| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spam Mail über GMX AccountWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.01.2013, 15:06
| #1 |
| |  Spam Mail über GMX Account Hallo, über meinen GMX Account wurden letzte Woche Spam-Mails an alle Mitglieder meines GMX-Adressbuches versendet. Das GMX Adressbuch habe ich vor über 10 Jahren mal angelegt und wird von mir nicht gepflegt und man kann darauf nur über die Weboberfläche zugreifen (wird nicht synchronisiert). Bemerkt habe ich es weil ich sehr viel Zustellfehler von uralten Kontakten bekommen habe. In meinem lokal genutzten Thunderbird sind die Empfänger nicht vorhanden (weder in Mails noch in Kontakten). Mich würde jetzt interessieren ob da jemand mein Passwort geknackt hat oder ob das irgendwie über meinen Rechner passiert ist. Der Virenscanner hat sich nicht gemeldet. Danke & Gruß Andi otl.txt: Code:
ATTFilter OTL logfile created on: 02.01.2013 12:36:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andi\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 3,95 Gb Available Physical Memory | 66,78% Memory free 11,82 Gb Paging File | 9,56 Gb Available in Paging File | 80,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 98,52 Gb Total Space | 17,46 Gb Free Space | 17,72% Space Free | Partition Type: NTFS Drive D: | 19,53 Gb Total Space | 3,59 Gb Free Space | 18,40% Space Free | Partition Type: NTFS Drive E: | 97,66 Gb Total Space | 43,66 Gb Free Space | 44,71% Space Free | Partition Type: NTFS Drive H: | 97,66 Gb Total Space | 54,52 Gb Free Space | 55,83% Space Free | Partition Type: NTFS Computer Name: VOSTRO3350 | User Name: andi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.02 09:20:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andi\Downloads\OTL.exe PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2012.08.21 06:03:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.10 07:12:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.10 07:12:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.03.19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Users\andi\temp\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.02.11 06:46:54 | 010,530,816 | ---- | M] (NTeWORKS) -- C:\Program Files (x86)\PicPick\picpick.exe PRC - [2012.01.18 15:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012.01.18 15:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2012.01.18 15:47:10 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2012.01.18 15:04:52 | 011,839,488 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe PRC - [2012.01.18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.19 19:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe PRC - [2011.08.19 19:32:40 | 000,423,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe PRC - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe PRC - [2010.12.29 19:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe PRC - [2010.12.15 16:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.06 05:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 05:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.11.03 18:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2010.11.03 18:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2010.11.03 17:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2010.11.03 17:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2010.10.05 20:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.05 20:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.08.18 21:43:38 | 000,463,912 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe PRC - [2010.07.16 08:42:51 | 000,872,518 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090922-1655\soffice.exe PRC - [2009.07.06 20:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe ========== Modules (No Company Name) ========== MOD - [2012.11.17 09:09:52 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll MOD - [2012.11.17 09:09:51 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll MOD - [2012.11.17 07:05:34 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 07:05:16 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.17 07:05:12 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.17 07:05:04 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012.11.17 07:05:00 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.17 07:04:58 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.17 07:04:57 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.17 07:04:45 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.12.15 16:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2010.11.25 04:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.30 10:27:24 | 002,854,984 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100125-1700\ucpchelp1.dll MOD - [2010.07.30 10:27:24 | 002,400,323 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100125-1700\vcl645mi.dll MOD - [2010.07.30 10:27:24 | 000,299,083 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100125-1700\xcr645mi.dll MOD - [2010.07.30 10:27:23 | 002,981,961 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100125-1700\svt645mi.dll MOD - [2010.07.30 10:27:23 | 001,224,776 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100125-1700\tk645mi.dll MOD - [2010.07.30 10:27:23 | 000,413,764 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100125-1700\so645mi.dll MOD - [2010.07.30 10:27:22 | 002,326,598 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100125-1700\sb645mi.dll MOD - [2010.07.30 10:27:22 | 001,716,292 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100125-1700\sax.uno.dll MOD - [2010.07.30 10:27:21 | 001,921,103 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100125-1700\i18npool645mi.dll MOD - [2010.07.30 10:27:21 | 000,286,792 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100125-1700\go645mi.dll MOD - [2010.07.30 10:27:17 | 008,671,299 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20100125-1700\svx645mi.dll MOD - [2010.07.30 10:27:17 | 006,721,606 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20100125-1700\sfx645mi.dll MOD - [2010.07.30 10:27:17 | 000,397,382 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20100125-1700\ofa645mi.dll MOD - [2010.07.16 08:43:02 | 000,286,720 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\xerces-depdom_2_6.dll MOD - [2010.07.16 08:43:02 | 000,098,304 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\uwinapi.dll MOD - [2010.07.16 08:43:02 | 000,073,794 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\vos3MSC.dll MOD - [2010.07.16 08:43:02 | 000,036,864 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\xslt4cMessages_1_7_0.dll MOD - [2010.07.16 08:43:01 | 001,794,123 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\udkservice1.dll MOD - [2010.07.16 08:43:00 | 001,749,055 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\sal3.dll MOD - [2010.07.16 08:43:00 | 000,147,524 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\reg3.dll MOD - [2010.07.16 08:43:00 | 000,032,837 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\rmcxt3.dll MOD - [2010.07.16 08:42:58 | 001,437,784 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\log4pt.dll MOD - [2010.07.16 08:42:58 | 000,647,244 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\basicservice.uno.dll MOD - [2010.07.16 08:42:58 | 000,094,283 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\emser645mi.dll MOD - [2010.07.16 08:42:58 | 000,049,230 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090922-1655\jvmaccess3MSC.dll MOD - [2010.07.16 08:42:51 | 000,872,518 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090922-1655\soffice.exe MOD - [2010.07.16 08:42:50 | 000,204,883 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090922-1655\oleautobridge.uno.dll MOD - [2010.07.16 08:42:49 | 001,601,610 | ---- | M] () -- E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090922-1655\desktp645mi.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.02.05 00:30:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.12.03 16:26:34 | 003,143,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.06 14:26:35 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.10 07:12:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.10 07:12:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Users\andi\temp\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.18 15:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012.01.18 15:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012.01.18 15:04:52 | 011,839,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2012.01.18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011.08.19 19:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-worker) SRV - [2011.08.19 19:51:48 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-server) SRV - [2011.08.19 19:32:40 | 000,423,536 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent) SRV - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc) SRV - [2011.01.25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2010.12.29 19:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2010.12.17 20:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.12.17 20:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2010.12.17 20:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.12.03 16:14:58 | 002,696,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.11.06 05:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.11.03 18:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2010.11.03 18:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2010.11.03 17:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.10.05 20:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.05 20:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.18 21:43:38 | 000,463,912 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.05.10 07:12:47 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.10 07:12:47 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 15:47:44 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2012.01.18 15:46:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2012.01.18 13:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2012.01.18 13:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.10.11 14:00:32 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.08.29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2011.08.08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.04.12 12:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.03.29 10:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cjusb.sys -- (cjusb) DRV:64bit: - [2011.03.26 03:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.03.26 03:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.05 00:59:50 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.02.04 23:53:42 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.01.25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.12.21 15:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.12.16 04:56:06 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.13 15:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.12.10 22:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 22:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.12.01 11:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.07 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.11.04 11:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2010.11.04 09:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2010.10.29 15:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.10.26 20:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.10.20 00:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.21 15:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.20 17:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.08.12 16:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010.07.30 20:42:12 | 000,274,984 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:64bit: - [2010.06.24 16:53:38 | 000,060,968 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard) DRV:64bit: - [2010.04.27 16:02:50 | 000,468,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:64bit: - [2010.04.27 16:02:50 | 000,416,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV:64bit: - [2010.04.27 16:02:50 | 000,378,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV:64bit: - [2010.04.27 16:02:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.03 17:30:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:64bit: - [2010.03.03 17:30:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:64bit: - [2010.01.26 02:18:20 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps) DRV:64bit: - [2010.01.05 02:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.10.07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2009.10.07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://sagw.daimler.com/dana-na/auth/url_37/welcome.cgi IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6D90A897-D13D-41AD-BD4B-E7CE3F30D35C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "file:///D:/startpage/index.html" FF - prefs.js..extensions.enabledAddons: de_DE%40dicts.j3e.de:20120628 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: otis%40digitalpersona.com:5.0.0.4503 FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q= " FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.05.24 09:49:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.06 10:15:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 14:26:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 14:26:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 20:25:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 14:26:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 14:26:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 20:25:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.15 08:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Extensions [2011.06.15 08:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.29 15:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\ax756eps.default\extensions [2012.12.29 15:56:13 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\ax756eps.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.07.04 05:40:59 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\ax756eps.default\extensions\de_DE@dicts.j3e.de [2012.09.19 07:03:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\ax756eps.default\extensions\ich@maltegoetz.de [2012.12.29 15:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\ax756eps.default\extensions\staged [2012.12.06 14:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.05.24 09:49:29 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES (X86)\DIGITALPERSONA\BIN\FIREFOXEXT [2012.12.06 14:26:35 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [1999.12.31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.09.11 16:20:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.17 05:53:10 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012.11.12 12:10:16 | 000,001,155 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.1.10 cism-web.es.corpintra.net O1 - Hosts: 127.0.1.11 sstrdi03.wk.dcx.com O1 - Hosts: 127.0.1.12 sstrdi04.wk.dcx.com O1 - Hosts: 127.0.1.13 cism-system.es.corpintra.net O1 - Hosts: 127.0.1.14 vidb201.de050.corpintra.net O1 - Hosts: 127.0.1.15 stcedp30.e.corpintra.net O1 - Hosts: 127.0.1.17 sedcd101.e.corpintra.net O1 - Hosts: 127.0.1.19 sedcd107.e.corpintra.net O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe (NTeWORKS) O4 - HKCU..\Run: [SODCPreLoad] E:\Lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe () O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe (Microsoft) O4 - Startup: C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk = C:\Users\andi\AppData\Local\CloudStation\bin\cloud.exe () O4 - Startup: C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab (HPVirtualRooms35 Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{152E0978-C39F-4AF7-B818-8F2F37076E7F}: DhcpNameServer = 192.168.129.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DEEEDEB-9E0C-476C-B4C2-A875934223CC}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57659BF8-DA43-4BC7-B217-1C381AB25F32}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.31 18:45:52 | 000,000,000 | RH-D | C] -- C:\ESD [2012.12.31 09:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live Usb Helper [2012.12.29 15:56:16 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\QuickScan [2012.12.21 08:27:54 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\smkits [2012.12.20 22:12:14 | 000,063,088 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\drivers\vmx86.sys [2012.12.20 22:11:44 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\windows\SysWow64\vmnetdhcp.exe [2012.12.20 22:11:40 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\windows\SysWow64\vmnat.exe [2012.12.20 22:11:40 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\drivers\vmnetuserif.sys [2012.12.20 22:11:38 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\vnetlib64.dll [2012.12.20 22:11:36 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\drivers\hcmon.sys [2012.12.20 22:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware [2012.12.20 22:11:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines [2012.12.20 22:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2012.12.06 14:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.06 10:18:46 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\PDF Architect [2012.12.06 10:15:43 | 000,000,000 | ---D | C] -- C:\Users\andi\Documents\PDF Architect Files [2012.12.06 10:15:43 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\APP_NAME_NON_STRING [2012.12.06 10:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2012.12.06 10:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect [2012.12.06 10:15:29 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\pdfforge [2012.12.06 10:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.12.06 10:15:28 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\windows\SysNative\pdfcmon.dll [2012.12.06 10:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.12.06 10:14:12 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Local\Programs [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.02 11:40:25 | 001,538,060 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.01.02 11:40:25 | 000,668,568 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.01.02 11:40:25 | 000,630,410 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.01.02 11:40:25 | 000,135,164 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.01.02 11:40:25 | 000,111,546 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.01.02 11:39:21 | 000,013,664 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.02 11:39:21 | 000,013,664 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.02 11:31:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.01.02 11:31:42 | 463,867,903 | -HS- | M] () -- C:\hiberfil.sys [2013.01.02 09:17:32 | 000,000,000 | ---- | M] () -- C:\Users\andi\defogger_reenable [2013.01.01 12:11:32 | 000,001,361 | ---- | M] () -- C:\Users\andi\Desktop\Windows installieren.lnk [2012.12.22 07:38:49 | 000,464,416 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.12.20 22:11:34 | 000,001,024 | ---- | M] () -- C:\.rnd [2012.12.20 22:11:28 | 001,558,888 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.12.20 22:11:24 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk [2012.12.06 10:15:48 | 000,000,999 | ---- | M] () -- C:\Users\andi\Desktop\PDF Architect.lnk [2012.12.06 10:15:30 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.02 09:17:32 | 000,000,000 | ---- | C] () -- C:\Users\andi\defogger_reenable [2013.01.01 03:51:26 | 000,001,361 | ---- | C] () -- C:\Users\andi\Desktop\Windows installieren.lnk [2012.12.20 22:11:24 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk [2012.12.06 10:15:48 | 000,000,999 | ---- | C] () -- C:\Users\andi\Desktop\PDF Architect.lnk [2012.12.06 10:15:30 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.03.22 18:01:03 | 000,005,632 | ---- | C] () -- C:\Users\andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.22 09:00:44 | 000,000,396 | ---- | C] () -- C:\windows\hbcikrnl.ini [2011.10.22 09:00:39 | 000,167,936 | ---- | C] () -- C:\windows\SysWow64\SerialXP.dll [2011.10.22 09:00:39 | 000,027,648 | ---- | C] () -- C:\windows\SysWow64\win32com.dll [2011.08.14 19:53:21 | 000,000,000 | ---- | C] () -- C:\Users\andi\AppData\Local\rx_image32.Cache [2011.06.08 13:15:27 | 000,007,604 | ---- | C] () -- C:\Users\andi\AppData\Local\resmon.resmoncfg [2011.06.07 13:22:50 | 001,558,888 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.05.24 11:42:15 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2011.05.24 11:41:53 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.05.24 11:41:53 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.05.24 11:41:53 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011.05.24 11:41:52 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.05.24 11:40:53 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini [2011.05.24 11:40:50 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini [2011.05.24 11:40:50 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini [2011.05.24 11:40:50 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini [2011.05.24 11:40:49 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini [2011.05.24 11:40:49 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini [2011.05.24 11:40:49 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini [2011.05.24 09:22:44 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011.05.24 09:17:30 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat [2011.05.24 09:14:05 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011.04.26 10:25:40 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.06 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\ALFBanCo4 [2012.12.06 10:15:43 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\APP_NAME_NON_STRING [2012.04.25 10:54:38 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\AR System [2011.06.05 07:54:17 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\DigitalPersona [2013.01.02 12:10:43 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\Dropbox [2011.10.09 13:07:50 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\elsterformular [2011.08.01 10:53:10 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\IrfanView [2011.06.10 09:33:12 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\Juniper Networks [2012.10.29 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\Mp3tag [2011.10.07 07:25:21 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\Notepad++ [2012.02.10 10:02:39 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\PCDr [2012.12.06 10:18:50 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\PDF Architect [2012.12.06 10:15:29 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\pdfforge [2011.10.27 08:56:53 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\picpick [2012.12.29 15:56:19 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\QuickScan [2012.12.21 08:27:54 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\smkits [2011.11.06 16:09:37 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\SoftGrid Client [2012.07.05 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\TeamViewer [2011.06.15 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\Thunderbird [2011.06.10 10:46:39 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\TP [2012.09.05 09:22:24 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\WirelessManager [2011.08.14 20:03:51 | 000,000,000 | ---D | M] -- C:\Users\andi\AppData\Roaming\WMCore ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.01.2013 12:36:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andi\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,91 Gb Total Physical Memory | 3,95 Gb Available Physical Memory | 66,78% Memory free
11,82 Gb Paging File | 9,56 Gb Available in Paging File | 80,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98,52 Gb Total Space | 17,46 Gb Free Space | 17,72% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 3,59 Gb Free Space | 18,40% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 43,66 Gb Free Space | 44,71% Space Free | Partition Type: NTFS
Drive H: | 97,66 Gb Total Space | 54,52 Gb Free Space | 55,83% Space Free | Partition Type: NTFS
Computer Name: VOSTRO3350 | User Name: andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Notepad++_file] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C1B233-80F1-42F2-B780-421F058FD10E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C20832B-51A8-474E-958C-DC255D7006E4}" = rport=138 | protocol=17 | dir=out | app=system |
"{368782FF-30F0-4037-8CC0-118DD7997076}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3726C28E-7ED2-4839-BEAA-3D91CB9A18EC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{407227D3-4CBA-4C6F-9E21-69F037BA6917}" = lport=137 | protocol=17 | dir=in | app=system |
"{4849A7F7-09A0-48C9-A5C8-B686B3C49882}" = lport=139 | protocol=6 | dir=in | app=system |
"{4B33EDCA-4D2A-41BB-9F4F-7634CE4F3A05}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E965B5F-8BB0-4C32-B3CC-59F0E4C84721}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5558D6A6-17D0-4596-8F74-0C6043FD9868}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67E7A402-7556-41A6-BD64-EC7F18333FB9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8667FCF3-C907-46FA-ACFF-7A6C87F3F0B2}" = lport=9089 | protocol=6 | dir=in | name=vmware vcenter converter standalone - agent |
"{8669E6AE-C3DD-42EF-943D-492D3C8FB883}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C8ABF0B-1452-412A-A6BB-66893AF74075}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DC04BDA-A1A0-4877-9725-73CF1751E2C9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9684A3BF-11CD-494A-BCD2-B13510065A6F}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA8FC15B-E6B4-44F3-9FEB-0BE9D5263773}" = rport=137 | protocol=17 | dir=out | app=system |
"{BF8C9718-76E2-4D1A-AE0E-2CEE964D8041}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C8D3C84D-46AF-4C77-BE3C-1CC49589CC31}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D9E30BD4-C8F5-421C-939F-0DA43EB4A5CD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E8342232-8022-4924-BCCD-7BC295ED0A6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EC792F64-595C-464D-AA4B-79885E1473A6}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC970756-EE54-44A9-B6B3-F9C533A5D373}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F14FEF3D-116A-4B9D-8477-2FAA9AE66B7B}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD5CD9A3-D1D0-46B5-9596-6B845AF0AC5E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C6243D-465C-4E28-8121-51A59C7F22FE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{077A1F89-FED5-4F6E-99C0-6BB433B01840}" = protocol=6 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe |
"{091079D7-0047-4257-B017-ABC9194878E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{109AFA10-18E9-4D49-A7B8-FFD81151C781}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{20A9D015-5C73-4F2F-83AE-596D7D31AA48}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2126543E-1B18-4CAE-9568-2CBB83203891}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2BFEEC4C-EF5C-4AF4-B29C-90107A16F6B3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{329B4D07-CCC1-492D-A556-D92F8CCC1C22}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{3D92B3DC-E488-4E3C-A0C9-60F008B9348C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3F3C5D68-A488-47ED-AAB7-E38D29BD32A6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4078D6E2-2DC9-403C-81A3-192449213C56}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{5A08E930-5A9C-49EF-AFF2-D604A5DE493D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5C32BAE8-034E-4D53-94B0-25019528913A}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{5D6C5720-BF3B-4878-A684-319B382442A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5D71237A-70E7-4682-B951-8A5AB6352607}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5DD51A8B-54AC-43E6-B7EF-06BEEF454042}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5DFDD655-9C96-4DA2-B591-84D381CA0E33}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{69A573F6-B48C-400A-BA19-2E004BDCA47A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{703F6F03-67E0-404A-8F2A-CDFBB064EEE3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{7C43F58A-0BAB-4642-A9D5-E54658D8CA8C}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{8CEC8777-FCFB-4012-8812-7D37F5A110D5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9FCBF93B-113B-408E-96C1-55EA3976B85E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{A09E0839-2DA0-41FB-A190-823AA01117C5}" = protocol=17 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe |
"{A4ED92AA-4D36-4B93-9A4C-6A4E599DFD79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A7A4B3CF-9ED4-4C4B-86C1-1694FF39345A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AC45FF77-9765-4984-B9D3-9B879D0F122F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B25E125F-C2BA-4117-B868-596B6064C535}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{BA849166-232F-48B8-8F9C-BC2646F4AF4F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C2885AA5-9486-4B91-915A-3157C0E4C27E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C456F4A2-2F19-42CB-AE3F-3AF4D94A8849}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{C48A3BE3-EED4-45AD-AFE2-0398C1A474D8}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{CE41CF47-348B-41AA-914B-BBDDE4A7C443}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D8BDC5C0-AF8D-4285-8D20-B3F8200CAD9E}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{DB6DFFD2-E466-4812-81EF-85054255FC06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F7B5F4B4-66CD-498E-B983-52407E49C00A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FBD593EA-B060-4598-B4F3-E3DDF68C0949}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{09BAACDF-40EC-4F32-BB15-0BB815B4D817}E:\lotus\r85client\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe" = protocol=6 | dir=in | app=e:\lotus\r85client\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe |
"TCP Query User{5308A15F-D325-4FD0-A80D-9B0D335D4D24}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A42F695F-4D64-416E-B057-13F61E63E18C}C:\users\andi\appdata\local\temp\i1335347529\windows\resource\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\andi\appdata\local\temp\i1335347529\windows\resource\jre\bin\javaw.exe |
"TCP Query User{C4929743-2433-4624-B98A-88A0B00E53BE}E:\java\eclipse\eclipse.exe" = protocol=6 | dir=in | app=e:\java\eclipse\eclipse.exe |
"TCP Query User{D0CEA919-D98F-410B-91A8-F169D878BCD5}D:\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\jdownloader_portableapps\commonfiles\java\bin\javaw.exe |
"UDP Query User{33CD4A35-2BAF-4687-9B01-A44474E674FA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6059BD76-3906-4C49-9B6D-2317553FD5C7}D:\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\jdownloader_portableapps\commonfiles\java\bin\javaw.exe |
"UDP Query User{898BCC14-1836-4CD3-81E5-EB9D7843CF58}E:\lotus\r85client\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe" = protocol=17 | dir=in | app=e:\lotus\r85client\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe |
"UDP Query User{B6063E1B-1E86-4E34-9F3E-5011EEA3B071}E:\java\eclipse\eclipse.exe" = protocol=17 | dir=in | app=e:\java\eclipse\eclipse.exe |
"UDP Query User{CF9F959E-FEE3-41A0-950C-C0512DB89486}C:\users\andi\appdata\local\temp\i1335347529\windows\resource\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\andi\appdata\local\temp\i1335347529\windows\resource\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{18C99C4F-6BAB-84D1-261B-EC1099610C63}" = ATI AVIVO64 Codecs
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{480C331C-C21E-F744-DBFF-98F8F2B0D4AC}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{56BAC4EE-B1DA-42A7-ACA5-7A353F2ED1DA}" = Validity Sensors DDK
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{729F2EAD-6283-7CFE-E5DB-03C653A309E0}" = ccc-utility64
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8F4884F1-488D-4738-8F71-65A378BB484C}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{07E10D8F-9E63-9334-4902-192A954E3B64}" = CCC Help Norwegian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0FA0F736-0851-C84A-08AE-D2F39C188B83}" = PX Profile Update
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{154A9EEB-05FC-45E6-B7BD-75D27ED02276}" = Crystal11_Redistributables
"{17422E25-DCC9-9192-6FC7-A0E8B324A7C9}" = CCC Help Finnish
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{2554B5A7-330A-D672-0F4B-D960F4F4F428}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36C6F513-5800-96BF-12EA-B4C7DC7DD671}" = Catalyst Control Center InstallProxy
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{428C0601-9461-B6C8-D6D6-191FF8308410}" = ccc-core-static
"{46314378-EB8B-46B4-A790-4CFD0461ADA1}" = Catalyst Control Center - Branding
"{470AE5CD-6626-2D2A-6123-5D898D8813E5}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5765DDB0-6A73-F8CB-006E-76168E3DE49F}" = CCC Help Danish
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5CFB494B-1A52-82E3-9EB2-8E21084390F6}" = CCC Help Swedish
"{5D2E23BC-C6A2-BB50-E738-B756F8040E65}" = CCC Help English
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68998208-3CED-2259-C735-92F0C0D57620}" = Catalyst Control Center Localization All
"{69D91A61-4328-08DD-E0FB-D011E324F610}" = Catalyst Control Center Profiles Mobile
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CA87328-1AFA-3B5C-A279-C917D299E0CB}" = CCC Help Italian
"{8328181F-5C6B-9304-DDDC-85BE47A3B917}" = CCC Help Spanish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{878F597D-BA4C-2694-55E9-F1AE1988B144}" = CCC Help Portuguese
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BA22076-945C-F764-4D33-2AF4DFE6A3F0}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{9E1024FE-2009-2350-446F-3A6E00E5181A}" = CCC Help Russian
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B28FC637-A783-FE1C-8488-CAA05F11B690}" = CCC Help Chinese Traditional
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9454417-3019-FDB1-272B-A64F39202E3C}" = CCC Help Korean
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDF0C1D5-D980-48F9-BA19-0ECEDEF8C5D4}" = VMware vCenter Converter Standalone
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9C53AC8-C288-5727-1856-5B641CDFA2C1}" = CCC Help Dutch
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC687ED0-69A9-67E7-0219-55CFB9B643CC}" = CCC Help Chinese Standard
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Alf-BanCo4_is1" = ALF-BanCo 4
"ARSystem 1" = BMC Remedy Action Request System 7.6.04 SP1 Install 1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"ElsterFormular für Unternehmer 12.3.2.6814u" = ElsterFormular-Upgrade
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0 (x86 en-US)" = Mozilla Thunderbird 17.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.53
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"PicPick" = PicPick
"SABnzbd" = SABnzbd 0.6.14
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Synology CloudStation" = Synology Cloud Station (remove only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.07.2012 11:01:55 | Computer Name = vostro3350 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 11.07.2012 11:01:55 | Computer Name = vostro3350 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 11.07.2012 11:01:55 | Computer Name = vostro3350 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 11.07.2012 11:01:55 | Computer Name = vostro3350 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 11.07.2012 11:01:55 | Computer Name = vostro3350 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 11.07.2012 11:01:55 | Computer Name = vostro3350 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 11.07.2012 11:01:55 | Computer Name = vostro3350 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 11.07.2012 11:01:55 | Computer Name = vostro3350 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 11.07.2012 11:01:55 | Computer Name = vostro3350 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 11.07.2012 11:01:55 | Computer Name = vostro3350 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
[ System Events ]
Error - 01.01.2013 07:08:07 | Computer Name = vostro3350 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.
Error - 01.01.2013 07:11:07 | Computer Name = vostro3350 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.
Error - 01.01.2013 07:11:50 | Computer Name = vostro3350 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.
Error - 01.01.2013 07:11:51 | Computer Name = vostro3350 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.
Error - 01.01.2013 07:11:51 | Computer Name = vostro3350 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.
Error - 01.01.2013 07:11:52 | Computer Name = vostro3350 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.
Error - 01.01.2013 07:11:52 | Computer Name = vostro3350 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.
Error - 01.01.2013 07:21:21 | Computer Name = vostro3350 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.
Error - 01.01.2013 07:21:22 | Computer Name = vostro3350 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.
Error - 01.01.2013 07:21:22 | Computer Name = vostro3350 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.
< End of report >
Geändert von andi24 (02.01.2013 um 15:20 Uhr) |
|
02.01.2013, 15:52
| #2 |
| /// Malware-holic   | Spam Mail über GMX Account Hi,
__________________download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
02.01.2013, 23:05
| #3 |
| | Spam Mail über GMX Account Hallo markusg,
__________________vielen Dank für deine Unterstützung. Hier das Log: Code:
ATTFilter 23:00:59.0559 5428 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:01:00.0667 5428 ============================================================
23:01:00.0667 5428 Current date / time: 2013/01/02 23:01:00.0667
23:01:00.0667 5428 SystemInfo:
23:01:00.0667 5428
23:01:00.0667 5428 OS Version: 6.1.7601 ServicePack: 1.0
23:01:00.0667 5428 Product type: Workstation
23:01:00.0667 5428 ComputerName: VOSTRO3350
23:01:00.0667 5428 UserName: andi
23:01:00.0667 5428 Windows directory: C:\windows
23:01:00.0667 5428 System windows directory: C:\windows
23:01:00.0667 5428 Running under WOW64
23:01:00.0667 5428 Processor architecture: Intel x64
23:01:00.0667 5428 Number of processors: 4
23:01:00.0667 5428 Page size: 0x1000
23:01:00.0667 5428 Boot type: Normal boot
23:01:00.0667 5428 ============================================================
23:01:01.0026 5428 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:01:01.0026 5428 ============================================================
23:01:01.0026 5428 \Device\Harddisk0\DR0:
23:01:01.0026 5428 MBR partitions:
23:01:01.0026 5428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
23:01:01.0026 5428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0xC508830
23:01:01.0057 5428 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE288000, BlocksNum 0x2710000
23:01:01.0073 5428 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x10998800, BlocksNum 0xC350000
23:01:01.0073 5428 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x1CCE9000, BlocksNum 0xC350000
23:01:01.0073 5428 ============================================================
23:01:01.0119 5428 C: <-> \Device\Harddisk0\DR0\Partition2
23:01:01.0151 5428 H: <-> \Device\Harddisk0\DR0\Partition5
23:01:01.0197 5428 D: <-> \Device\Harddisk0\DR0\Partition3
23:01:01.0229 5428 E: <-> \Device\Harddisk0\DR0\Partition4
23:01:01.0229 5428 ============================================================
23:01:01.0229 5428 Initialize success
23:01:01.0229 5428 ============================================================
23:01:23.0303 5656 ============================================================
23:01:23.0303 5656 Scan started
23:01:23.0303 5656 Mode: Manual; SigCheck; TDLFS;
23:01:23.0303 5656 ============================================================
23:01:23.0537 5656 ================ Scan system memory ========================
23:01:23.0537 5656 System memory - ok
23:01:23.0537 5656 ================ Scan services =============================
23:01:23.0677 5656 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
23:01:23.0802 5656 1394ohci - ok
23:01:23.0833 5656 [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler C:\windows\system32\DRIVERS\Accelern.sys
23:01:23.0864 5656 Acceler - ok
23:01:23.0895 5656 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
23:01:23.0927 5656 ACPI - ok
23:01:23.0927 5656 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
23:01:24.0036 5656 AcpiPmi - ok
23:01:24.0067 5656 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
23:01:24.0098 5656 adp94xx - ok
23:01:24.0098 5656 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
23:01:24.0114 5656 adpahci - ok
23:01:24.0129 5656 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
23:01:24.0129 5656 adpu320 - ok
23:01:24.0161 5656 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
23:01:24.0317 5656 AeLookupSvc - ok
23:01:24.0395 5656 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
23:01:24.0473 5656 AESTFilters - ok
23:01:24.0535 5656 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
23:01:24.0629 5656 AFD - ok
23:01:24.0644 5656 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
23:01:24.0660 5656 agp440 - ok
23:01:24.0675 5656 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
23:01:24.0722 5656 ALG - ok
23:01:24.0738 5656 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
23:01:24.0753 5656 aliide - ok
23:01:24.0769 5656 [ EC9904687265F3274583258AA435B405 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
23:01:24.0878 5656 AMD External Events Utility - ok
23:01:24.0878 5656 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
23:01:24.0894 5656 amdide - ok
23:01:24.0894 5656 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
23:01:24.0972 5656 AmdK8 - ok
23:01:25.0143 5656 [ 1E04097AC7637F11257003D5DB8780D6 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
23:01:25.0362 5656 amdkmdag - ok
23:01:25.0393 5656 [ 3796C675884092141D5ECE9B2689D113 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
23:01:25.0424 5656 amdkmdap - ok
23:01:25.0440 5656 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
23:01:25.0471 5656 AmdPPM - ok
23:01:25.0502 5656 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
23:01:25.0533 5656 amdsata - ok
23:01:25.0549 5656 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
23:01:25.0565 5656 amdsbs - ok
23:01:25.0565 5656 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
23:01:25.0580 5656 amdxata - ok
23:01:25.0643 5656 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:01:25.0674 5656 AntiVirSchedulerService - ok
23:01:25.0705 5656 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:01:25.0721 5656 AntiVirService - ok
23:01:25.0783 5656 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
23:01:25.0877 5656 AppID - ok
23:01:25.0892 5656 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
23:01:25.0970 5656 AppIDSvc - ok
23:01:26.0001 5656 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
23:01:26.0079 5656 Appinfo - ok
23:01:26.0157 5656 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:01:26.0189 5656 Apple Mobile Device - ok
23:01:26.0204 5656 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
23:01:26.0220 5656 AppMgmt - ok
23:01:26.0251 5656 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
23:01:26.0282 5656 arc - ok
23:01:26.0298 5656 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
23:01:26.0298 5656 arcsas - ok
23:01:26.0313 5656 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
23:01:26.0345 5656 AsyncMac - ok
23:01:26.0376 5656 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
23:01:26.0407 5656 atapi - ok
23:01:26.0469 5656 [ 36322190763845975E0D001E90687BF2 ] athur C:\windows\system32\DRIVERS\athurx.sys
23:01:26.0579 5656 athur - ok
23:01:26.0641 5656 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
23:01:26.0719 5656 AudioEndpointBuilder - ok
23:01:26.0735 5656 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
23:01:26.0766 5656 AudioSrv - ok
23:01:26.0781 5656 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
23:01:26.0781 5656 avgntflt - ok
23:01:26.0797 5656 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
23:01:26.0813 5656 avipbb - ok
23:01:26.0828 5656 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
23:01:26.0859 5656 avkmgr - ok
23:01:26.0906 5656 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
23:01:26.0984 5656 AxInstSV - ok
23:01:27.0000 5656 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
23:01:27.0047 5656 b06bdrv - ok
23:01:27.0062 5656 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
23:01:27.0093 5656 b57nd60a - ok
23:01:27.0140 5656 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
23:01:27.0187 5656 BDESVC - ok
23:01:27.0187 5656 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
23:01:27.0249 5656 Beep - ok
23:01:27.0312 5656 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
23:01:27.0405 5656 BFE - ok
23:01:27.0452 5656 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
23:01:27.0530 5656 BITS - ok
23:01:27.0546 5656 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
23:01:27.0561 5656 blbdrive - ok
23:01:27.0639 5656 [ 093B1B419EF25B15D3A1CA6953F41AFB ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
23:01:27.0671 5656 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
23:01:27.0671 5656 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
23:01:27.0717 5656 [ 03A7341E94ACD92E0831336D4F3ACE92 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
23:01:27.0795 5656 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
23:01:27.0795 5656 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
23:01:27.0842 5656 [ A2EBF384ED105FED7D05C5465500EF2E ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
23:01:27.0873 5656 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
23:01:27.0873 5656 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
23:01:27.0983 5656 [ 7091E0EA045A50952C57EB309B9CEA62 ] bmdrvr C:\windows\syswow64\drivers\bmdrvr.sys
23:01:27.0998 5656 bmdrvr - ok
23:01:28.0061 5656 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:01:28.0092 5656 Bonjour Service - ok
23:01:28.0107 5656 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
23:01:28.0139 5656 bowser - ok
23:01:28.0170 5656 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
23:01:28.0279 5656 BrFiltLo - ok
23:01:28.0295 5656 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
23:01:28.0295 5656 BrFiltUp - ok
23:01:28.0341 5656 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
23:01:28.0388 5656 Browser - ok
23:01:28.0419 5656 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
23:01:28.0482 5656 Brserid - ok
23:01:28.0513 5656 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
23:01:28.0529 5656 BrSerWdm - ok
23:01:28.0544 5656 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
23:01:28.0560 5656 BrUsbMdm - ok
23:01:28.0575 5656 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
23:01:28.0575 5656 BrUsbSer - ok
23:01:28.0622 5656 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
23:01:28.0747 5656 BthEnum - ok
23:01:28.0778 5656 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
23:01:28.0825 5656 BTHMODEM - ok
23:01:28.0841 5656 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
23:01:28.0856 5656 BthPan - ok
23:01:28.0887 5656 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
23:01:28.0950 5656 BTHPORT - ok
23:01:28.0997 5656 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
23:01:29.0059 5656 bthserv - ok
23:01:29.0090 5656 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
23:01:29.0153 5656 BTHUSB - ok
23:01:29.0199 5656 [ 16C1BAC9760C9FA85A30F3FA0FBB1B7A ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
23:01:29.0215 5656 btmaux - ok
23:01:29.0231 5656 [ 0C468D8DA95BE16BFDD380BB9DE88259 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
23:01:29.0277 5656 btmhsf - ok
23:01:29.0309 5656 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
23:01:29.0340 5656 cdfs - ok
23:01:29.0371 5656 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
23:01:29.0402 5656 cdrom - ok
23:01:29.0433 5656 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
23:01:29.0496 5656 CertPropSvc - ok
23:01:29.0527 5656 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
23:01:29.0543 5656 circlass - ok
23:01:29.0621 5656 [ 8FEE4423D682394EB436C975D0A3A994 ] cjpcsc C:\windows\SysWOW64\cjpcsc.exe
23:01:29.0652 5656 cjpcsc - ok
23:01:29.0699 5656 [ 06E1F5228399FC49A8D026DA38DB6784 ] cjusb C:\windows\system32\DRIVERS\cjusb.sys
23:01:29.0714 5656 cjusb - ok
23:01:29.0761 5656 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
23:01:29.0808 5656 CLFS - ok
23:01:29.0870 5656 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:01:29.0886 5656 clr_optimization_v2.0.50727_32 - ok
23:01:29.0917 5656 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:01:29.0933 5656 clr_optimization_v2.0.50727_64 - ok
23:01:29.0995 5656 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:01:30.0026 5656 clr_optimization_v4.0.30319_32 - ok
23:01:30.0042 5656 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:01:30.0057 5656 clr_optimization_v4.0.30319_64 - ok
23:01:30.0057 5656 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
23:01:30.0104 5656 CmBatt - ok
23:01:30.0135 5656 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
23:01:30.0167 5656 cmdide - ok
23:01:30.0229 5656 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
23:01:30.0276 5656 CNG - ok
23:01:30.0307 5656 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
23:01:30.0323 5656 Compbatt - ok
23:01:30.0354 5656 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
23:01:30.0385 5656 CompositeBus - ok
23:01:30.0401 5656 COMSysApp - ok
23:01:30.0401 5656 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
23:01:30.0416 5656 crcdisk - ok
23:01:30.0447 5656 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
23:01:30.0510 5656 CryptSvc - ok
23:01:30.0557 5656 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
23:01:30.0603 5656 CSC - ok
23:01:30.0650 5656 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
23:01:30.0681 5656 CscService - ok
23:01:30.0728 5656 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
23:01:30.0775 5656 CtClsFlt - ok
23:01:30.0838 5656 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:01:30.0931 5656 cvhsvc - ok
23:01:30.0962 5656 [ F0D19120042E8D1E6707767D2A3BBAA9 ] d554gps C:\windows\system32\DRIVERS\d554gps64.sys
23:01:30.0962 5656 d554gps - ok
23:01:30.0978 5656 [ A85AC106A96A65FBF5E028535D6E866E ] d554scard C:\windows\system32\DRIVERS\d554scard.sys
23:01:31.0009 5656 d554scard - ok
23:01:31.0040 5656 [ 7F61FBE259C18666D8DDF862F13A5EB0 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
23:01:31.0056 5656 dc3d - ok
23:01:31.0103 5656 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
23:01:31.0181 5656 DcomLaunch - ok
23:01:31.0212 5656 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
23:01:31.0243 5656 defragsvc - ok
23:01:31.0290 5656 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
23:01:31.0337 5656 DfsC - ok
23:01:31.0384 5656 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
23:01:31.0430 5656 Dhcp - ok
23:01:31.0446 5656 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
23:01:31.0508 5656 discache - ok
23:01:31.0555 5656 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
23:01:31.0555 5656 Disk - ok
23:01:31.0571 5656 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
23:01:31.0633 5656 Dnscache - ok
23:01:31.0664 5656 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
23:01:31.0727 5656 dot3svc - ok
23:01:31.0774 5656 [ C43618154FC0C8480F53B04BA7A2F371 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
23:01:31.0805 5656 DpHost - ok
23:01:31.0852 5656 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
23:01:31.0898 5656 DPS - ok
23:01:31.0914 5656 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
23:01:31.0945 5656 drmkaud - ok
23:01:32.0008 5656 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
23:01:32.0054 5656 DXGKrnl - ok
23:01:32.0070 5656 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
23:01:32.0117 5656 EapHost - ok
23:01:32.0210 5656 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
23:01:32.0320 5656 ebdrv - ok
23:01:32.0335 5656 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\windows\system32\Drivers\wwuss64.sys
23:01:32.0335 5656 ecnssndis - ok
23:01:32.0351 5656 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\windows\system32\Drivers\wwussf64.sys
23:01:32.0366 5656 ecnssndisfltr - ok
23:01:32.0398 5656 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
23:01:32.0460 5656 EFS - ok
23:01:32.0507 5656 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
23:01:32.0585 5656 ehRecvr - ok
23:01:32.0600 5656 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
23:01:32.0632 5656 ehSched - ok
23:01:32.0663 5656 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
23:01:32.0678 5656 elxstor - ok
23:01:32.0694 5656 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
23:01:32.0741 5656 ErrDev - ok
23:01:32.0772 5656 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
23:01:32.0834 5656 EventSystem - ok
23:01:32.0975 5656 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:01:33.0037 5656 EvtEng - ok
23:01:33.0068 5656 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
23:01:33.0084 5656 exfat - ok
23:01:33.0100 5656 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
23:01:33.0162 5656 fastfat - ok
23:01:33.0224 5656 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
23:01:33.0287 5656 Fax - ok
23:01:33.0318 5656 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
23:01:33.0349 5656 fdc - ok
23:01:33.0365 5656 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
23:01:33.0396 5656 fdPHost - ok
23:01:33.0396 5656 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
23:01:33.0427 5656 FDResPub - ok
23:01:33.0443 5656 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
23:01:33.0443 5656 FileInfo - ok
23:01:33.0458 5656 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
23:01:33.0521 5656 Filetrace - ok
23:01:33.0536 5656 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
23:01:33.0568 5656 flpydisk - ok
23:01:33.0599 5656 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
23:01:33.0646 5656 FltMgr - ok
23:01:33.0677 5656 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
23:01:33.0739 5656 FontCache - ok
23:01:33.0786 5656 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:01:33.0817 5656 FontCache3.0.0.0 - ok
23:01:33.0817 5656 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
23:01:33.0833 5656 FsDepends - ok
23:01:33.0864 5656 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
23:01:33.0880 5656 Fs_Rec - ok
23:01:33.0926 5656 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
23:01:33.0958 5656 fvevol - ok
23:01:33.0989 5656 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
23:01:33.0989 5656 gagp30kx - ok
23:01:34.0036 5656 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
23:01:34.0067 5656 GEARAspiWDM - ok
23:01:34.0114 5656 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
23:01:34.0176 5656 gpsvc - ok
23:01:34.0207 5656 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\windows\system32\drivers\hcmon.sys
23:01:34.0207 5656 hcmon - ok
23:01:34.0223 5656 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
23:01:34.0270 5656 hcw85cir - ok
23:01:34.0301 5656 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
23:01:34.0348 5656 HdAudAddService - ok
23:01:34.0379 5656 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
23:01:34.0410 5656 HDAudBus - ok
23:01:34.0426 5656 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
23:01:34.0441 5656 HidBatt - ok
23:01:34.0457 5656 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
23:01:34.0472 5656 HidBth - ok
23:01:34.0488 5656 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
23:01:34.0519 5656 HidIr - ok
23:01:34.0535 5656 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
23:01:34.0597 5656 hidserv - ok
23:01:34.0613 5656 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
23:01:34.0628 5656 HidUsb - ok
23:01:34.0644 5656 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
23:01:34.0706 5656 hkmsvc - ok
23:01:34.0738 5656 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
23:01:34.0800 5656 HomeGroupListener - ok
23:01:34.0847 5656 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
23:01:34.0878 5656 HomeGroupProvider - ok
23:01:34.0894 5656 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
23:01:34.0925 5656 HpSAMD - ok
23:01:34.0956 5656 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
23:01:35.0018 5656 HTTP - ok
23:01:35.0050 5656 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
23:01:35.0065 5656 hwpolicy - ok
23:01:35.0096 5656 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
23:01:35.0112 5656 i8042prt - ok
23:01:35.0143 5656 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
23:01:35.0174 5656 iaStor - ok
23:01:35.0221 5656 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:01:35.0237 5656 IAStorDataMgrSvc - ok
23:01:35.0268 5656 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
23:01:35.0299 5656 iaStorV - ok
23:01:35.0315 5656 [ FC85972037815FA7B413E790B426ACB2 ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
23:01:35.0330 5656 iBtFltCoex - ok
23:01:35.0377 5656 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:01:35.0408 5656 idsvc - ok
23:01:35.0627 5656 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
23:01:35.0876 5656 igfx - ok
23:01:35.0908 5656 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
23:01:35.0908 5656 iirsp - ok
23:01:35.0939 5656 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
23:01:36.0017 5656 IKEEXT - ok
23:01:36.0048 5656 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
23:01:36.0079 5656 IntcDAud - ok
23:01:36.0110 5656 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
23:01:36.0110 5656 intelide - ok
23:01:36.0329 5656 [ 795C99DC4F574C97C03D0BB39CF099EE ] intelkmd C:\windows\system32\DRIVERS\igdpmd64.sys
23:01:36.0578 5656 intelkmd - ok
23:01:36.0610 5656 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
23:01:36.0625 5656 intelppm - ok
23:01:36.0641 5656 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
23:01:36.0703 5656 IPBusEnum - ok
23:01:36.0734 5656 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
23:01:36.0750 5656 IpFilterDriver - ok
23:01:36.0797 5656 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
23:01:36.0844 5656 iphlpsvc - ok
23:01:36.0875 5656 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
23:01:36.0906 5656 IPMIDRV - ok
23:01:36.0922 5656 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
23:01:36.0953 5656 IPNAT - ok
23:01:37.0031 5656 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:01:37.0062 5656 iPod Service - ok
23:01:37.0078 5656 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
23:01:37.0156 5656 IRENUM - ok
23:01:37.0156 5656 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
23:01:37.0171 5656 isapnp - ok
23:01:37.0187 5656 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
23:01:37.0202 5656 iScsiPrt - ok
23:01:37.0218 5656 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
23:01:37.0234 5656 kbdclass - ok
23:01:37.0234 5656 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
23:01:37.0280 5656 kbdhid - ok
23:01:37.0296 5656 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
23:01:37.0312 5656 KeyIso - ok
23:01:37.0327 5656 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
23:01:37.0343 5656 KSecDD - ok
23:01:37.0374 5656 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
23:01:37.0405 5656 KSecPkg - ok
23:01:37.0421 5656 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
23:01:37.0452 5656 ksthunk - ok
23:01:37.0483 5656 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
23:01:37.0530 5656 KtmRm - ok
23:01:37.0561 5656 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
23:01:37.0608 5656 LanmanServer - ok
23:01:37.0639 5656 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
23:01:37.0686 5656 LanmanWorkstation - ok
23:01:37.0717 5656 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
23:01:37.0748 5656 lltdio - ok
23:01:37.0764 5656 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
23:01:37.0811 5656 lltdsvc - ok
23:01:37.0826 5656 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
23:01:37.0842 5656 lmhosts - ok
23:01:37.0889 5656 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:01:37.0920 5656 LMS - ok
23:01:37.0951 5656 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
23:01:37.0951 5656 LSI_FC - ok
23:01:37.0967 5656 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
23:01:37.0967 5656 LSI_SAS - ok
23:01:37.0982 5656 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
23:01:37.0998 5656 LSI_SAS2 - ok
23:01:37.0998 5656 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
23:01:38.0014 5656 LSI_SCSI - ok
23:01:38.0029 5656 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
23:01:38.0076 5656 luafv - ok
23:01:38.0123 5656 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\windows\system32\DRIVERS\lvrs64.sys
23:01:38.0170 5656 LVRS64 - ok
23:01:38.0326 5656 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\windows\system32\DRIVERS\lvuvc64.sys
23:01:38.0513 5656 LVUVC64 - ok
23:01:38.0544 5656 [ 6ED76604A833D403F24C48C360D2E8B1 ] Mbm3CBus C:\windows\system32\DRIVERS\Mbm3CBus.sys
23:01:38.0591 5656 Mbm3CBus - ok
23:01:38.0606 5656 [ 1C2B0E328C181A481F55B53305AE19D6 ] Mbm3DevMt C:\windows\system32\DRIVERS\Mbm3DevMt.sys
23:01:38.0622 5656 Mbm3DevMt - ok
23:01:38.0622 5656 [ B1324558985B6C06773655195571F613 ] Mbm3mdfl C:\windows\system32\DRIVERS\Mbm3mdfl.sys
23:01:38.0638 5656 Mbm3mdfl - ok
23:01:38.0653 5656 [ F3CC1CCBDAE0D8F42028CF4C38589714 ] Mbm3Mdm C:\windows\system32\DRIVERS\Mbm3Mdm.sys
23:01:38.0684 5656 Mbm3Mdm - ok
23:01:38.0716 5656 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
23:01:38.0747 5656 Mcx2Svc - ok
23:01:38.0762 5656 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
23:01:38.0778 5656 megasas - ok
23:01:38.0794 5656 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
23:01:38.0809 5656 MegaSR - ok
23:01:38.0825 5656 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
23:01:38.0856 5656 MEIx64 - ok
23:01:38.0872 5656 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
23:01:38.0887 5656 MMCSS - ok
23:01:38.0903 5656 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
23:01:38.0934 5656 Modem - ok
23:01:38.0950 5656 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
23:01:38.0965 5656 monitor - ok
23:01:38.0996 5656 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
23:01:39.0028 5656 mouclass - ok
23:01:39.0059 5656 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
23:01:39.0059 5656 mouhid - ok
23:01:39.0106 5656 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
23:01:39.0137 5656 mountmgr - ok
23:01:39.0199 5656 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:01:39.0230 5656 MozillaMaintenance - ok
23:01:39.0262 5656 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
23:01:39.0262 5656 mpio - ok
23:01:39.0277 5656 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
23:01:39.0293 5656 mpsdrv - ok
23:01:39.0340 5656 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
23:01:39.0386 5656 MpsSvc - ok
23:01:39.0418 5656 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
23:01:39.0464 5656 MRxDAV - ok
23:01:39.0496 5656 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
23:01:39.0542 5656 mrxsmb - ok
23:01:39.0574 5656 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
23:01:39.0620 5656 mrxsmb10 - ok
23:01:39.0636 5656 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
23:01:39.0652 5656 mrxsmb20 - ok
23:01:39.0652 5656 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
23:01:39.0667 5656 msahci - ok
23:01:39.0683 5656 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
23:01:39.0683 5656 msdsm - ok
23:01:39.0698 5656 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
23:01:39.0714 5656 MSDTC - ok
23:01:39.0730 5656 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
23:01:39.0761 5656 Msfs - ok
23:01:39.0761 5656 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
23:01:39.0792 5656 mshidkmdf - ok
23:01:39.0792 5656 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
23:01:39.0808 5656 msisadrv - ok
23:01:39.0823 5656 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
23:01:39.0854 5656 MSiSCSI - ok
23:01:39.0854 5656 msiserver - ok
23:01:39.0870 5656 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
23:01:39.0901 5656 MSKSSRV - ok
23:01:39.0901 5656 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
23:01:39.0932 5656 MSPCLOCK - ok
23:01:39.0932 5656 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
23:01:39.0964 5656 MSPQM - ok
23:01:39.0995 5656 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
23:01:40.0026 5656 MsRPC - ok
23:01:40.0042 5656 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
23:01:40.0042 5656 mssmbios - ok
23:01:40.0057 5656 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
23:01:40.0088 5656 MSTEE - ok
23:01:40.0104 5656 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
23:01:40.0104 5656 MTConfig - ok
23:01:40.0120 5656 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
23:01:40.0135 5656 Mup - ok
23:01:40.0182 5656 [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:01:40.0213 5656 MyWiFiDHCPDNS - ok
23:01:40.0229 5656 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
23:01:40.0291 5656 napagent - ok
23:01:40.0307 5656 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
23:01:40.0322 5656 NativeWifiP - ok
23:01:40.0385 5656 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
23:01:40.0416 5656 NDIS - ok
23:01:40.0432 5656 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
23:01:40.0447 5656 NdisCap - ok
23:01:40.0463 5656 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
23:01:40.0494 5656 NdisTapi - ok
23:01:40.0525 5656 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
23:01:40.0541 5656 Ndisuio - ok
23:01:40.0572 5656 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
23:01:40.0603 5656 NdisWan - ok
23:01:40.0634 5656 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
23:01:40.0697 5656 NDProxy - ok
23:01:40.0712 5656 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
23:01:40.0728 5656 NetBIOS - ok
23:01:40.0759 5656 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
23:01:40.0790 5656 NetBT - ok
23:01:40.0806 5656 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
23:01:40.0806 5656 Netlogon - ok
23:01:40.0837 5656 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
23:01:40.0868 5656 Netman - ok
23:01:40.0884 5656 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
23:01:40.0931 5656 netprofm - ok
23:01:40.0946 5656 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:01:40.0962 5656 NetTcpPortSharing - ok
23:01:41.0134 5656 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
23:01:41.0336 5656 NETwNs64 - ok
23:01:41.0352 5656 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
23:01:41.0368 5656 nfrd960 - ok
23:01:41.0383 5656 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
23:01:41.0399 5656 NlaSvc - ok
23:01:41.0414 5656 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
23:01:41.0430 5656 Npfs - ok
23:01:41.0446 5656 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
23:01:41.0477 5656 nsi - ok
23:01:41.0477 5656 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
23:01:41.0539 5656 nsiproxy - ok
23:01:41.0617 5656 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
23:01:41.0680 5656 Ntfs - ok
23:01:41.0695 5656 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
23:01:41.0726 5656 Null - ok
23:01:41.0758 5656 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
23:01:41.0789 5656 nusb3hub - ok
23:01:41.0820 5656 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
23:01:41.0851 5656 nusb3xhc - ok
23:01:41.0867 5656 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
23:01:41.0898 5656 nvraid - ok
23:01:41.0914 5656 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
23:01:41.0914 5656 nvstor - ok
23:01:41.0945 5656 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
23:01:41.0960 5656 nv_agp - ok
23:01:41.0976 5656 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
23:01:41.0992 5656 ohci1394 - ok
23:01:42.0023 5656 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:01:42.0038 5656 ose - ok
23:01:42.0163 5656 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:01:42.0304 5656 osppsvc - ok
23:01:42.0319 5656 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
23:01:42.0335 5656 p2pimsvc - ok
23:01:42.0366 5656 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
23:01:42.0428 5656 p2psvc - ok
23:01:42.0444 5656 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
23:01:42.0444 5656 Parport - ok
23:01:42.0475 5656 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
23:01:42.0491 5656 partmgr - ok
23:01:42.0522 5656 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
23:01:42.0538 5656 PcaSvc - ok
23:01:42.0553 5656 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
23:01:42.0553 5656 pci - ok
23:01:42.0569 5656 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
23:01:42.0569 5656 pciide - ok
23:01:42.0584 5656 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
23:01:42.0584 5656 pcmcia - ok
23:01:42.0600 5656 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
23:01:42.0616 5656 pcw - ok
23:01:42.0678 5656 [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
23:01:42.0740 5656 PDF Architect Helper Service - ok
23:01:42.0772 5656 [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
23:01:42.0818 5656 PDF Architect Service - ok
23:01:42.0834 5656 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
23:01:42.0881 5656 PEAUTH - ok
23:01:42.0912 5656 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
23:01:42.0990 5656 PeerDistSvc - ok
23:01:43.0052 5656 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
23:01:43.0099 5656 PerfHost - ok
23:01:43.0177 5656 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
23:01:43.0271 5656 pla - ok
23:01:43.0318 5656 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
23:01:43.0364 5656 PlugPlay - ok
23:01:43.0396 5656 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
23:01:43.0411 5656 PNRPAutoReg - ok
23:01:43.0442 5656 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
23:01:43.0474 5656 PNRPsvc - ok
23:01:43.0520 5656 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
23:01:43.0567 5656 PolicyAgent - ok
23:01:43.0583 5656 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
23:01:43.0614 5656 Power - ok
23:01:43.0645 5656 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
23:01:43.0692 5656 PptpMiniport - ok
23:01:43.0708 5656 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
23:01:43.0723 5656 Processor - ok
23:01:43.0754 5656 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
23:01:43.0817 5656 ProfSvc - ok
23:01:43.0832 5656 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
23:01:43.0848 5656 ProtectedStorage - ok
23:01:43.0879 5656 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
23:01:43.0926 5656 Psched - ok
23:01:43.0942 5656 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
23:01:43.0942 5656 PxHlpa64 - ok
23:01:43.0973 5656 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
23:01:44.0035 5656 ql2300 - ok
23:01:44.0035 5656 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
23:01:44.0051 5656 ql40xx - ok
23:01:44.0066 5656 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
23:01:44.0113 5656 QWAVE - ok
23:01:44.0113 5656 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
23:01:44.0144 5656 QWAVEdrv - ok
23:01:44.0207 5656 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
23:01:44.0238 5656 RapiMgr - ok
23:01:44.0238 5656 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
23:01:44.0269 5656 RasAcd - ok
23:01:44.0285 5656 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
23:01:44.0316 5656 RasAgileVpn - ok
23:01:44.0332 5656 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
23:01:44.0363 5656 RasAuto - ok
23:01:44.0394 5656 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
23:01:44.0441 5656 Rasl2tp - ok
23:01:44.0488 5656 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
23:01:44.0566 5656 RasMan - ok
23:01:44.0581 5656 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
23:01:44.0597 5656 RasPppoe - ok
23:01:44.0612 5656 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
23:01:44.0644 5656 RasSstp - ok
23:01:44.0675 5656 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
23:01:44.0722 5656 rdbss - ok
23:01:44.0737 5656 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
23:01:44.0753 5656 rdpbus - ok
23:01:44.0768 5656 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
23:01:44.0800 5656 RDPCDD - ok
23:01:44.0831 5656 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
23:01:44.0878 5656 RDPDR - ok
23:01:44.0878 5656 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
23:01:44.0924 5656 RDPENCDD - ok
23:01:44.0940 5656 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
23:01:44.0971 5656 RDPREFMP - ok
23:01:45.0002 5656 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
23:01:45.0065 5656 RDPWD - ok
23:01:45.0096 5656 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
23:01:45.0127 5656 rdyboost - ok
23:01:45.0221 5656 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:01:45.0283 5656 RegSrvc - ok
23:01:45.0314 5656 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
23:01:45.0361 5656 RemoteAccess - ok
23:01:45.0377 5656 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
23:01:45.0408 5656 RemoteRegistry - ok
23:01:45.0439 5656 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
23:01:45.0470 5656 RFCOMM - ok
23:01:45.0564 5656 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:01:45.0611 5656 RoxMediaDB12OEM - ok
23:01:45.0642 5656 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:01:45.0642 5656 RoxWatch12 - ok
23:01:45.0658 5656 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
23:01:45.0673 5656 RpcEptMapper - ok
23:01:45.0704 5656 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
23:01:45.0720 5656 RpcLocator - ok
23:01:45.0751 5656 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
23:01:45.0814 5656 RpcSs - ok
23:01:45.0814 5656 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
23:01:45.0860 5656 rspndr - ok
23:01:45.0892 5656 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
23:01:45.0923 5656 RSUSBSTOR - ok
23:01:45.0970 5656 [ 2777226EE8BF50B059D7A7C90177E99C ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
23:01:46.0001 5656 RTL8167 - ok
23:01:46.0016 5656 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
23:01:46.0063 5656 s3cap - ok
23:01:46.0079 5656 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
23:01:46.0094 5656 SamSs - ok
23:01:46.0110 5656 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
23:01:46.0110 5656 sbp2port - ok
23:01:46.0126 5656 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
23:01:46.0157 5656 SCardSvr - ok
23:01:46.0172 5656 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
23:01:46.0219 5656 scfilter - ok
23:01:46.0282 5656 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
23:01:46.0360 5656 Schedule - ok
23:01:46.0391 5656 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
23:01:46.0422 5656 SCPolicySvc - ok
23:01:46.0453 5656 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
23:01:46.0500 5656 SDRSVC - ok
23:01:46.0500 5656 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
23:01:46.0547 5656 secdrv - ok
23:01:46.0562 5656 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
23:01:46.0578 5656 seclogon - ok
23:01:46.0609 5656 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
23:01:46.0640 5656 SENS - ok
23:01:46.0672 5656 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
23:01:46.0703 5656 SensrSvc - ok
23:01:46.0718 5656 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
23:01:46.0718 5656 Serenum - ok
23:01:46.0734 5656 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
23:01:46.0781 5656 Serial - ok
23:01:46.0812 5656 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
23:01:46.0843 5656 sermouse - ok
23:01:46.0859 5656 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
23:01:46.0921 5656 SessionEnv - ok
23:01:46.0937 5656 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
23:01:46.0968 5656 sffdisk - ok
23:01:46.0984 5656 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
23:01:46.0999 5656 sffp_mmc - ok
23:01:47.0015 5656 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
23:01:47.0046 5656 sffp_sd - ok
23:01:47.0046 5656 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
23:01:47.0062 5656 sfloppy - ok
23:01:47.0108 5656 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
23:01:47.0171 5656 Sftfs - ok
23:01:47.0218 5656 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:01:47.0249 5656 sftlist - ok
23:01:47.0280 5656 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
23:01:47.0280 5656 Sftplay - ok
23:01:47.0296 5656 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
23:01:47.0311 5656 Sftredir - ok
23:01:47.0311 5656 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
23:01:47.0327 5656 Sftvol - ok
23:01:47.0342 5656 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:01:47.0358 5656 sftvsa - ok
23:01:47.0374 5656 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
23:01:47.0436 5656 SharedAccess - ok
23:01:47.0467 5656 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
23:01:47.0514 5656 ShellHWDetection - ok
23:01:47.0530 5656 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
23:01:47.0530 5656 SiSRaid2 - ok
23:01:47.0545 5656 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
23:01:47.0545 5656 SiSRaid4 - ok
23:01:47.0592 5656 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:01:47.0608 5656 SkypeUpdate - ok
23:01:47.0639 5656 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
23:01:47.0686 5656 Smb - ok
23:01:47.0717 5656 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
23:01:47.0732 5656 SNMPTRAP - ok
23:01:47.0732 5656 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
23:01:47.0748 5656 spldr - ok
23:01:47.0795 5656 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
23:01:47.0873 5656 Spooler - ok
23:01:47.0982 5656 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
23:01:48.0091 5656 sppsvc - ok
23:01:48.0107 5656 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
23:01:48.0138 5656 sppuinotify - ok
23:01:48.0169 5656 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
23:01:48.0216 5656 srv - ok
23:01:48.0247 5656 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
23:01:48.0263 5656 srv2 - ok
23:01:48.0263 5656 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
23:01:48.0294 5656 srvnet - ok
23:01:48.0310 5656 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
23:01:48.0372 5656 SSDPSRV - ok
23:01:48.0388 5656 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
23:01:48.0419 5656 SstpSvc - ok
23:01:48.0481 5656 [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
23:01:48.0528 5656 STacSV - ok
23:01:48.0544 5656 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\windows\system32\DRIVERS\stdcfltn.sys
23:01:48.0544 5656 stdcfltn - ok
23:01:48.0559 5656 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
23:01:48.0575 5656 stexstor - ok
23:01:48.0606 5656 [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
23:01:48.0637 5656 STHDA - ok
23:01:48.0653 5656 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
23:01:48.0700 5656 StillCam - ok
23:01:48.0746 5656 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
23:01:48.0793 5656 stisvc - ok
23:01:48.0809 5656 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:01:48.0824 5656 stllssvr - ok
23:01:48.0840 5656 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
23:01:48.0840 5656 storflt - ok
23:01:48.0856 5656 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
23:01:48.0902 5656 StorSvc - ok
23:01:48.0918 5656 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
23:01:48.0918 5656 storvsc - ok
23:01:48.0934 5656 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
23:01:48.0934 5656 swenum - ok
23:01:48.0949 5656 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
23:01:49.0012 5656 swprv - ok
23:01:49.0043 5656 [ 09E811486038F1C06F9E00DFFAAB7A4E ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
23:01:49.0136 5656 SynTP - ok
23:01:49.0214 5656 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
23:01:49.0261 5656 SysMain - ok
23:01:49.0277 5656 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
23:01:49.0324 5656 TabletInputService - ok
23:01:49.0355 5656 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
23:01:49.0417 5656 TapiSrv - ok
23:01:49.0433 5656 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
23:01:49.0464 5656 TBS - ok
23:01:49.0542 5656 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
23:01:49.0636 5656 Tcpip - ok
23:01:49.0667 5656 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
23:01:49.0698 5656 TCPIP6 - ok
23:01:49.0729 5656 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
23:01:49.0760 5656 tcpipreg - ok
23:01:49.0792 5656 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
23:01:49.0838 5656 TDPIPE - ok
23:01:49.0854 5656 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
23:01:49.0870 5656 TDTCP - ok
23:01:49.0901 5656 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
23:01:49.0979 5656 tdx - ok
23:01:50.0119 5656 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Users\andi\temp\TeamViewer\Version7\TeamViewer_Service.exe
23:01:50.0182 5656 TeamViewer7 - ok
23:01:50.0213 5656 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
23:01:50.0213 5656 TermDD - ok
23:01:50.0260 5656 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
23:01:50.0322 5656 TermService - ok
23:01:50.0338 5656 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
23:01:50.0353 5656 Themes - ok
23:01:50.0369 5656 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
23:01:50.0384 5656 THREADORDER - ok
23:01:50.0400 5656 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
23:01:50.0447 5656 TrkWks - ok
23:01:50.0494 5656 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
23:01:50.0540 5656 TrustedInstaller - ok
23:01:50.0572 5656 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
23:01:50.0618 5656 tssecsrv - ok
23:01:50.0665 5656 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
23:01:50.0681 5656 TsUsbFlt - ok
23:01:50.0728 5656 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
23:01:50.0774 5656 tunnel - ok
23:01:50.0790 5656 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
23:01:50.0806 5656 uagp35 - ok
23:01:50.0837 5656 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
23:01:50.0884 5656 udfs - ok
23:01:50.0899 5656 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
23:01:50.0915 5656 UI0Detect - ok
23:01:50.0930 5656 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
23:01:50.0962 5656 uliagpkx - ok
23:01:50.0993 5656 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
23:01:51.0024 5656 umbus - ok
23:01:51.0040 5656 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
23:01:51.0071 5656 UmPass - ok
23:01:51.0102 5656 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
23:01:51.0133 5656 UmRdpService - ok
23:01:51.0258 5656 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:01:51.0336 5656 UNS - ok
23:01:51.0367 5656 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
23:01:51.0398 5656 upnphost - ok
23:01:51.0445 5656 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
23:01:51.0476 5656 USBAAPL64 - ok
23:01:51.0508 5656 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
23:01:51.0554 5656 usbaudio - ok
23:01:51.0570 5656 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
23:01:51.0601 5656 usbccgp - ok
23:01:51.0617 5656 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
23:01:51.0632 5656 usbcir - ok
23:01:51.0664 5656 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
23:01:51.0710 5656 usbehci - ok
23:01:51.0726 5656 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
23:01:51.0773 5656 usbhub - ok
23:01:51.0788 5656 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
23:01:51.0804 5656 usbohci - ok
23:01:51.0820 5656 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
23:01:51.0851 5656 usbprint - ok
23:01:51.0866 5656 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
23:01:51.0898 5656 USBSTOR - ok
23:01:51.0913 5656 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
23:01:51.0944 5656 usbuhci - ok
23:01:51.0976 5656 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
23:01:52.0007 5656 usbvideo - ok
23:01:52.0022 5656 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
23:01:52.0038 5656 UxSms - ok
23:01:52.0038 5656 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
23:01:52.0054 5656 VaultSvc - ok
23:01:52.0116 5656 [ 8C51E58D59CBF2639832484EC9ED8DDA ] vcsFPService C:\Windows\system32\vcsFPService.exe
23:01:52.0225 5656 vcsFPService - ok
23:01:52.0241 5656 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
23:01:52.0241 5656 vdrvroot - ok
23:01:52.0288 5656 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
23:01:52.0350 5656 vds - ok
23:01:52.0366 5656 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
23:01:52.0366 5656 vga - ok
23:01:52.0381 5656 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
23:01:52.0412 5656 VgaSave - ok
23:01:52.0428 5656 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
23:01:52.0444 5656 vhdmp - ok
23:01:52.0444 5656 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
23:01:52.0459 5656 viaide - ok
23:01:52.0522 5656 [ 3ACCF0C817A2BB34EFBFB72B57B00252 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
23:01:52.0553 5656 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
23:01:52.0553 5656 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
23:01:52.0568 5656 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
23:01:52.0600 5656 vmbus - ok
23:01:52.0631 5656 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
23:01:52.0662 5656 VMBusHID - ok
23:01:52.0693 5656 [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci C:\windows\system32\DRIVERS\vmci.sys
23:01:52.0724 5656 vmci - ok
23:01:52.0756 5656 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter C:\windows\system32\DRIVERS\vmnetadapter.sys
23:01:52.0771 5656 VMnetAdapter - ok
23:01:52.0802 5656 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge C:\windows\system32\DRIVERS\vmnetbridge.sys
23:01:52.0818 5656 VMnetBridge - ok
23:01:52.0834 5656 VMnetDHCP - ok
23:01:52.0834 5656 [ 1E74142DED099DE7ADA258042F891A8D ] VMnetuserif C:\windows\system32\drivers\vmnetuserif.sys
23:01:52.0849 5656 VMnetuserif - ok
23:01:52.0896 5656 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\windows\system32\Drivers\vmusb.sys
23:01:52.0927 5656 vmusb - ok
23:01:52.0990 5656 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
23:01:53.0052 5656 VMUSBArbService - ok
23:01:53.0052 5656 VMware NAT Service - ok
23:01:53.0099 5656 [ 75BC28F58C95B90DFFA5367310BC82EB ] vmware-converter-agent C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
23:01:53.0130 5656 vmware-converter-agent - ok
23:01:53.0146 5656 [ 3B7FF15F4F50D3AA3983A3D41FBE2835 ] vmware-converter-server C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
23:01:53.0146 5656 vmware-converter-server - ok
23:01:53.0161 5656 [ 3B7FF15F4F50D3AA3983A3D41FBE2835 ] vmware-converter-worker C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
23:01:53.0177 5656 vmware-converter-worker - ok
23:01:53.0395 5656 [ F95C4DEFCC06A1C9E3E1699C845980F1 ] VMwareHostd C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
23:01:53.0660 5656 VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
23:01:53.0660 5656 VMwareHostd - detected UnsignedFile.Multi.Generic (1)
23:01:53.0660 5656 [ 18A28EDA522B6C0560E59D5BE638D076 ] vmx86 C:\windows\system32\drivers\vmx86.sys
23:01:53.0676 5656 vmx86 - ok
23:01:53.0692 5656 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
23:01:53.0692 5656 volmgr - ok
23:01:53.0738 5656 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
23:01:53.0770 5656 volmgrx - ok
23:01:53.0801 5656 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
23:01:53.0832 5656 volsnap - ok
23:01:53.0848 5656 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
23:01:53.0879 5656 vsmraid - ok
23:01:53.0957 5656 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
23:01:54.0004 5656 VSS - ok
23:01:54.0082 5656 [ 65EFAEC68FA234F36880533A79D7B1C1 ] vstor2-mntapi10-shared C:\windows\syswow64\drivers\vstor2-mntapi10-shared.sys
23:01:54.0113 5656 vstor2-mntapi10-shared - ok
23:01:54.0128 5656 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
23:01:54.0144 5656 vwifibus - ok
23:01:54.0160 5656 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
23:01:54.0191 5656 vwififlt - ok
23:01:54.0191 5656 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
23:01:54.0222 5656 vwifimp - ok
23:01:54.0253 5656 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
23:01:54.0300 5656 W32Time - ok
23:01:54.0316 5656 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
23:01:54.0331 5656 WacomPen - ok
23:01:54.0347 5656 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
23:01:54.0409 5656 WANARP - ok
23:01:54.0425 5656 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
23:01:54.0440 5656 Wanarpv6 - ok
23:01:54.0503 5656 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
23:01:54.0550 5656 wbengine - ok
23:01:54.0565 5656 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
23:01:54.0581 5656 WbioSrvc - ok
23:01:54.0643 5656 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
23:01:54.0674 5656 WcesComm - ok
23:01:54.0706 5656 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
23:01:54.0768 5656 wcncsvc - ok
23:01:54.0768 5656 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
23:01:54.0815 5656 WcsPlugInService - ok
23:01:54.0830 5656 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
23:01:54.0830 5656 Wd - ok
23:01:54.0877 5656 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
23:01:54.0940 5656 Wdf01000 - ok
23:01:54.0940 5656 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
23:01:55.0033 5656 WdiServiceHost - ok
23:01:55.0033 5656 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
23:01:55.0049 5656 WdiSystemHost - ok
23:01:55.0080 5656 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\windows\system32\DRIVERS\WDKMD.sys
23:01:55.0080 5656 wdkmd - ok
23:01:55.0111 5656 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
23:01:55.0158 5656 WebClient - ok
23:01:55.0174 5656 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
23:01:55.0205 5656 Wecsvc - ok
23:01:55.0220 5656 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
23:01:55.0267 5656 wercplsupport - ok
23:01:55.0298 5656 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
23:01:55.0330 5656 WerSvc - ok
23:01:55.0345 5656 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
23:01:55.0361 5656 WfpLwf - ok
23:01:55.0376 5656 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
23:01:55.0376 5656 WIMMount - ok
23:01:55.0408 5656 WinDefend - ok
23:01:55.0408 5656 WinHttpAutoProxySvc - ok
23:01:55.0454 5656 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
23:01:55.0501 5656 Winmgmt - ok
23:01:55.0532 5656 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
23:01:55.0642 5656 WinRM - ok
23:01:55.0673 5656 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
23:01:55.0688 5656 WinUSB - ok
23:01:55.0720 5656 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
23:01:55.0735 5656 Wlansvc - ok
23:01:55.0782 5656 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:01:55.0813 5656 wlcrasvc - ok
23:01:55.0891 5656 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:01:56.0000 5656 wlidsvc - ok
23:01:56.0047 5656 WMCoreService - ok
23:01:56.0078 5656 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
23:01:56.0094 5656 WmiAcpi - ok
23:01:56.0110 5656 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
23:01:56.0125 5656 wmiApSrv - ok
23:01:56.0141 5656 WMPNetworkSvc - ok
23:01:56.0156 5656 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
23:01:56.0188 5656 WPCSvc - ok
23:01:56.0219 5656 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
23:01:56.0266 5656 WPDBusEnum - ok
23:01:56.0281 5656 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
23:01:56.0328 5656 ws2ifsl - ok
23:01:56.0359 5656 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
23:01:56.0375 5656 wscsvc - ok
23:01:56.0375 5656 WSearch - ok
23:01:56.0422 5656 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
23:01:56.0515 5656 wuauserv - ok
23:01:56.0546 5656 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
23:01:56.0562 5656 WudfPf - ok
23:01:56.0593 5656 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
23:01:56.0624 5656 WUDFRd - ok
23:01:56.0640 5656 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
23:01:56.0640 5656 wudfsvc - ok
23:01:56.0656 5656 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
23:01:56.0687 5656 WwanSvc - ok
23:01:56.0718 5656 [ EA6BB634641479986065024AC38A8C1C ] WwanUsbServ C:\windows\system32\DRIVERS\WwanUsbMp64.sys
23:01:56.0749 5656 WwanUsbServ - ok
23:01:56.0765 5656 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
23:01:56.0780 5656 yukonw7 - ok
23:01:56.0874 5656 ================ Scan global ===============================
23:01:56.0905 5656 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
23:01:56.0936 5656 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
23:01:56.0968 5656 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
23:01:56.0999 5656 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
23:01:57.0014 5656 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
23:01:57.0014 5656 [Global] - ok
23:01:57.0014 5656 ================ Scan MBR ==================================
23:01:57.0030 5656 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:01:57.0529 5656 \Device\Harddisk0\DR0 - ok
23:01:57.0529 5656 ================ Scan VBR ==================================
23:01:57.0545 5656 [ 7E3DDFFCE4E4A88481E3304E04A54F3B ] \Device\Harddisk0\DR0\Partition1
23:01:57.0545 5656 \Device\Harddisk0\DR0\Partition1 - ok
23:01:57.0560 5656 [ 59A72B85D1187B0593BB1ABBC664364B ] \Device\Harddisk0\DR0\Partition2
23:01:57.0560 5656 \Device\Harddisk0\DR0\Partition2 - ok
23:01:57.0592 5656 [ C26793AC86E94463BBEA73BF877CF841 ] \Device\Harddisk0\DR0\Partition3
23:01:57.0592 5656 \Device\Harddisk0\DR0\Partition3 - ok
23:01:57.0607 5656 [ 72334F1361513D657A571081CF08CEB4 ] \Device\Harddisk0\DR0\Partition4
23:01:57.0607 5656 \Device\Harddisk0\DR0\Partition4 - ok
23:01:57.0623 5656 [ 6D5FBF18837AE5C512D734C500B0E563 ] \Device\Harddisk0\DR0\Partition5
23:01:57.0638 5656 \Device\Harddisk0\DR0\Partition5 - ok
23:01:57.0638 5656 ============================================================
23:01:57.0638 5656 Scan finished
23:01:57.0638 5656 ============================================================
23:01:57.0654 1716 Detected object count: 5
23:01:57.0654 1716 Actual detected object count: 5
23:02:15.0235 1716 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:15.0235 1716 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:15.0235 1716 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:15.0235 1716 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:15.0235 1716 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:15.0235 1716 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:15.0235 1716 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:15.0235 1716 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:02:15.0235 1716 VMwareHostd ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:15.0235 1716 VMwareHostd ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
03.01.2013, 18:44
| #4 | |
| /// Malware-holic | Spam Mail über GMX Account Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.01.2013, 20:37
| #5 |
| | Spam Mail über GMX Account Hallo, hier das Log: Code:
ATTFilter ComboFix 13-01-03.05 - andi 03.01.2013 20:27:12.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.6051.4033 [GMT 1:00]
ausgeführt von:: c:\users\andi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\08c66698-ac37-420c-8ea0-a63d0e691e3a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1d151f53-1500-414d-85b4-ab85d24f0785.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4011a5cd-1208-467b-b149-4c0534295875.dll
c:\programdata\PCDr\6032\AddOnDownloaded\62089595-46e8-4c4f-9d7b-48be969390bb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b72409f9-df97-4592-bbfd-fff1ce0a9559.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bbd4d2b0-9dc6-46d0-a352-dbcd92f63c4d.dll
c:\users\andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{616300EB-8755-4B56-B14E-1BE458923982}.xps
c:\users\andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C925EBCB-0E3E-4780-A6F5-FE1631159E66}.xps
c:\users\andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1319D68-AC8D-4993-B1B0-531843EF996A}.xps
c:\users\andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D54F9F59-AC44-4A00-91E9-7D527005FD22}.xps
c:\users\andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E152A662-263C-4BD7-B0F8-3470E11FCEB2}.xps
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\MSCOMCTL.1
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-03 bis 2013-01-03 ))))))))))))))))))))))))))))))
.
.
2013-01-03 19:32 . 2013-01-03 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-31 17:45 . 2012-12-31 17:45 -------- d-----r- C:\ESD
2012-12-29 14:56 . 2012-12-29 14:56 -------- d-----w- c:\users\andi\AppData\Roaming\QuickScan
2012-12-21 22:37 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 22:37 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 22:37 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 22:37 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 07:27 . 2012-12-21 07:27 -------- d-----w- c:\users\andi\AppData\Roaming\smkits
2012-12-20 21:12 . 2012-01-18 14:47 63088 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-12-20 21:11 . 2012-01-18 14:47 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-12-20 21:11 . 2012-01-18 14:47 433264 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-12-20 21:11 . 2012-01-18 14:46 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-12-20 21:11 . 2012-01-18 14:47 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2012-12-20 21:11 . 2011-08-29 21:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-12-20 21:11 . 2012-12-20 21:11 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-12-20 21:10 . 2012-12-20 21:10 -------- d-----w- c:\program files\Common Files\VMware
2012-12-13 11:57 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-06 09:18 . 2012-12-06 09:18 -------- d-----w- c:\users\andi\AppData\Roaming\PDF Architect
2012-12-06 09:15 . 2012-12-06 09:15 -------- d-----w- c:\users\andi\AppData\Roaming\APP_NAME_NON_STRING
2012-12-06 09:15 . 2012-12-06 09:15 -------- d-----w- c:\program files (x86)\PDF Architect
2012-12-06 09:15 . 2012-12-06 09:15 -------- d-----w- c:\users\andi\AppData\Roaming\pdfforge
2012-12-06 09:15 . 2012-10-28 17:32 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2012-12-06 09:15 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-12-06 09:15 . 2012-12-06 09:18 -------- d-----w- c:\program files (x86)\PDFCreator
2012-12-06 09:15 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-12-06 09:14 . 2012-12-06 09:14 -------- d-----w- c:\users\andi\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 20:07 . 2011-06-05 12:21 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 06:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 06:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 06:43 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-16 07:12 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 07:12 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 07:12 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 07:12 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-11-22 16:05 91784 ----a-w- c:\program files (x86)\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-11-22 731784]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"PicPick Start"="c:\program files (x86)\PicPick\picpick.exe" [2012-02-11 10530816]
"SODCPreLoad"="e:\lotus\R85Client\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe" [2010-07-16 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-04 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-21 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-01-18 103536]
.
c:\users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CloudStation.lnk - c:\users\andi\AppData\Local\CloudStation\bin\cloud.exe [2012-9-25 2712960]
Dropbox.lnk - c:\users\andi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-01-18 11839488]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2011-03-29 34672]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-04 203776]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-10 86224]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2011-07-22 511920]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer7;TeamViewer 7;c:\users\andi\temp\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-12-03 3143472]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-19 423536]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-10-19 274432]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\DRIVERS\d554gps64.sys [2010-01-26 96296]
S3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys [2010-06-24 60968]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]
S3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\system32\Drivers\wwuss64.sys [2010-03-03 26664]
S3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\Drivers\wwussf64.sys [2010-03-03 30248]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-26 12262336]
S3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-04-27 378952]
S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-04-27 416328]
S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-04-27 19528]
S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-04-27 468552]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
S3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2010-07-30 274984]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SyncedModule]
@="{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}"
[HKEY_CLASSES_ROOT\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}]
2012-09-25 09:05 2254848 ----a-w- c:\users\andi\AppData\Local\CloudStation\iconoverlay\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0SyncingModule]
@="{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}"
[HKEY_CLASSES_ROOT\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}]
2012-09-25 09:05 2254848 ----a-w- c:\users\andi\AppData\Local\CloudStation\iconoverlay\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0UnsuppModule]
@="{AEB16659-2125-4ADA-A4AB-45EE21E86469}"
[HKEY_CLASSES_ROOT\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}]
2012-09-25 09:05 2254848 ----a-w- c:\users\andi\AppData\Local\CloudStation\iconoverlay\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-26 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-26 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-26 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-09-10 206336]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-09-10 7168]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://sagw.daimler.com/dana-na/auth/url_37/welcome.cgi
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4DEEEDEB-9E0C-476C-B4C2-A875934223CC}: NameServer = 139.7.30.125 139.7.30.126
FF - ProfilePath - c:\users\andi\AppData\Roaming\Mozilla\Firefox\Profiles\ax756eps.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - file:///D:/startpage/index.html
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - ExtSQL: 2012-12-06 10:15; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2012-12-29 15:56; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\andi\AppData\Roaming\Mozilla\Firefox\Profiles\ax756eps.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 7c4e86d4000000000000028037ec0200
FF - user.js: extensions.BabylonToolbar_i.hardId - 7c4e86d4000000000000028037ec0200
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15440
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-03 20:34:27
ComboFix-quarantined-files.txt 2013-01-03 19:34
.
Vor Suchlauf: 13 Verzeichnis(se), 23.845.744.640 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 26.802.487.296 Bytes frei
.
- - End Of File - - A061C51B3AA3A9D2C3F7C3118ACDB9FC
|
|
03.01.2013, 20:45
| #6 |
| /// Malware-holic | Spam Mail über GMX Account Sieht gut aus. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Spam Mail über GMX Account |
|
03.01.2013, 23:18
| #7 |
| | Spam Mail über GMX Account Hier das nächste Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.03.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 andi :: VOSTRO3350 [Administrator] 03.01.2013 21:14:56 mbam-log-2013-01-03 (21-14-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 552227 Laufzeit: 1 Stunde(n), 20 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 8 E:\os86\Mac OS X Lion 10.7.4 VMware Image\VMware Unlocker - Hardware Virtualization Bypasser\vmware-vmx-patch.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\Users\Administrator\AppData\Local\Temp\CleanTool.exe (Rogue.Removeit) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\Users\Administrator\AppData\Local\Temp\data\XP\amd64.btm (PUP.Wpakill) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\Users\Administrator\AppData\Local\Temp\data\XP\ia64.btm (PUP.Wpakill) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\Users\Administrator\AppData\Local\Temp\data\XP\x86.btm (PUP.Wpakill) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\Users\Administrator\Downloads\Schnitzel-mit-Pommes\Schnitzel mit Pommes\MS XP, XP VLK ,Server 2003VLK, Offices XP.exe (Malware.Tool) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\Users\Administrator\Downloads\Schnitzel-mit-Pommes\Schnitzel mit Pommes\Windows Systems Keymaker.exe (Hacktool.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\Users\Administrator\Downloads\Schnitzel-mit-Pommes\Schnitzel mit Pommes\Windows 7 + Server 2008R2 Loader 1.79\Windows 7 Loader.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
04.01.2013, 15:11
| #8 |
| /// Malware-holic | Spam Mail über GMX Account Hi da du Cracks /keygens nutzt, und dies illegal ist, kann ich dir bei der weiteren Reinigung nicht helfen, und nur Hinweise zum neu aufsetzen und absichern geben. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.01.2013, 16:33
| #9 |
| | Spam Mail über GMX Account Hallo, bin mir dessen nicht bewusst. Kannst du mir zumindest sagen was ich da benutze ? Gruß Andi |
|
05.01.2013, 16:22
| #10 |
| /// Malware-holic | Spam Mail über GMX Account zb: H:\Users\Administrator\Downloads\Schnitzel-mit-Pommes\Schnitzel mit Pommes\Windows 7 + Server 2008R2 Loader 1.79\Windows 7 Loader.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Spam Mail über GMX Account |
| account, angelegt, application/pdf:, empfänger, geknackt, gelegt, genutzte, gmx, hacktool.gen, igdpmd64.sys, install.exe, jdownloader, malware.tool, mitglieder, officejet, passwort, plug-in, pup.wpakill, rechner, riskware.tool.ck, rogue.removeit, scanner, search the web, synchronisiert, synology, takten, thunderbird, tracker, virenscan, virenscanner, vorhanden, würde, zugreifen |
Linear-Darstellung
