 | ---- | M] () (No name found) -- C:\Users\LR\AppData\Roaming\mozilla\firefox\profiles\p3lb01yr.default\extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi
[2012.11.25 15:25:57 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\LR\AppData\Roaming\mozilla\firefox\profiles\p3lb01yr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010.11.24 15:28:10 | 000,001,238 | ---- | M] () -- C:\Users\LR\AppData\Roaming\mozilla\firefox\profiles\p3lb01yr.default\searchplugins\facebook.xml
[2009.08.19 23:35:14 | 000,004,140 | ---- | M] () -- C:\Users\LR\AppData\Roaming\mozilla\firefox\profiles\p3lb01yr.default\searchplugins\youtube.xml
[2012.12.28 13:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.01 13:10:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.01 13:12:39 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.22 17:56:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.28 18:41:05 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.13 09:34:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.22 17:56:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 17:56:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 17:56:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 17:56:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://D:\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://D:\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\..Trusted Domains: server01 ([]file in Lokales Intranet)
O15 - HKU\S-1-5-21-3818733701-377340231-3343173502-1000\..Trusted Domains: server02 ([]file in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{514DDA6A-DD84-471A-BBFE-296C8FF3C3F6}: DhcpNameServer = 192.168.0.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A703F789-E326-48A2-84C5-BEF3504B7E25}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.30 12:43:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LR\Desktop\OTL.exe
[2012.12.28 20:29:28 | 000,000,000 | ---D | C] -- C:\Users\LR\AppData\Roaming\Malwarebytes
[2012.12.28 20:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.28 20:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.28 20:29:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.28 20:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.28 20:27:50 | 000,000,000 | ---D | C] -- C:\Users\LR\AppData\Local\Programs
[2012.12.28 16:20:10 | 000,000,000 | ---D | C] -- C:\Users\LR\AppData\Roaming\Avira
[2012.12.28 16:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.28 16:14:20 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.28 16:14:20 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.28 16:14:20 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.28 16:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.12.28 16:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.12.28 16:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.27 22:15:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.27 22:15:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.27 22:15:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.27 22:15:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.27 22:15:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.27 22:15:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.27 22:15:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.27 22:15:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.27 22:15:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.27 22:15:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.27 22:15:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.27 22:15:05 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.27 22:15:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.27 22:15:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.27 22:15:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.27 22:13:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.27 22:13:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.27 22:13:35 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.27 22:13:35 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.27 22:06:11 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.27 22:06:10 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.27 22:06:10 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.27 22:06:10 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.27 22:06:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.27 22:06:07 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.27 22:06:07 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.27 22:06:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.27 22:06:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.27 22:06:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.27 22:06:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.27 22:06:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.27 22:06:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.27 22:06:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.27 22:06:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.27 22:06:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.27 22:06:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.27 22:06:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.27 22:06:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.27 22:06:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.27 22:06:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.27 22:06:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.27 22:06:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.27 22:06:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.27 22:06:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.27 22:06:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.27 22:06:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.27 22:06:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.27 22:06:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.27 22:06:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.27 22:06:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.27 22:06:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.27 22:06:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.27 22:06:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.27 22:06:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.27 22:06:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.27 22:06:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.27 22:06:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.27 22:06:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.27 22:06:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.27 22:06:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.27 22:06:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.27 22:06:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.27 22:06:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.27 22:06:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.27 22:06:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.27 22:06:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.27 22:06:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.27 22:06:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.27 22:06:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.27 22:06:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.27 22:06:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.27 22:06:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.27 22:05:31 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.12.27 22:05:29 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.12.27 22:05:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.12.27 22:05:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.12.27 22:05:21 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.27 22:05:21 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.27 22:05:09 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.12.27 22:05:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.12.27 22:04:46 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.12.27 22:04:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.12.27 22:00:14 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.12.27 22:00:14 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.12.01 13:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.30 11:42:48 | 001,785,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.30 11:42:48 | 000,759,130 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.30 11:42:48 | 000,713,802 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.30 11:42:48 | 000,171,048 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.30 11:42:48 | 000,143,828 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.30 11:37:17 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2012.12.30 11:37:15 | 000,000,387 | ---- | M] () -- C:\Users\LR\AppData\Roaming\sp_data.sys
[2012.12.30 11:37:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.29 10:51:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.29 10:51:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.29 10:43:10 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.28 17:07:33 | 000,001,888 | ---- | M] () -- C:\Windows\RTF2_tmp
[2012.12.28 16:35:00 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.12.28 14:46:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LR\Desktop\OTL.exe
[2012.12.27 23:11:06 | 000,445,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.27 19:01:10 | 000,000,726 | ---- | M] () -- C:\Users\LR\Desktop\MB.lnk
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.12 20:32:05 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 20:32:05 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012.12.27 19:01:10 | 000,000,726 | ---- | C] () -- C:\Users\LR\Desktop\MB.lnk
[2012.05.16 17:39:34 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2012.04.28 19:03:45 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012.04.26 20:39:09 | 000,000,387 | ---- | C] () -- C:\Users\LR\AppData\Roaming\sp_data.sys
[2012.03.05 02:23:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.05 02:23:53 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.05 02:23:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.05 02:23:52 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.03.05 02:23:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.19 05:26:32 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.10.19 05:11:04 | 001,769,968 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.26 20:42:12 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\ASUS WebStorage
[2012.04.28 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\Babylon
[2012.11.13 14:37:42 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\Canneverbe Limited
[2012.12.23 14:53:47 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\Dropbox
[2012.12.28 17:38:51 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\FileZilla
[2012.04.26 21:26:12 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\Nuance
[2012.05.04 16:33:35 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\OpenOffice.org
[2012.04.28 18:41:08 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\pdfforge
[2012.04.27 14:46:07 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\protonic software
[2012.07.03 09:59:21 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\TeamViewer
[2012.04.30 08:03:21 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\Tobit
[2012.04.26 21:26:09 | 000,000,000 | ---D | M] -- C:\Users\LR\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL-Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.12.12 12:45:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LR\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
3,91 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 66,12% Memory free
7,81 Gb Paging File | 6,27 Gb Available in Paging File | 80,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 79,56 Gb Free Space | 66,72% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 80,39 Gb Free Space | 52,25% Space Free | Partition Type: NTFS
 
Computer Name: LR-PC | User Name: LR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3818733701-377340231-3343173502-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C84880C-9E22-4A12-917A-8A0549C15236}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0E140BE0-DB92-4197-A92A-D2004E1C5E1C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1183C0BE-394D-489C-BF9E-52285EC5D66B}" = lport=1434 | protocol=17 | dir=in | name=sql server browser service | 
"{193A197E-8A0A-4FEA-A9CD-6EA54CAD1AC0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2878DE9A-4B6B-4796-8288-8C54E7FCA4F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{38559B8A-96EB-4B38-AF6A-03BB2355D980}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{455F011C-120B-41B3-B8DF-8BDCAC20F91B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{53B9BAA3-4233-43E0-9C5D-8406A89303CB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{55E915D8-6519-4334-879B-ECC9A233E585}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56123462-D3F6-4D69-B41A-0CE68AF414A8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5C02FBB4-4B97-4258-BF51-3760DD75E7C7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6B388ACD-36F1-40BC-8F5F-C65DEF63D124}" = rport=139 | protocol=6 | dir=out | app=system | 
"{716358B2-E04D-4B97-92FD-4D2FE5D91B40}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{728C3760-A594-4DED-8B6E-8DD1C4E77369}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{78F8A158-F2DC-461A-8402-93BA223273ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7CDB7F7F-DB46-47D1-986C-BA25E36BFE54}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{825664FE-F104-46C2-A95F-B86DD2507295}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9517F059-F48C-4AEE-9EEC-560C6E39418C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AAE86653-CC2E-4DFF-9891-BC925813D0F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AC882C1F-EBF3-48BF-83D5-5954B640008A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B09691BE-CAB8-470D-AB51-60D842CC1956}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C818929A-C1C5-4592-87EF-99E69377B59F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{CC55C967-0249-4FAF-93B8-A2B1EC221E2B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D0DC61D4-1A42-4191-96B7-A34C7B2575D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D9A72D63-FD30-4815-A0B4-BF203C41817C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E47E646D-35E2-4203-A2E7-F8E7DE926724}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E83683FB-59A5-4684-BA6F-C078A6AAA5F0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{EE314133-BD9A-48E9-AB4E-FA4085C9F411}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063C92EA-19A2-4101-8CE9-B7F81A9C0E2C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1C44CA1A-C7A6-4D76-84EF-2443B7CADD1F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1D6456BC-63A2-41E0-A4FF-CC0E223E05A1}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{209F67F8-9274-4899-AF62-8973792805E9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{248D34E2-8CE3-4462-8A8B-51B263BFA9BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{26DAFDBD-17E3-4C07-9CEC-2F1FA0A135B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{2B1F1FAC-FB5E-49D4-9E21-F2391D95D7D2}" = protocol=17 | dir=in | app=c:\users\lr\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2EE8CF90-AB3C-438C-95BB-A5010EF4FBBC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3A48FA1D-136D-41E9-9DE7-914E44275A34}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{451A900B-4A48-4414-A086-D7372842B2CB}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{4C124089-477D-4589-9CE8-22A68206DC21}" = protocol=6 | dir=in | app=c:\program files (x86)\protonic software\easyjob 4.0\easyjob.exe | 
"{58629E3E-7D21-4FC5-8B74-2BCCDB9ECEDF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{5E5A466E-502A-4312-B093-074E02DF0FAC}" = protocol=6 | dir=in | app=c:\users\lr\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6464966C-ECCE-4102-9F0B-8133AB6508DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6CE5D70F-8178-4B1E-82FE-28C788C73649}" = protocol=17 | dir=in | app=c:\program files (x86)\protonic software\easyjob 4.0\servermanager.exe | 
"{74A2E111-F20F-4F87-BA59-1EB2BAA97F84}" = protocol=6 | dir=out | app=system | 
"{74EC2EA2-0269-405D-9740-B4B8B3B63788}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7D02B58A-67F6-48FE-AF02-98C1A1A2B415}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7EC294A6-B7B8-415A-BAD5-173A5DBD30F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{910DD5EC-573E-40ED-8B04-49948434D4A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{93EA3E0C-31C6-422E-A846-899088953CD4}" = protocol=6 | dir=in | app=c:\program files (x86)\protonic software\easyjob 4.0\servermanager.exe | 
"{96D606BE-9338-4813-8B8A-5DC1CDB3BBBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9DB89175-1310-4184-B29D-FB85BF1910A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A049FA40-266F-4861-AA2A-1D008E84041E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B12F7054-D2D5-4564-95C5-8F097C46B91E}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{B342E299-51E7-4953-BCD3-92DADD3B9960}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDC6E15F-FE7A-4E7E-AA9F-A3F7DFBE8E32}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{CFF65C6B-F0DC-4856-ABEE-A330A175CE78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0125953-97D0-4D86-B17E-7A09A4DB72B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D2D9BA4C-7746-4E38-B06C-B328E9E0A4FC}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{DAE69A7C-02C0-4F1D-9F59-B1C933A6C4D1}" = protocol=17 | dir=in | app=c:\program files (x86)\protonic software\easyjob 4.0\easyjob.exe | 
"{DE97DF12-F33E-4621-AE4B-DAA72C3447A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F3BAFEBD-BC08-4BA9-AC76-299528815F69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FDD96A5B-D830-49E1-B8D6-3C634B41B339}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"TCP Query User{0395DA8A-1FEA-4557-94ED-0774D3AC1001}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{C875087A-3723-43D6-99FC-A0F7731BABA5}C:\users\lr\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lr\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{05B8B7C0-D15F-4CEA-A3AD-D8065D0690FA}C:\users\lr\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lr\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{357C19AE-0B99-4046-8DAA-E592EC5FEFEC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{3E776E7A-F4C3-4A89-8EAD-535E722C8397}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68451E5C-0A9C-4D5C-8D06-6E296242E908}" = 64 Bit HP CIO Components Installer
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B36055BF-5F0E-4EAB-804D-9203DFB34ADC}" = Windows Live Family Safety
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"VLC media player" = VLC media player 2.0.1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (EASYJOB4)
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6C08117-E8A9-401D-BF1F-7F99D6B48D59}" = easyjob 4.0
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"ASUS_Screensaver" = ASUS_Screensaver
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira Free Antivirus
"FileZilla Client" = FileZilla Client 3.5.3
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{F6C08117-E8A9-401D-BF1F-7F99D6B48D59}" = easyjob 4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Tobit Radio.fx Server" = Radio.fx
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3818733701-377340231-3343173502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.12 08:30:50 | Computer Name = LR-PC | Source = Radio.fx | ID = 100
Description = Failed to open session 
 
Error - 29.06.12 08:30:50 | Computer Name = LR-PC | Source = Radio.fx | ID = 100
Description = Failed to open session 
 
Error - 29.06.12 08:30:50 | Computer Name = LR-PC | Source = Radio.fx | ID = 100
Description = Failed to open session 
 
Error - 29.06.12 08:30:50 | Computer Name = LR-PC | Source = Radio.fx | ID = 100
Description = Failed to open session 
 
Error - 29.06.12 08:30:50 | Computer Name = LR-PC | Source = Radio.fx | ID = 100
Description = Failed to open session 
 
Error - 29.06.12 08:30:50 | Computer Name = LR-PC | Source = Radio.fx | ID = 100
Description = Failed to open session 
 
Error - 29.06.12 08:30:50 | Computer Name = LR-PC | Source = Radio.fx | ID = 100
Description = Failed to open session 
 
Error - 29.06.12 08:30:50 | Computer Name = LR-PC | Source = Radio.fx | ID = 100
Description = Failed to open session 
 
Error - 29.06.12 08:30:50 | Computer Name = LR-PC | Source = Radio.fx | ID = 100
Description = Failed to open session 
 
Error - 29.06.12 08:30:50 | Computer Name = LR-PC | Source = Radio.fx | ID = 100
Description = Failed to open session 
 
Error - 29.06.12 08:30:51 | Computer Name = LR-PC | Source = Radio.fx | ID = 100
Description = Failed to open session 
 
[ easyjob Events ]
Error - 27.04.12 15:20:36 | Computer Name = LR-PC | Source = easyjob | ID = 0
Description = ReportException   Message:Typkonflikt. (Ausnahme von HRESULT: 0x80020005
 (DISP_E_TYPEMISMATCH))  Stack:   bei Microsoft.VisualBasic.CompilerServices.LateBinding.InternalLateSet(Object
 o, Type& objType, String name, Object[] args, String[] paramnames, Boolean OptimisticSet,
 CallType UseCallType)     bei Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateSet(Object
 Instance, Type Type, String MemberName, Object[] Arguments, String[] ArgumentNames,
 Type[] TypeArguments, Boolean OptimisticSet, Boolean RValueBase, CallType CallType)

   bei Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateSet(Object Instance,
 Type Type, String MemberName, Object[] Arguments, String[] ArgumentNames, Type[]
 TypeArguments)     bei hz.b(String A_0, String A_1, Object A_2)     bei protonic.easyjob.FirewallConfig.GlobalOpenPort.RunCommand()

   bei protonic.easyjob.FirewallConfig.GlobalOpenPort.b(Object A_0, EventArgs A_1)

   bei System.Windows.Forms.Control.OnClick(EventArgs e)     bei System.Windows.Forms.Button.OnClick(EventArgs
 e)     bei System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)     bei System.Windows.Forms.Control.WmMouseUp(Message&
 m, MouseButtons button, Int32 clicks)     bei System.Windows.Forms.Control.WndProc(Message&
 m)     bei System.Windows.Forms.ButtonBase.WndProc(Message& m)     bei System.Windows.Forms.Button.WndProc(Message&
 m)     bei System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)

   bei System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)     bei
 System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam,
 IntPtr lparam)  Source:Microsoft.VisualBasic  Inner:
 
Error - 27.04.12 15:20:57 | Computer Name = LR-PC | Source = easyjob | ID = 0
Description = ReportException   Message:Typkonflikt. (Ausnahme von HRESULT: 0x80020005
 (DISP_E_TYPEMISMATCH))  Stack:   bei Microsoft.VisualBasic.CompilerServices.LateBinding.InternalLateSet(Object
 o, Type& objType, String name, Object[] args, String[] paramnames, Boolean OptimisticSet,
 CallType UseCallType)     bei Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateSet(Object
 Instance, Type Type, String MemberName, Object[] Arguments, String[] ArgumentNames,
 Type[] TypeArguments, Boolean OptimisticSet, Boolean RValueBase, CallType CallType)

   bei Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateSet(Object Instance,
 Type Type, String MemberName, Object[] Arguments, String[] ArgumentNames, Type[]
 TypeArguments)     bei hz.b(String A_0, String A_1, Object A_2)     bei protonic.easyjob.FirewallConfig.GlobalOpenPort.RunCommand()

   bei protonic.easyjob.FirewallConfig.GlobalOpenPort.b(Object A_0, EventArgs A_1)

   bei System.Windows.Forms.Control.OnClick(EventArgs e)     bei System.Windows.Forms.Button.OnClick(EventArgs
 e)     bei System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)     bei System.Windows.Forms.Control.WmMouseUp(Message&
 m, MouseButtons button, Int32 clicks)     bei System.Windows.Forms.Control.WndProc(Message&
 m)     bei System.Windows.Forms.ButtonBase.WndProc(Message& m)     bei System.Windows.Forms.Button.WndProc(Message&
 m)     bei System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)

   bei System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)     bei
 System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam,
 IntPtr lparam)  Source:Microsoft.VisualBasic  Inner:
 
[ System Events ]
Error - 10.12.12 08:20:34 | Computer Name = LR-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 10.12.12 08:50:26 | Computer Name = LR-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 10.12.12 09:45:58 | Computer Name = LR-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 10.12.12 09:46:17 | Computer Name = LR-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 10.12.12 10:34:12 | Computer Name = LR-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 10.12.12 11:15:58 | Computer Name = LR-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 10.12.12 11:16:07 | Computer Name = LR-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 10.12.12 11:16:08 | Computer Name = LR-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 10.12.12 11:56:35 | Computer Name = LR-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 11.12.12 07:08:17 | Computer Name = LR-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---


Kann ich davon ausgehen, dass alles wieder ok ist?? Es gibt zu dem gemeldeten Fund jede Menge Einträge in Google, die mich aber alle nur vollends verwirren (bin nur Anwender und habe keine Ahnung!). Überall wird vom "Fixen mit OTL" geredet - aber muss das denn jetzt überhaupt noch sein?? Ich würde mich allzugerne drauf verlassen, dass seit den Einträgen Avira das Problem in den Griff bekommen hat - traue dem Braten aber nicht so ganz.

Das Wichtigste habe ich vergessen: Ich hatte keine nennenswerten Symptome - der Rechner lief vorher gut und tut es jetzt auch.

Ich hoffe, ich habe nicht allzuviel falsch gemacht und bin sehr dankbar, wenn sich jemand meiner erbarmt...

Viele Grüße
Michi

Geändert von Michi XXX (30.12.2012 um 14:12 Uhr)

Alt 30.12.2012, 14:17   #2
markusg
/// Malware-holic
 
Beseitigung von EXP/JS.Expack durch Avira ausreichend? - Standard

Beseitigung von EXP/JS.Expack durch Avira ausreichend?



Hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________

__________________

Alt 30.12.2012, 14:27   #3
Michi XXX
 
Beseitigung von EXP/JS.Expack durch Avira ausreichend? - Standard

Beseitigung von EXP/JS.Expack durch Avira ausreichend?



Hallo Markus,

vielen Dank, hier das Log:
Code:
ATTFilter
14:23:13.0048 1900  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:23:13.0218 1900  ============================================================
14:23:13.0218 1900  Current date / time: 2012/12/30 14:23:13.0218
14:23:13.0218 1900  SystemInfo:
14:23:13.0218 1900  
14:23:13.0218 1900  OS Version: 6.1.7601 ServicePack: 1.0
14:23:13.0218 1900  Product type: Workstation
14:23:13.0218 1900  ComputerName: LR-PC
14:23:13.0218 1900  UserName: LR
14:23:13.0218 1900  Windows directory: C:\Windows
14:23:13.0218 1900  System windows directory: C:\Windows
14:23:13.0218 1900  Running under WOW64
14:23:13.0218 1900  Processor architecture: Intel x64
14:23:13.0218 1900  Number of processors: 2
14:23:13.0218 1900  Page size: 0x1000
14:23:13.0218 1900  Boot type: Normal boot
14:23:13.0218 1900  ============================================================
14:23:13.0998 1900  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:23:14.0008 1900  ============================================================
14:23:14.0008 1900  \Device\Harddisk0\DR0:
14:23:14.0008 1900  MBR partitions:
14:23:14.0008 1900  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xEE79000
14:23:14.0008 1900  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12079800, BlocksNum 0x133B4800
14:23:14.0008 1900  ============================================================
14:23:14.0028 1900  C: <-> \Device\Harddisk0\DR0\Partition1
14:23:14.0068 1900  D: <-> \Device\Harddisk0\DR0\Partition2
14:23:14.0068 1900  ============================================================
14:23:14.0068 1900  Initialize success
14:23:14.0068 1900  ============================================================
14:24:10.0465 2304  ============================================================
14:24:10.0465 2304  Scan started
14:24:10.0465 2304  Mode: Manual; SigCheck; TDLFS; 
14:24:10.0465 2304  ============================================================
14:24:10.0831 2304  ================ Scan system memory ========================
14:24:10.0831 2304  System memory - ok
14:24:10.0831 2304  ================ Scan services =============================
14:24:11.0096 2304  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:24:11.0252 2304  1394ohci - ok
14:24:11.0283 2304  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:24:11.0330 2304  ACPI - ok
14:24:11.0361 2304  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:24:11.0455 2304  AcpiPmi - ok
14:24:11.0548 2304  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:24:11.0579 2304  AdobeARMservice - ok
14:24:11.0626 2304  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:24:11.0673 2304  adp94xx - ok
14:24:11.0739 2304  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:24:11.0779 2304  adpahci - ok
14:24:11.0789 2304  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:24:11.0819 2304  adpu320 - ok
14:24:11.0859 2304  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:24:12.0059 2304  AeLookupSvc - ok
14:24:12.0109 2304  [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent        C:\Windows\system32\FBAgent.exe
14:24:12.0159 2304  AFBAgent - ok
14:24:12.0209 2304  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:24:12.0279 2304  AFD - ok
14:24:12.0319 2304  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:24:12.0349 2304  agp440 - ok
14:24:12.0389 2304  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:24:12.0449 2304  ALG - ok
14:24:12.0479 2304  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:24:12.0509 2304  aliide - ok
14:24:12.0519 2304  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:24:12.0539 2304  amdide - ok
14:24:12.0569 2304  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:24:12.0639 2304  AmdK8 - ok
14:24:12.0649 2304  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:24:12.0699 2304  AmdPPM - ok
14:24:12.0729 2304  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:24:12.0759 2304  amdsata - ok
14:24:12.0779 2304  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:24:12.0819 2304  amdsbs - ok
14:24:12.0839 2304  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:24:12.0859 2304  amdxata - ok
14:24:12.0909 2304  [ 92A848F962DA91C631147D566414BB7E ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
14:24:12.0939 2304  AmUStor - ok
14:24:13.0009 2304  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:24:13.0039 2304  AntiVirSchedulerService - ok
14:24:13.0079 2304  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:24:13.0109 2304  AntiVirService - ok
14:24:13.0129 2304  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:24:13.0329 2304  AppID - ok
14:24:13.0359 2304  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:24:13.0479 2304  AppIDSvc - ok
14:24:13.0509 2304  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:24:13.0629 2304  Appinfo - ok
14:24:13.0669 2304  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:24:13.0699 2304  arc - ok
14:24:13.0709 2304  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:24:13.0739 2304  arcsas - ok
14:24:13.0819 2304  [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
14:24:13.0839 2304  ASLDRService - ok
14:24:13.0879 2304  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
14:24:13.0899 2304  ASMMAP64 - ok
14:24:13.0939 2304  [ 8569AF4C73747671194EA9EBB2F2D6CF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
14:24:13.0989 2304  asmthub3 - ok
14:24:14.0019 2304  [ 073716FBFFAC7057CD5FF00A1B558331 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
14:24:14.0089 2304  asmtxhci - ok
14:24:14.0229 2304  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:24:14.0249 2304  aspnet_state - ok
14:24:14.0319 2304  [ 52436245AAEF3B65DF7859949AB6A14E ] ASUS InstantOn  C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
14:24:14.0359 2304  ASUS InstantOn - ok
14:24:14.0389 2304  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:24:14.0509 2304  AsyncMac - ok
14:24:14.0539 2304  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:24:14.0559 2304  atapi - ok
14:24:14.0679 2304  [ B4174564AD5834A1680610572477878C ] athr            C:\Windows\system32\DRIVERS\athrx.sys
14:24:14.0829 2304  athr - ok
14:24:14.0859 2304  [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
14:24:14.0879 2304  ATKGFNEXSrv - ok
14:24:14.0949 2304  [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
14:24:14.0969 2304  ATKWMIACPIIO - ok
14:24:15.0009 2304  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:24:15.0139 2304  AudioEndpointBuilder - ok
14:24:15.0159 2304  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:24:15.0259 2304  AudioSrv - ok
14:24:15.0319 2304  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:24:15.0349 2304  avgntflt - ok
14:24:15.0369 2304  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:24:15.0409 2304  avipbb - ok
14:24:15.0419 2304  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:24:15.0449 2304  avkmgr - ok
14:24:15.0499 2304  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:24:15.0559 2304  AxInstSV - ok
14:24:15.0609 2304  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:24:15.0679 2304  b06bdrv - ok
14:24:15.0709 2304  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:24:15.0769 2304  b57nd60a - ok
14:24:15.0819 2304  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:24:15.0869 2304  BDESVC - ok
14:24:15.0899 2304  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:24:16.0009 2304  Beep - ok
14:24:16.0079 2304  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:24:16.0209 2304  BFE - ok
14:24:16.0269 2304  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:24:16.0409 2304  BITS - ok
14:24:16.0429 2304  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:24:16.0479 2304  blbdrive - ok
14:24:16.0499 2304  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:24:16.0559 2304  bowser - ok
14:24:16.0609 2304  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:24:16.0659 2304  BrFiltLo - ok
14:24:16.0659 2304  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:24:16.0709 2304  BrFiltUp - ok
14:24:16.0749 2304  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:24:16.0799 2304  Browser - ok
14:24:16.0849 2304  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\system32\DRIVERS\BrSerId.sys
14:24:16.0909 2304  Brserid - ok
14:24:16.0929 2304  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:24:16.0979 2304  BrSerWdm - ok
14:24:16.0989 2304  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:24:17.0049 2304  BrUsbMdm - ok
14:24:17.0059 2304  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
14:24:17.0109 2304  BrUsbSer - ok
14:24:17.0129 2304  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
14:24:17.0169 2304  BthEnum - ok
14:24:17.0189 2304  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:24:17.0239 2304  BTHMODEM - ok
14:24:17.0259 2304  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:24:17.0319 2304  BthPan - ok
14:24:17.0369 2304  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:24:17.0509 2304  BTHPORT - ok
14:24:17.0549 2304  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:24:17.0659 2304  bthserv - ok
14:24:17.0679 2304  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:24:17.0719 2304  BTHUSB - ok
14:24:17.0749 2304  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:24:17.0869 2304  cdfs - ok
14:24:17.0919 2304  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:24:17.0959 2304  cdrom - ok
14:24:17.0999 2304  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:24:18.0109 2304  CertPropSvc - ok
14:24:18.0129 2304  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:24:18.0209 2304  circlass - ok
14:24:18.0259 2304  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:24:18.0299 2304  CLFS - ok
14:24:18.0379 2304  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:24:18.0409 2304  clr_optimization_v2.0.50727_32 - ok
14:24:18.0449 2304  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:24:18.0469 2304  clr_optimization_v2.0.50727_64 - ok
14:24:18.0549 2304  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:24:18.0579 2304  clr_optimization_v4.0.30319_32 - ok
14:24:18.0629 2304  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:24:18.0659 2304  clr_optimization_v4.0.30319_64 - ok
14:24:18.0699 2304  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:24:18.0749 2304  CmBatt - ok
14:24:18.0769 2304  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:24:18.0799 2304  cmdide - ok
14:24:18.0849 2304  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:24:18.0919 2304  CNG - ok
14:24:18.0959 2304  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:24:18.0989 2304  Compbatt - ok
14:24:19.0019 2304  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:24:19.0089 2304  CompositeBus - ok
14:24:19.0109 2304  COMSysApp - ok
14:24:19.0139 2304  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:24:19.0159 2304  crcdisk - ok
14:24:19.0209 2304  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:24:19.0269 2304  CryptSvc - ok
14:24:19.0339 2304  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:24:19.0469 2304  DcomLaunch - ok
14:24:19.0529 2304  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:24:19.0649 2304  defragsvc - ok
14:24:19.0679 2304  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:24:19.0779 2304  DfsC - ok
14:24:19.0839 2304  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:24:19.0939 2304  Dhcp - ok
14:24:19.0949 2304  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:24:20.0069 2304  discache - ok
14:24:20.0099 2304  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:24:20.0129 2304  Disk - ok
14:24:20.0159 2304  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:24:20.0219 2304  Dnscache - ok
14:24:20.0239 2304  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:24:20.0349 2304  dot3svc - ok
14:24:20.0379 2304  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:24:20.0489 2304  DPS - ok
14:24:20.0529 2304  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:24:20.0589 2304  drmkaud - ok
14:24:20.0639 2304  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:24:20.0709 2304  DXGKrnl - ok
14:24:20.0739 2304  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:24:20.0839 2304  EapHost - ok
14:24:20.0959 2304  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:24:21.0119 2304  ebdrv - ok
14:24:21.0159 2304  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:24:21.0209 2304  EFS - ok
14:24:21.0269 2304  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:24:21.0339 2304  ehRecvr - ok
14:24:21.0359 2304  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:24:21.0419 2304  ehSched - ok
14:24:21.0499 2304  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:24:21.0539 2304  elxstor - ok
14:24:21.0549 2304  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:24:21.0614 2304  ErrDev - ok
14:24:21.0677 2304  [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
14:24:21.0708 2304  ETD - ok
14:24:21.0755 2304  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:24:21.0864 2304  EventSystem - ok
14:24:21.0895 2304  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:24:22.0004 2304  exfat - ok
14:24:22.0020 2304  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:24:22.0145 2304  fastfat - ok
14:24:22.0191 2304  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:24:22.0269 2304  Fax - ok
14:24:22.0301 2304  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:24:22.0347 2304  fdc - ok
14:24:22.0379 2304  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:24:22.0488 2304  fdPHost - ok
14:24:22.0503 2304  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:24:22.0613 2304  FDResPub - ok
14:24:22.0628 2304  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:24:22.0659 2304  FileInfo - ok
14:24:22.0691 2304  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:24:22.0800 2304  Filetrace - ok
14:24:22.0815 2304  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:24:22.0862 2304  flpydisk - ok
14:24:22.0893 2304  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:24:22.0940 2304  FltMgr - ok
14:24:22.0987 2304  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
14:24:23.0079 2304  FontCache - ok
14:24:23.0129 2304  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:24:23.0149 2304  FontCache3.0.0.0 - ok
14:24:23.0189 2304  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:24:23.0209 2304  FsDepends - ok
14:24:23.0259 2304  [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
14:24:23.0279 2304  fssfltr - ok
14:24:23.0369 2304  [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:24:23.0459 2304  fsssvc - ok
14:24:23.0499 2304  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:24:23.0529 2304  Fs_Rec - ok
14:24:23.0549 2304  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:24:23.0589 2304  fvevol - ok
14:24:23.0629 2304  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:24:23.0659 2304  gagp30kx - ok
14:24:23.0709 2304  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:24:23.0839 2304  gpsvc - ok
14:24:23.0869 2304  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:24:23.0909 2304  hcw85cir - ok
14:24:23.0949 2304  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:24:23.0999 2304  HdAudAddService - ok
14:24:24.0039 2304  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:24:24.0089 2304  HDAudBus - ok
14:24:24.0099 2304  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:24:24.0149 2304  HidBatt - ok
14:24:24.0179 2304  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:24:24.0229 2304  HidBth - ok
14:24:24.0239 2304  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:24:24.0269 2304  HidIr - ok
14:24:24.0299 2304  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:24:24.0409 2304  hidserv - ok
14:24:24.0449 2304  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:24:24.0499 2304  HidUsb - ok
14:24:24.0529 2304  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:24:24.0639 2304  hkmsvc - ok
14:24:24.0659 2304  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:24:24.0719 2304  HomeGroupListener - ok
14:24:24.0749 2304  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:24:24.0799 2304  HomeGroupProvider - ok
14:24:24.0829 2304  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:24:24.0859 2304  HpSAMD - ok
14:24:24.0899 2304  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:24:25.0019 2304  HTTP - ok
14:24:25.0059 2304  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:24:25.0079 2304  hwpolicy - ok
14:24:25.0109 2304  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:24:25.0139 2304  i8042prt - ok
14:24:25.0189 2304  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:24:25.0239 2304  iaStor - ok
14:24:25.0309 2304  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:24:25.0349 2304  iaStorV - ok
14:24:25.0419 2304  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:24:25.0479 2304  idsvc - ok
14:24:25.0889 2304  [ 0089B53F1BEFD34B7D8CA4AB021335FA ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:24:26.0569 2304  igfx - ok
14:24:26.0609 2304  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:24:26.0639 2304  iirsp - ok
14:24:26.0689 2304  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:24:26.0809 2304  IKEEXT - ok
14:24:26.0949 2304  [ 651972B4061F940DC154C6F7B948B76A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:24:27.0109 2304  IntcAzAudAddService - ok
14:24:27.0179 2304  [ AE594CC17C33AC146739494615E14851 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:24:27.0239 2304  IntcDAud - ok
14:24:27.0269 2304  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:24:27.0299 2304  intelide - ok
14:24:27.0329 2304  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:24:27.0369 2304  intelppm - ok
14:24:27.0429 2304  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:24:27.0539 2304  IPBusEnum - ok
14:24:27.0549 2304  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:24:27.0649 2304  IpFilterDriver - ok
14:24:27.0679 2304  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:24:27.0799 2304  iphlpsvc - ok
14:24:27.0819 2304  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:24:27.0859 2304  IPMIDRV - ok
14:24:27.0889 2304  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:24:28.0009 2304  IPNAT - ok
14:24:28.0029 2304  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:24:28.0099 2304  IRENUM - ok
14:24:28.0119 2304  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:24:28.0149 2304  isapnp - ok
14:24:28.0189 2304  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:24:28.0229 2304  iScsiPrt - ok
14:24:28.0259 2304  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:24:28.0289 2304  kbdclass - ok
14:24:28.0339 2304  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:24:28.0399 2304  kbdhid - ok
14:24:28.0449 2304  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
14:24:28.0469 2304  kbfiltr - ok
14:24:28.0499 2304  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:24:28.0529 2304  KeyIso - ok
14:24:28.0559 2304  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:24:28.0589 2304  KSecDD - ok
14:24:28.0609 2304  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:24:28.0639 2304  KSecPkg - ok
14:24:28.0669 2304  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:24:28.0759 2304  ksthunk - ok
14:24:28.0789 2304  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:24:28.0929 2304  KtmRm - ok
14:24:28.0969 2304  [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
14:24:28.0999 2304  L1C - ok
14:24:29.0039 2304  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:24:29.0149 2304  LanmanServer - ok
14:24:29.0179 2304  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:24:29.0289 2304  LanmanWorkstation - ok
14:24:29.0339 2304  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:24:29.0449 2304  lltdio - ok
14:24:29.0489 2304  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:24:29.0609 2304  lltdsvc - ok
14:24:29.0629 2304  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:24:29.0729 2304  lmhosts - ok
14:24:29.0809 2304  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:24:29.0849 2304  LMS - ok
14:24:29.0899 2304  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:24:29.0929 2304  LSI_FC - ok
14:24:29.0949 2304  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:24:29.0979 2304  LSI_SAS - ok
14:24:29.0989 2304  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:24:30.0019 2304  LSI_SAS2 - ok
14:24:30.0029 2304  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:24:30.0059 2304  LSI_SCSI - ok
14:24:30.0089 2304  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:24:30.0189 2304  luafv - ok
14:24:30.0259 2304  [ 035C83CD72E06C47000793D32B1A642D ] massfilter      C:\Windows\system32\drivers\massfilter.sys
14:24:30.0309 2304  massfilter - ok
14:24:30.0329 2304  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:24:30.0379 2304  Mcx2Svc - ok
14:24:30.0389 2304  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:24:30.0419 2304  megasas - ok
14:24:30.0469 2304  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:24:30.0509 2304  MegaSR - ok
14:24:30.0549 2304  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:24:30.0579 2304  MEIx64 - ok
14:24:30.0619 2304  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:24:30.0743 2304  MMCSS - ok
14:24:30.0743 2304  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:24:30.0862 2304  Modem - ok
14:24:30.0902 2304  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:24:30.0942 2304  monitor - ok
14:24:30.0972 2304  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:24:30.0992 2304  mouclass - ok
14:24:31.0022 2304  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:24:31.0062 2304  mouhid - ok
14:24:31.0092 2304  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:24:31.0122 2304  mountmgr - ok
14:24:31.0192 2304  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:24:31.0212 2304  MozillaMaintenance - ok
14:24:31.0242 2304  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:24:31.0272 2304  mpio - ok
14:24:31.0302 2304  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:24:31.0412 2304  mpsdrv - ok
14:24:31.0462 2304  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:24:31.0582 2304  MpsSvc - ok
14:24:31.0602 2304  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:24:31.0662 2304  MRxDAV - ok
14:24:31.0682 2304  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:24:31.0752 2304  mrxsmb - ok
14:24:31.0792 2304  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:24:31.0842 2304  mrxsmb10 - ok
14:24:31.0862 2304  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:24:31.0922 2304  mrxsmb20 - ok
14:24:31.0942 2304  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:24:31.0972 2304  msahci - ok
14:24:32.0002 2304  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:24:32.0032 2304  msdsm - ok
14:24:32.0062 2304  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:24:32.0112 2304  MSDTC - ok
14:24:32.0152 2304  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:24:32.0252 2304  Msfs - ok
14:24:32.0272 2304  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:24:32.0382 2304  mshidkmdf - ok
14:24:32.0412 2304  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:24:32.0442 2304  msisadrv - ok
14:24:32.0472 2304  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:24:32.0592 2304  MSiSCSI - ok
14:24:32.0592 2304  msiserver - ok
14:24:32.0622 2304  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:24:32.0712 2304  MSKSSRV - ok
14:24:32.0732 2304  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:24:32.0852 2304  MSPCLOCK - ok
14:24:32.0852 2304  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:24:32.0962 2304  MSPQM - ok
14:24:32.0992 2304  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:24:33.0032 2304  MsRPC - ok
14:24:33.0062 2304  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:24:33.0082 2304  mssmbios - ok
14:24:33.0132 2304  MSSQL$EASYJOB4 - ok
14:24:33.0162 2304  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:24:33.0182 2304  MSSQLServerADHelper - ok
14:24:33.0212 2304  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:24:33.0322 2304  MSTEE - ok
14:24:33.0332 2304  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:24:33.0382 2304  MTConfig - ok
14:24:33.0402 2304  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:24:33.0432 2304  Mup - ok
14:24:33.0472 2304  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:24:33.0572 2304  napagent - ok
14:24:33.0612 2304  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:24:33.0682 2304  NativeWifiP - ok
14:24:33.0742 2304  [ C38B8AE57F78915905064A9A24DC1586 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:24:33.0812 2304  NDIS - ok
14:24:33.0842 2304  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:24:33.0932 2304  NdisCap - ok
14:24:33.0972 2304  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:24:34.0072 2304  NdisTapi - ok
14:24:34.0082 2304  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:24:34.0182 2304  Ndisuio - ok
14:24:34.0192 2304  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:24:34.0302 2304  NdisWan - ok
14:24:34.0322 2304  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:24:34.0432 2304  NDProxy - ok
14:24:34.0482 2304  [ BD94210175C488F18ADD3E189EE9304C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:24:34.0522 2304  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:24:34.0522 2304  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:24:34.0552 2304  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:24:34.0662 2304  NetBIOS - ok
14:24:34.0702 2304  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:24:34.0812 2304  NetBT - ok
14:24:34.0842 2304  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:24:34.0862 2304  Netlogon - ok
14:24:34.0922 2304  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:24:35.0042 2304  Netman - ok
14:24:35.0082 2304  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:24:35.0112 2304  NetMsmqActivator - ok
14:24:35.0122 2304  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:24:35.0152 2304  NetPipeActivator - ok
14:24:35.0202 2304  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:24:35.0322 2304  netprofm - ok
14:24:35.0322 2304  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:24:35.0352 2304  NetTcpActivator - ok
14:24:35.0362 2304  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:24:35.0392 2304  NetTcpPortSharing - ok
14:24:35.0422 2304  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:24:35.0452 2304  nfrd960 - ok
14:24:35.0492 2304  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:24:35.0622 2304  NlaSvc - ok
14:24:35.0662 2304  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:24:35.0762 2304  Npfs - ok
14:24:35.0772 2304  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:24:35.0882 2304  nsi - ok
14:24:35.0912 2304  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:24:36.0012 2304  nsiproxy - ok
14:24:36.0082 2304  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:24:36.0182 2304  Ntfs - ok
14:24:36.0202 2304  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:24:36.0312 2304  Null - ok
14:24:36.0352 2304  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:24:36.0382 2304  nvraid - ok
14:24:36.0392 2304  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:24:36.0432 2304  nvstor - ok
14:24:36.0442 2304  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:24:36.0472 2304  nv_agp - ok
14:24:36.0472 2304  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:24:36.0522 2304  ohci1394 - ok
14:24:36.0622 2304  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:24:36.0642 2304  ose - ok
14:24:36.0882 2304  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:24:37.0102 2304  osppsvc - ok
14:24:37.0162 2304  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:24:37.0222 2304  p2pimsvc - ok
14:24:37.0252 2304  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:24:37.0302 2304  p2psvc - ok
14:24:37.0322 2304  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
14:24:37.0372 2304  Parport - ok
14:24:37.0402 2304  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:24:37.0432 2304  partmgr - ok
14:24:37.0462 2304  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:24:37.0512 2304  PcaSvc - ok
14:24:37.0542 2304  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:24:37.0572 2304  pci - ok
14:24:37.0592 2304  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:24:37.0622 2304  pciide - ok
14:24:37.0642 2304  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:24:37.0682 2304  pcmcia - ok
14:24:37.0702 2304  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:24:37.0732 2304  pcw - ok
14:24:37.0772 2304  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:24:37.0892 2304  PEAUTH - ok
14:24:37.0972 2304  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:24:38.0012 2304  PerfHost - ok
14:24:38.0112 2304  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:24:38.0252 2304  pla - ok
14:24:38.0302 2304  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:24:38.0362 2304  PlugPlay - ok
14:24:38.0422 2304  [ 7FE2AFB17D91CF39843D6766EA31CFC7 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:24:38.0442 2304  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:24:38.0442 2304  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:24:38.0462 2304  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:24:38.0502 2304  PNRPAutoReg - ok
14:24:38.0532 2304  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:24:38.0572 2304  PNRPsvc - ok
14:24:38.0622 2304  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:24:38.0732 2304  PolicyAgent - ok
14:24:38.0782 2304  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:24:38.0882 2304  Power - ok
14:24:38.0912 2304  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:24:39.0022 2304  PptpMiniport - ok
14:24:39.0052 2304  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
14:24:39.0082 2304  Processor - ok
14:24:39.0122 2304  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:24:39.0172 2304  ProfSvc - ok
14:24:39.0182 2304  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:24:39.0212 2304  ProtectedStorage - ok
14:24:39.0242 2304  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:24:39.0342 2304  Psched - ok
14:24:39.0422 2304  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:24:39.0512 2304  ql2300 - ok
14:24:39.0542 2304  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:24:39.0572 2304  ql40xx - ok
14:24:39.0612 2304  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:24:39.0662 2304  QWAVE - ok
14:24:39.0712 2304  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:24:39.0762 2304  QWAVEdrv - ok
14:24:39.0952 2304  [ B40AA9BE30D62B288DBF4AAA83FB2A49 ] Radio.fx        C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
14:24:40.0132 2304  Radio.fx - ok
14:24:40.0192 2304  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:24:40.0292 2304  RasAcd - ok
14:24:40.0342 2304  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:24:40.0442 2304  RasAgileVpn - ok
14:24:40.0472 2304  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:24:40.0582 2304  RasAuto - ok
14:24:40.0632 2304  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:24:40.0732 2304  Rasl2tp - ok
14:24:40.0782 2304  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:24:40.0892 2304  RasMan - ok
14:24:40.0922 2304  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:24:41.0032 2304  RasPppoe - ok
14:24:41.0062 2304  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:24:41.0172 2304  RasSstp - ok
14:24:41.0222 2304  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:24:41.0332 2304  rdbss - ok
14:24:41.0342 2304  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:24:41.0392 2304  rdpbus - ok
14:24:41.0422 2304  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:24:41.0542 2304  RDPCDD - ok
14:24:41.0562 2304  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:24:41.0662 2304  RDPENCDD - ok
14:24:41.0672 2304  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:24:41.0772 2304  RDPREFMP - ok
14:24:41.0822 2304  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:24:41.0862 2304  RDPWD - ok
14:24:41.0892 2304  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:24:41.0932 2304  rdyboost - ok
14:24:41.0962 2304  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:24:42.0072 2304  RemoteAccess - ok
14:24:42.0102 2304  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:24:42.0212 2304  RemoteRegistry - ok
14:24:42.0262 2304  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:24:42.0322 2304  RFCOMM - ok
14:24:42.0342 2304  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:24:42.0452 2304  RpcEptMapper - ok
14:24:42.0482 2304  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:24:42.0522 2304  RpcLocator - ok
14:24:42.0552 2304  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:24:42.0662 2304  RpcSs - ok
14:24:42.0702 2304  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:24:42.0792 2304  rspndr - ok
14:24:42.0812 2304  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:24:42.0842 2304  SamSs - ok
14:24:42.0862 2304  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:24:42.0892 2304  sbp2port - ok
14:24:42.0932 2304  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:24:43.0032 2304  SCardSvr - ok
14:24:43.0052 2304  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:24:43.0152 2304  scfilter - ok
14:24:43.0202 2304  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:24:43.0332 2304  Schedule - ok
14:24:43.0352 2304  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:24:43.0442 2304  SCPolicySvc - ok
14:24:43.0482 2304  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:24:43.0522 2304  SDRSVC - ok
14:24:43.0552 2304  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:24:43.0652 2304  secdrv - ok
14:24:43.0672 2304  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:24:43.0772 2304  seclogon - ok
14:24:43.0822 2304  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:24:43.0932 2304  SENS - ok
14:24:43.0962 2304  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:24:44.0002 2304  SensrSvc - ok
14:24:44.0032 2304  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:24:44.0062 2304  Serenum - ok
14:24:44.0092 2304  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
14:24:44.0142 2304  Serial - ok
14:24:44.0162 2304  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:24:44.0202 2304  sermouse - ok
14:24:44.0242 2304  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:24:44.0352 2304  SessionEnv - ok
14:24:44.0362 2304  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:24:44.0402 2304  sffdisk - ok
14:24:44.0442 2304  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:24:44.0482 2304  sffp_mmc - ok
14:24:44.0492 2304  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:24:44.0542 2304  sffp_sd - ok
14:24:44.0552 2304  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:24:44.0602 2304  sfloppy - ok
14:24:44.0632 2304  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:24:44.0752 2304  SharedAccess - ok
14:24:44.0792 2304  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:24:44.0912 2304  ShellHWDetection - ok
14:24:44.0952 2304  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
14:24:45.0002 2304  SiSGbeLH - ok
14:24:45.0022 2304  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:24:45.0052 2304  SiSRaid2 - ok
14:24:45.0062 2304  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:24:45.0092 2304  SiSRaid4 - ok
14:24:45.0102 2304  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:24:45.0202 2304  Smb - ok
14:24:45.0242 2304  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:24:45.0292 2304  SNMPTRAP - ok
14:24:45.0312 2304  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:24:45.0342 2304  spldr - ok
14:24:45.0372 2304  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
14:24:45.0472 2304  Spooler - ok
14:24:45.0592 2304  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:24:45.0802 2304  sppsvc - ok
14:24:45.0842 2304  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:24:45.0962 2304  sppuinotify - ok
14:24:45.0992 2304  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:24:46.0022 2304  SQLBrowser - ok
14:24:46.0122 2304  [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:24:46.0142 2304  SQLWriter - ok
14:24:46.0192 2304  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:24:46.0262 2304  srv - ok
14:24:46.0292 2304  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:24:46.0332 2304  srv2 - ok
14:24:46.0362 2304  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:24:46.0402 2304  srvnet - ok
14:24:46.0432 2304  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:24:46.0542 2304  SSDPSRV - ok
14:24:46.0572 2304  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:24:46.0682 2304  SstpSvc - ok
14:24:46.0702 2304  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:24:46.0732 2304  stexstor - ok
14:24:46.0772 2304  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:24:46.0852 2304  stisvc - ok
14:24:46.0872 2304  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:24:46.0892 2304  swenum - ok
14:24:46.0942 2304  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:24:47.0062 2304  swprv - ok
14:24:47.0132 2304  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:24:47.0242 2304  SysMain - ok
14:24:47.0272 2304  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:24:47.0322 2304  TabletInputService - ok
14:24:47.0342 2304  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:24:47.0462 2304  TapiSrv - ok
14:24:47.0482 2304  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:24:47.0582 2304  TBS - ok
14:24:47.0662 2304  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:24:47.0772 2304  Tcpip - ok
14:24:47.0822 2304  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:24:47.0922 2304  TCPIP6 - ok
14:24:47.0962 2304  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:24:48.0078 2304  tcpipreg - ok
14:24:48.0109 2304  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:24:48.0140 2304  TDPIPE - ok
14:24:48.0171 2304  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:24:48.0203 2304  TDTCP - ok
14:24:48.0253 2304  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:24:48.0353 2304  tdx - ok
14:24:48.0373 2304  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:24:48.0403 2304  TermDD - ok
14:24:48.0443 2304  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:24:48.0553 2304  TermService - ok
14:24:48.0573 2304  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:24:48.0623 2304  Themes - ok
14:24:48.0643 2304  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:24:48.0743 2304  THREADORDER - ok
14:24:48.0773 2304  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
14:24:48.0803 2304  TPM - ok
14:24:48.0843 2304  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:24:48.0953 2304  TrkWks - ok
14:24:49.0013 2304  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:24:49.0133 2304  TrustedInstaller - ok
14:24:49.0163 2304  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:24:49.0253 2304  tssecsrv - ok
14:24:49.0283 2304  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:24:49.0323 2304  TsUsbFlt - ok
14:24:49.0333 2304  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:24:49.0373 2304  TsUsbGD - ok
14:24:49.0403 2304  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:24:49.0503 2304  tunnel - ok
14:24:49.0513 2304  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:24:49.0543 2304  uagp35 - ok
14:24:49.0583 2304  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:24:49.0713 2304  udfs - ok
14:24:49.0773 2304  [ 2E071263A409931F8AFF3A6A656E920C ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
14:24:49.0813 2304  UI Assistant Service - ok
14:24:49.0843 2304  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:24:49.0903 2304  UI0Detect - ok
14:24:49.0923 2304  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:24:49.0953 2304  uliagpkx - ok
14:24:49.0983 2304  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:24:50.0023 2304  umbus - ok
14:24:50.0033 2304  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:24:50.0073 2304  UmPass - ok
14:24:50.0223 2304  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:24:50.0373 2304  UNS - ok
14:24:50.0403 2304  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:24:50.0513 2304  upnphost - ok
14:24:50.0543 2304  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:24:50.0593 2304  usbccgp - ok
14:24:50.0603 2304  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:24:50.0663 2304  usbcir - ok
14:24:50.0673 2304  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:24:50.0713 2304  usbehci - ok
14:24:50.0773 2304  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:24:50.0823 2304  usbhub - ok
14:24:50.0833 2304  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:24:50.0863 2304  usbohci - ok
14:24:50.0903 2304  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:24:50.0963 2304  usbprint - ok
14:24:50.0993 2304  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:24:51.0023 2304  usbscan - ok
14:24:51.0063 2304  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:24:51.0103 2304  USBSTOR - ok
14:24:51.0113 2304  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:24:51.0153 2304  usbuhci - ok
14:24:51.0213 2304  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:24:51.0263 2304  usbvideo - ok
14:24:51.0313 2304  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:24:51.0443 2304  UxSms - ok
14:24:51.0463 2304  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:24:51.0493 2304  VaultSvc - ok
14:24:51.0513 2304  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:24:51.0543 2304  vdrvroot - ok
14:24:51.0573 2304  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:24:51.0703 2304  vds - ok
14:24:51.0733 2304  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:24:51.0773 2304  vga - ok
14:24:51.0793 2304  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:24:51.0883 2304  VgaSave - ok
14:24:51.0913 2304  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:24:51.0953 2304  vhdmp - ok
14:24:51.0953 2304  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:24:51.0983 2304  viaide - ok
14:24:52.0013 2304  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:24:52.0043 2304  volmgr - ok
14:24:52.0063 2304  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:24:52.0113 2304  volmgrx - ok
14:24:52.0133 2304  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:24:52.0173 2304  volsnap - ok
14:24:52.0213 2304  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:24:52.0243 2304  vsmraid - ok
14:24:52.0323 2304  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:24:52.0473 2304  VSS - ok
14:24:52.0483 2304  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:24:52.0533 2304  vwifibus - ok
14:24:52.0573 2304  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:24:52.0623 2304  vwififlt - ok
14:24:52.0643 2304  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:24:52.0693 2304  vwifimp - ok
14:24:52.0743 2304  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:24:52.0863 2304  W32Time - ok
14:24:52.0883 2304  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:24:52.0923 2304  WacomPen - ok
14:24:52.0973 2304  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:24:53.0073 2304  WANARP - ok
14:24:53.0083 2304  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:24:53.0173 2304  Wanarpv6 - ok
14:24:53.0243 2304  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:24:53.0333 2304  wbengine - ok
14:24:53.0363 2304  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:24:53.0423 2304  WbioSrvc - ok
14:24:53.0453 2304  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:24:53.0533 2304  wcncsvc - ok
14:24:53.0563 2304  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:24:53.0603 2304  WcsPlugInService - ok
14:24:53.0633 2304  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:24:53.0653 2304  Wd - ok
14:24:53.0683 2304  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:24:53.0743 2304  Wdf01000 - ok
14:24:53.0763 2304  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:24:53.0833 2304  WdiServiceHost - ok
14:24:53.0833 2304  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:24:53.0883 2304  WdiSystemHost - ok
14:24:53.0923 2304  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:24:53.0993 2304  WebClient - ok
14:24:54.0023 2304  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:24:54.0133 2304  Wecsvc - ok
14:24:54.0153 2304  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:24:54.0253 2304  wercplsupport - ok
14:24:54.0303 2304  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:24:54.0413 2304  WerSvc - ok
14:24:54.0443 2304  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:24:54.0533 2304  WfpLwf - ok
14:24:54.0593 2304  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
14:24:54.0623 2304  WimFltr - ok
14:24:54.0653 2304  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:24:54.0683 2304  WIMMount - ok
14:24:54.0723 2304  WinDefend - ok
14:24:54.0733 2304  WinHttpAutoProxySvc - ok
14:24:54.0803 2304  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:24:54.0923 2304  Winmgmt - ok
14:24:55.0003 2304  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:24:55.0163 2304  WinRM - ok
14:24:55.0233 2304  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:24:55.0303 2304  Wlansvc - ok
14:24:55.0353 2304  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:24:55.0383 2304  wlcrasvc - ok
14:24:55.0493 2304  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:24:55.0623 2304  wlidsvc - ok
14:24:55.0663 2304  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:24:55.0703 2304  WmiAcpi - ok
14:24:55.0753 2304  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:24:55.0803 2304  wmiApSrv - ok
14:24:55.0853 2304  WMPNetworkSvc - ok
14:24:55.0883 2304  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:24:55.0913 2304  WPCSvc - ok
14:24:55.0933 2304  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:24:55.0973 2304  WPDBusEnum - ok
14:24:56.0003 2304  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:24:56.0103 2304  ws2ifsl - ok
14:24:56.0133 2304  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
14:24:56.0183 2304  wscsvc - ok
14:24:56.0223 2304  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
14:24:56.0273 2304  WSDPrintDevice - ok
14:24:56.0273 2304  WSearch - ok
14:24:56.0383 2304  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:24:56.0533 2304  wuauserv - ok
14:24:56.0553 2304  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:24:56.0663 2304  WudfPf - ok
14:24:56.0703 2304  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:24:56.0813 2304  WUDFRd - ok
14:24:56.0833 2304  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:24:56.0933 2304  wudfsvc - ok
14:24:56.0963 2304  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:24:57.0023 2304  WwanSvc - ok
14:24:57.0083 2304  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
14:24:57.0133 2304  ZTEusbmdm6k - ok
14:24:57.0163 2304  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
14:24:57.0193 2304  ZTEusbnmea - ok
14:24:57.0223 2304  [ 3762B4C538B9D710F85042849C20319F ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
14:24:57.0253 2304  ZTEusbser6k - ok
14:24:57.0283 2304  ================ Scan global ===============================
14:24:57.0303 2304  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:24:57.0343 2304  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:24:57.0363 2304  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:24:57.0393 2304  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:24:57.0443 2304  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:24:57.0453 2304  [Global] - ok
14:24:57.0453 2304  ================ Scan MBR ==================================
14:24:57.0473 2304  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:24:58.0563 2304  \Device\Harddisk0\DR0 - ok
14:24:58.0563 2304  ================ Scan VBR ==================================
14:24:58.0593 2304  [ E14A76216885B5F2297461FD64106EBF ] \Device\Harddisk0\DR0\Partition1
14:24:58.0593 2304  \Device\Harddisk0\DR0\Partition1 - ok
14:24:58.0623 2304  [ 3EAC921849959C0D6ED1FF9A548A684F ] \Device\Harddisk0\DR0\Partition2
14:24:58.0623 2304  \Device\Harddisk0\DR0\Partition2 - ok
14:24:58.0623 2304  ============================================================
14:24:58.0623 2304  Scan finished
14:24:58.0623 2304  ============================================================
14:24:58.0653 5308  Detected object count: 2
14:24:58.0653 5308  Actual detected object count: 2
14:25:15.0305 5308  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:25:15.0305 5308  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:25:15.0305 5308  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:25:15.0305 5308  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 02.01.2013, 20:51   #4
markusg
/// Malware-holic
 
Beseitigung von EXP/JS.Expack durch Avira ausreichend? - Standard

Beseitigung von EXP/JS.Expack durch Avira ausreichend?



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Beseitigung von EXP/JS.Expack durch Avira ausreichend?
adobe, antivir, audiograbber, avg, avira, avira trojaner exp/js.expack, beseitigung, bho, defender, explorer, failed, firefox, flash player, focus, format, home, hängen, install.exe, intranet, logfile, mozilla, realtek, registry, rundll, scan, search the web, server, services.exe, software, svchost.exe, udp



Ähnliche Themen: Beseitigung von EXP/JS.Expack durch Avira ausreichend?


  1. Avira durch gruppenrichtlinie blokiert
    Log-Analyse und Auswertung - 16.03.2015 (21)
  2. Trojanerfunde durch Avira - was tun ?
    Plagegeister aller Art und deren Bekämpfung - 04.03.2015 (13)
  3. Avira durch gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 26.07.2014 (17)
  4. Adware durch AVIRA entdeckt
    Log-Analyse und Auswertung - 06.05.2014 (11)
  5. win32.downloader.gen trotz angeblicher Beseitigung durch spybot sofort wieder da
    Log-Analyse und Auswertung - 03.02.2014 (2)
  6. Windows 7: Avira meldet Fund von EXP/JS.Expack.EB
    Log-Analyse und Auswertung - 27.01.2014 (5)
  7. Virus TR/ATRAPS.Gen2 durch Avira entdeckt. Keine Lösung durch Avira
    Log-Analyse und Auswertung - 29.10.2013 (3)
  8. Avira findet erst JS.Expack.EM und dann Spy.Zbot
    Log-Analyse und Auswertung - 11.03.2013 (24)
  9. EXP/JS.Expack.DX
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (15)
  10. habe Malewarebytes,TDSS Killer,OTL und gmer vom Laptop Entfernt und danach ein avira fund ""EXP/JS.Expack.EB" gemacht
    Mülltonne - 05.02.2013 (1)
  11. Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM
    Log-Analyse und Auswertung - 13.01.2013 (20)
  12. JS/Expack.AHE.3
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (1)
  13. EXP/Js.Expack.CQ -- danach rechner langsam, avira findet 88 verstecke objekte und "mögliche archivbombe"
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (1)
  14. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  15. System hängt, Avira & Malwarebytes crash nach Trojanerfund durch Avira
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (56)
  16. Virenwarnungen durch Avira / Laggs
    Log-Analyse und Auswertung - 01.12.2009 (1)
  17. TR/PSW.Agent.mrh entdeckt durch Avira
    Log-Analyse und Auswertung - 21.04.2009 (4)

Zum Thema Beseitigung von EXP/JS.Expack durch Avira ausreichend? - Hallo zusammen, ich habe bei einem Systemcheck mit Avira vor drei Tagen folgende Meldung gehabt und versuche mich seitdem an der Problemlösung: Code: Alles auswählen Aufklappen ATTFilter Der Suchlauf über - Beseitigung von EXP/JS.Expack durch Avira ausreichend?...
Archiv
Du betrachtest: Beseitigung von EXP/JS.Expack durch Avira ausreichend? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.