| |
| |||||||
Log-Analyse und Auswertung: Zip Anhang mit TR/Roque.957311 geöffnetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
22.04.2013, 16:40
| #1 |
| |  Zip Anhang mit TR/Roque.957311 geöffnet Hallo ihr Profis, schön dass es euch gibt  Heute morgen hat meine Frau in ihrem web.de Postfach eine Spam mail (angeblich Mahnung von Sanicare.de) gefunden und die angehängte zip-Datei runtergeladen. Dann hat sie den Download-Order in Firefox geöffnet und auf die Datei geklickt  Danach hat sich ein Fenster mit lauter Hiroglyphen (sagt sie) geöffnet..... folgendes habe ich seit dem getan: - Zip-Datei mit Antivir untersucht: Fund TR/rogue.957311 - in Quarantäne verschoben - Windows Defender ausgeführt - kein Fund - Antivir übers ganze Systen laufen lassen - kein Fund - Malwarebytes übers ganze System laufen lassen - kein Fund - Defogger nach Anleitung hier im Forum: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:14 on 22/04/2013 (Dell)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 22.04.2013 16:16:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 52,67% Memory free 7,82 Gb Paging File | 5,73 Gb Available in Paging File | 73,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 330,30 Gb Free Space | 74,04% Space Free | Partition Type: NTFS Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.22 16:10:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.28 15:52:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 15:52:28 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.28 15:52:28 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.27 15:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.03.27 15:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012.03.27 15:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.03.27 15:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2011.09.15 06:19:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe PRC - [2010.12.29 20:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe PRC - [2010.12.15 17:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 06:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.10.01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 20:55:05 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.13 15:26:58 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll MOD - [2013.01.13 15:26:58 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll MOD - [2013.01.11 11:37:03 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 11:36:32 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.11 11:36:19 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.11 11:36:14 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.11 11:36:11 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.11 11:36:10 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.11 11:36:04 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.05.30 08:39:02 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.12.15 17:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.11.06 08:11:36 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.12.03 17:26:34 | 003,143,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV - [2013.04.12 16:54:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.28 15:52:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 15:52:28 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.12 21:40:04 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.30 14:34:51 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.27 15:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.03.27 15:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012.03.27 15:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2011.09.16 01:41:28 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.09.16 01:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2011.09.16 01:24:52 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.09.15 16:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.09.15 06:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64) SRV - [2011.09.08 15:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.06.03 19:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2010.12.29 20:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2010.12.03 17:14:58 | 002,696,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 21:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.28 15:52:46 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.28 15:52:46 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.28 15:52:46 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.21 18:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.13 16:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.02.13 15:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.11.06 16:01:52 | 010,208,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.11.06 07:34:34 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.26 09:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.09.18 09:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.09.15 16:48:24 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.09.15 16:48:24 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.09.08 15:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.08.23 13:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.06.21 22:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.06.21 22:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010.12.16 05:56:06 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.13 16:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.07 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.30 02:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.20 18:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKCU\..\SearchScopes,DefaultScope = {3D66E81A-7403-4C61-B2B7-2245EB226AAB} IE - HKCU\..\SearchScopes\{3D66E81A-7403-4C61-B2B7-2245EB226AAB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA5%7D:1.5.5 FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012.05.30 06:42:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 16:54:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 16:54:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.17 10:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Extensions [2013.02.14 18:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Firefox\Profiles\r4y2oheo.default\extensions [2013.01.03 20:26:08 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Dell\AppData\Roaming\mozilla\Firefox\Profiles\r4y2oheo.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.09.27 16:50:04 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2013.02.14 18:55:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.12 16:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 16:54:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 18:11:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AviraSpeedup] C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe (Avira) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F154892-42A4-4EBD-AEDB-3D39BD955A2B}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.22 16:10:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe [2013.04.22 14:09:53 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Malwarebytes [2013.04.22 14:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.22 14:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.22 14:09:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.04.22 14:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.22 14:08:45 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Programs [2013.04.12 16:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.11 11:44:58 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Buhl Data Service [2013.04.11 11:44:56 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Buhl Data Service [2013.04.11 11:43:48 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Buhl [2013.04.11 11:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2012 [2013.04.11 11:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steuer 2012 [2013.04.11 11:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2013.03.28 15:52:59 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.03.28 15:52:59 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.03.28 15:52:59 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.03.24 16:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ========== Files - Modified Within 30 Days ========== [2013.04.22 16:14:05 | 000,000,000 | ---- | M] () -- C:\Users\Dell\defogger_reenable [2013.04.22 16:12:01 | 000,377,856 | ---- | M] () -- C:\Users\Dell\Desktop\gmer_2.1.19163.exe [2013.04.22 16:10:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe [2013.04.22 16:09:36 | 000,050,477 | ---- | M] () -- C:\Users\Dell\Desktop\Defogger.exe [2013.04.22 15:58:15 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.04.22 15:58:15 | 000,696,870 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.04.22 15:58:15 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.04.22 15:58:15 | 000,148,134 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.04.22 15:58:15 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.04.22 15:39:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.04.22 15:38:01 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.22 14:09:37 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.22 13:57:43 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.22 13:57:43 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.22 13:50:26 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.22 13:49:30 | 000,456,864 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.04.22 13:49:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.04.22 13:48:28 | 3148,214,272 | -HS- | M] () -- C:\hiberfil.sys [2013.04.20 10:03:53 | 000,000,590 | ---- | M] () -- C:\windows\wiso.ini [2013.04.14 19:42:26 | 000,025,043 | ---- | M] () -- C:\Users\Dell\Desktop\heidelberg.odt [2013.04.11 11:43:46 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2012.lnk [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.03.30 20:00:34 | 000,020,696 | ---- | M] () -- C:\Users\Dell\Desktop\Zählerstände.ods [2013.03.28 15:52:46 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.03.28 15:52:46 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.03.28 15:52:46 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.03.24 16:39:50 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk ========== Files Created - No Company Name ========== [2013.04.22 16:14:05 | 000,000,000 | ---- | C] () -- C:\Users\Dell\defogger_reenable [2013.04.22 16:12:00 | 000,377,856 | ---- | C] () -- C:\Users\Dell\Desktop\gmer_2.1.19163.exe [2013.04.22 16:09:34 | 000,050,477 | ---- | C] () -- C:\Users\Dell\Desktop\Defogger.exe [2013.04.22 14:09:37 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.11 11:43:49 | 000,000,590 | ---- | C] () -- C:\windows\wiso.ini [2013.04.11 11:43:46 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2012.lnk [2013.03.24 16:39:50 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.06 19:16:39 | 000,007,602 | ---- | C] () -- C:\Users\Dell\AppData\Local\Resmon.ResmonCfg [2012.11.30 14:52:04 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.07.10 16:33:14 | 000,003,584 | ---- | C] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.16 20:55:58 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll [2012.05.30 08:21:42 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2012.05.30 08:21:20 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.05.30 08:21:20 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.05.30 08:21:19 | 013,903,360 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2012.05.30 08:21:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2012.05.30 08:21:19 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.05.30 08:21:18 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2012.05.30 06:11:06 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012.05.30 06:04:16 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat [2012.05.30 05:59:04 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2012.02.26 14:02:17 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini [2012.02.26 14:02:12 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini [2012.02.26 14:02:12 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini [2012.02.26 14:02:12 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini [2012.02.26 14:02:12 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini [2012.02.26 14:02:12 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini [2012.02.26 14:02:12 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini [2012.02.26 14:02:12 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini [2012.02.26 12:54:12 | 001,590,378 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.11.06 05:29:16 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.04.2013 16:16:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 52,67% Memory free
7,82 Gb Paging File | 5,73 Gb Available in Paging File | 73,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 330,30 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BC8C789-F3B9-42A7-AAA6-1D69A661269A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{117D4677-D8EA-40B9-9180-9DFE17E91E85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1283A4DE-C313-4FAE-8042-7AA23B10431F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3132D0E6-A733-49BC-B081-C12E3CF44337}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{422AD37F-6FB6-4A23-9143-66B94919174E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A927413-5148-4029-9BA8-4C4976D23A58}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E2AC7C0-314A-4CBB-8ED4-A99C25B52808}" = rport=445 | protocol=6 | dir=out | app=system |
"{6A463D46-71C3-4A78-8AC7-35A2CC31BAD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F4D462D-1D33-4CB6-B63E-5679FEC30FE0}" = rport=137 | protocol=17 | dir=out | app=system |
"{71A9AA7A-567E-4B17-AEE3-FF6D6E14A1E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73B69D36-F0CF-465B-8CD3-2B677787F9AA}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{7681E210-3CD1-424A-971E-A41B0F9B9356}" = rport=139 | protocol=6 | dir=out | app=system |
"{7885BFAC-FE6F-43AA-9699-FA9FA0236AFD}" = lport=137 | protocol=17 | dir=in | app=system |
"{87FF8E46-5005-4CD4-AF8C-60B052C46BCE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{93F40161-FDDB-40BA-BF13-AD118786C601}" = lport=138 | protocol=17 | dir=in | app=system |
"{AC8E7156-242B-4CE3-83E7-CC12549F7371}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AFC544BD-0F6D-4245-A929-572A79FF0021}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B98ACCCB-7D1E-40A5-A7C3-986B1AB2B90F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB194FCB-6B84-4C74-BB34-B63B164E86AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C7963706-CC40-4CDE-AB91-8E9E3AFC7ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D864C982-D7A7-423D-BE77-679B471DFD69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA369F9F-05F8-47FF-94CE-FF2436AEAC64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DA554FFE-A00F-48E5-AD8B-B6E591FF2653}" = lport=445 | protocol=6 | dir=in | app=system |
"{DBBA19C4-AAD1-4340-8AA9-40F2838247DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{DDC0E055-B74A-459E-A1D4-4A08A737DFE7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F2090B15-0FB2-4573-B3F3-8D90064EA90F}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00157835-4941-4EDB-8FAF-48333FECC051}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{089018CE-FF27-43BF-B037-1273B7895A29}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0AA2009F-B8EE-4B08-9C8E-F433E19D82F9}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{1512C413-38C8-48A0-941C-3E3A0EBBF388}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1AAEA8AE-A448-45C3-9C9D-DB207041D598}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2326A654-26EE-4E86-A1BD-D11B14090837}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{2405D26C-B145-47F2-BF2A-35B8A0B18359}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{28E1CA45-4F9E-46C2-9B78-B0CE7382561C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3221953B-4AC8-43E7-B7D3-817741E20375}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{396B2D02-7495-401D-9637-BB3924CDB0A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40499D98-55AB-4E3D-9C58-B7042B070CCE}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{4677DA17-B9B5-4014-8D7B-A3242B684C71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{480F099C-A9A3-41FC-A4AA-42C90B130D72}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"{495D5EA1-01AC-493E-B677-50EBAEE462D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4E89CE42-6345-4329-8991-B0A2033A332D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F754371-9F94-4033-AEF1-EC696EF4AB17}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{578A1964-18F1-4488-A012-9E11B4DD9129}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe |
"{5A1F8F06-97B7-440A-8616-8B298FC5AB28}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{5CAE8FE3-0095-48C5-9C40-8C9F16EA1B95}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FC3C365-CB61-45BB-8585-88F851C1CD37}" = protocol=6 | dir=out | app=system |
"{621E5781-1769-46D0-AC65-2401415A6C9D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{62B95C17-DAB1-4428-AF74-E58F22D5A403}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{6E478732-72C8-4450-A005-E17C2C207CF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EE865C4-0FD7-4601-81A4-834C3AE7ABAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8DB2F86C-285B-4558-8F91-30545D4342D6}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe |
"{9ED8876C-4BB5-4549-9792-980F9D56316B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9F940E32-A58B-45B6-BF2B-3052DCBDD479}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A74FC99D-F505-4F8C-8218-EE719E1AD753}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{A7BDAB15-4005-4C7C-BCB7-F4FA26F0D3C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA6BE318-9614-4B26-93A0-3B46F6811818}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE572531-9E61-431A-AD62-6C9E9BC9B489}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"{B4CC58E6-4937-42CE-B8E8-82D4EB0258A1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{BCEAC1C3-271C-40DF-9DE9-6E0C2105C738}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{C3DCD12D-B304-49D5-9754-AF9D45442D84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA9AC0A5-9D62-46D5-9143-05512F089DA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D62675CA-48EA-49A1-BC8B-F0D0895AE209}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE9C3BF7-C818-4B00-A5D3-7A94271B3BFC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{F2DAEBC7-7A4A-4000-9601-58FABD8A153F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F8C24C10-FDCB-483A-B03F-79FACE294038}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{036983CC-5AA7-F67F-A0AC-E2A9395BAE1E}" = ccc-utility64
"{06388E0D-A364-478B-8E40-7D76142A8DF5}" = Autodesk Workflows - Product Design Suite 2013
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{07DC9A9D-1793-4EB4-AC1A-70750F9FB72B}" = Autodesk Navisworks Simulate 2013 - 2009 DWG File Reader
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0C821839-EA2A-48C2-BBD5-2B3D28159BC0}" = Autodesk Mudbox 2013 64-bit
"{0D53A298-B2B7-4746-BB92-B757A6E559C3}" = Autodesk Navisworks Simulate 2013 - 2010 DWG File Reader
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{107CB1E9-DDA9-40B5-8A6D-325361402200}" = Autodesk Navisworks Simulate 2013 - 2011 DWG File Reader
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel(R) PROSet/Wireless WiFi-Software
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{3CB60177-D3D2-4E9C-BE4D-8372B34B4C7F}" = Autodesk SketchBook Designer 2013
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F744A9A-3067-4605-8864-DA1658059F0B}" = Autodesk Navisworks Simulate 2013 - 2008 DWG File Reader
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{56BAC4EE-B1DA-42A7-ACA5-7A353F2ED1DA}" = Validity Sensors DDK
"{5783F2D7-B005-0000-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 Language Pack - Deutsch (German)
"{5783F2D7-B005-0407-2102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B007-0407-0102-0060B0CE6BBA}" = AutoCAD Electrical 2013 - Deutsch (German)
"{5783F2D7-B007-0407-1102-0060B0CE6BBA}" = AutoCAD Electrical 2013 Language Pack - Deutsch
"{5783F2D7-B007-0407-2102-0060B0CE6BBA}" = AutoCAD Electrical 2013
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{5AF0B1A8-1EF7-0FF7-5504-4983FB76F914}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62CBE596-1BB8-4D7B-A056-103287BAD1C4}" = Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7B42AD25-3D13-4422-A445-F5E18BD963FC}" = Autodesk SketchBook Designer for AutoCAD 2013
"{7D65612F-53B4-0409-85AA-21DF5A8E9455}" = Autodesk 3ds Max Design 2013 64-bit
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor 2013 Language Pack - Deutsch (German)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion Plugin for AutoCAD 2013
"{84A6C8C6-0000-0264-0002-83487CD4C147}" = Autodesk Product Design Suite Premium 2013
"{84A6C8C6-0010-0264-0002-83487CD4C147}" = Autodesk Product Design Suite 2013 Language Pack
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{907A3175-B78E-0407-A98B-0A97BDE8A59C}" = Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch
"{90A2F9D3-3E5E-4EF4-BC83-E7795CEF1A42}" = Autodesk Navisworks Simulate 2013 - 2012 DWG File Reader
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A15BFC7D-6A90-47E6-8C6E-D51B2929D8C8}" = Autodesk Showcase 2013 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{BC66B242-DF13-1664-851B-00123612ED98}" = Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{CBED6FC7-FB20-4920-AA80-3D6F3459F902}" = Autodesk Navisworks Simulate 2013 - 2013 DWG File Reader
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{CFAD9B91-391E-8337-859E-B14918E9ABB3}" = AMD AVIVO64 Codecs
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D28EFBA5-1764-4B79-946A-000BE950E8E2}" = Autodesk Product Design Suite 2013 Schnelle Deinstallation
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DE7FFE23-D092-5379-B83C-0E27FF07E329}" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F17E30E2-7ED4-0000-8A8E-CAB597E3F8ED}" = Autodesk Navisworks Simulate 2013
"{F17E30E2-7ED4-0407-8A8E-CAB597E3F8ED}" = Autodesk Navisworks Simulate 2013 Language Pack - Deutsch
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"AutoCAD Electrical 2013 - Deutsch (German)" = AutoCAD Electrical 2013 - Deutsch (German)
"AutoCAD Mechanical 2013 - Deutsch (German)" = AutoCAD Mechanical 2013 - Deutsch (German)
"Autodesk 3ds Max Design 2013 64-bit" = Autodesk 3ds Max Design 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit
"Autodesk Inventor 2013" = Autodesk Inventor 2013 Deutsch (German)
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion Plugin for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Autodesk Mudbox 2013 64-bit" = Autodesk Mudbox 2013 64-bit
"Autodesk Navisworks 2013 64 bit Exporter Plug-ins" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins
"Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch" = Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch
"Autodesk Navisworks Simulate 2013" = Autodesk Navisworks Simulate 2013
"Autodesk Navisworks Simulate 2013 Language Pack - Deutsch" = Autodesk Navisworks Simulate 2013 Language Pack - Deutsch
"Autodesk Product Design Suite Premium 2013" = Autodesk Product Design Suite Premium 2013
"Autodesk Showcase 2013 64-bit" = Autodesk Showcase 2013 64-bit
"Autodesk SketchBook Designer 2013" = Autodesk SketchBook Designer 2013
"Autodesk SketchBook Designer for AutoCAD 2013" = Autodesk SketchBook Designer for AutoCAD 2013
"DWG TrueView 2013" = DWG TrueView 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{12867B14-03B1-5FEA-B987-9508DBB92A51}" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{249A3D8F-FE03-374E-BFB2-ED3B1FF072C6}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34CB9121-4C52-7854-5E6B-30C00F603782}" = CCC Help Chinese Traditional
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EF2FD37-A6AF-030E-5140-6D64264CB0CC}" = CCC Help Swedish
"{4614113D-DB85-EBE8-C550-52D5134A25E5}" = Catalyst Control Center
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5CD64D9F-9525-4CED-34F9-CD600D486A7B}" = CCC Help Russian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60D2D550-6DA4-E943-592A-B71B577767A6}" = PX Profile Update
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E469237-BA9E-DF10-9DE1-1BC649DEDC01}" = Catalyst Control Center InstallProxy
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70E3E97D-726D-B60E-B776-AC3200A870F3}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{7E30BC50-4F89-1E78-BE14-13395A356BE7}" = CCC Help Dutch
"{7EC2E893-73FC-6AEA-F8C6-A7C74C541C73}" = CCC Help French
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84D61D1B-4F89-D6B1-79B9-FA390A9B05F5}" = CCC Help Japanese
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8754105B-2BEF-0407-83F9-573C69BB204F}" = Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5921F0-8370-171D-D0D1-C83A7BD17400}" = CCC Help Danish
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9669EB2-B188-2D11-1562-BBB7BF0342E9}" = CCC Help Italian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5E44903-EE08-4B97-9A0F-08E2E1AAACF5}" = PowerXpressHybrid
"{BB531F76-F03F-B6DC-B740-830B46A60616}" = Catalyst Control Center Profiles Mobile
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7755E3B-57EF-ADF8-A112-85C14D0388D0}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB89DE9-C8FD-4D33-986A-DBDEC5309378}" = Catalyst Control Center - Branding
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2643DB8-3102-A67F-E1C0-4292FACC3637}" = CCC Help Portuguese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF86FC7A-4065-D2D2-99FB-E86E8CB9D64E}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBEA3B88-360E-858B-53F5-1948FF0466D9}" = CCC Help German
"{ED18994D-D12A-CD81-D1B9-C8844B5654BB}" = CCC Help Chinese Standard
"{ED3264CD-DF55-ECEE-9ED6-C85BAD78512F}" = CCC Help Finnish
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F13E6A6E-95B7-0352-2292-AAADF81FC560}" = CCC Help English
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}" = Autodesk Civil View for 3ds Max Design 2013
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Navisworks 2013 32 bit Exporter Plug-ins" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins
"Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch" = Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviraSpeedup" = Avira System Speedup
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Dell Webcam Central" = Dell Webcam Central
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2013 08:56:55 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.01.2013 05:30:17 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 05:25:22 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.01.2013 10:05:42 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.01.2013 04:34:40 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2013 16:40:17 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.01.2013 13:41:18 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.02.2013 09:58:58 | Computer Name = Dell-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.6365.0,
Zeitstempel: 0x4e68a05a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc000000d Fehleroffset: 0x00000000000737e2
ID
des fehlerhaften Prozesses: 0x1b8 Startzeit der fehlerhaften Anwendung: 0x01cdf5bbee4eb11f
Pfad
der fehlerhaften Anwendung: C:\Program Files\IDT\WDM\STacSV64.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 2f82b63b-6f9c-11e2-a51e-4ceb4294832d
Error - 06.02.2013 09:23:10 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 06.02.2013 14:40:45 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 09.03.2013 10:45:50 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
Error - 09.03.2013 17:36:27 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
Error - 10.03.2013 15:30:03 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
Error - 13.03.2013 12:06:36 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
Error - 14.03.2013 15:51:11 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
Error - 17.03.2013 14:39:52 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Audio Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 22.03.2013 11:25:03 | Computer Name = Dell-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 23.03.2013 08:51:55 | Computer Name = Dell-PC | Source = DCOM | ID = 10005
Description =
Error - 23.03.2013 08:51:55 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%109
Error - 25.03.2013 04:40:08 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-22 17:15:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JF3O 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dell\AppData\Local\Temp\pxldapod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031b2000 45 bytes [00, 00, BD, 00, 46, 69, 6C, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031b202f 17 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2044] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2044] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4840:4412] 000007fefc292a7c
Thread C:\windows\System32\svchost.exe [5616:5696] 000007fee9f29688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4294832d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4294832d@e8cba1465d59 0xE0 0x3D 0x79 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4294832d@5cff353fb196 0x41 0xC5 0xBE 0x8F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4294832d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4294832d@e8cba1465d59 0xE0 0x3D 0x79 0xD0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4294832d@5cff353fb196 0x41 0xC5 0xBE 0x8F ...
---- EOF - GMER 2.1 ----
Vielen Dank vorab |
|
24.04.2013, 11:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Zip Anhang mit TR/Roque.957311 geöffnet Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
24.04.2013, 13:45
| #3 |
| | Zip Anhang mit TR/Roque.957311 geöffnet Jepp, hier der Log von Malwarebytes:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.22.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dell :: DELL-PC [Administrator] Schutz: Aktiviert 22.04.2013 14:11:10 mbam-log-2013-04-22 (14-11-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 491023 Laufzeit: 1 Stunde(n), 8 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 22. April 2013 14:01
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Dell
Computername : DELL-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3499 Bytes 19.03.2013 16:29:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 28.03.2013 13:52:30
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 12.12.2012 13:21:34
LUKE.DLL : 13.6.0.902 67808 Bytes 28.03.2013 13:52:41
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19.03.2013 19:39:18
AVREG.DLL : 13.6.0.940 250592 Bytes 19.03.2013 19:39:18
avlode.dll : 13.6.2.940 434912 Bytes 28.03.2013 13:52:29
avlode.rdf : 13.0.0.46 15591 Bytes 28.03.2013 13:52:46
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 13:32:25
VBASE001.VDF : 7.11.70.1 2048 Bytes 04.04.2013 13:32:26
VBASE002.VDF : 7.11.70.2 2048 Bytes 04.04.2013 13:32:26
VBASE003.VDF : 7.11.70.3 2048 Bytes 04.04.2013 13:32:26
VBASE004.VDF : 7.11.70.4 2048 Bytes 04.04.2013 13:32:26
VBASE005.VDF : 7.11.70.5 2048 Bytes 04.04.2013 13:32:26
VBASE006.VDF : 7.11.70.6 2048 Bytes 04.04.2013 13:32:26
VBASE007.VDF : 7.11.70.7 2048 Bytes 04.04.2013 13:32:26
VBASE008.VDF : 7.11.70.8 2048 Bytes 04.04.2013 13:32:26
VBASE009.VDF : 7.11.70.9 2048 Bytes 04.04.2013 13:32:27
VBASE010.VDF : 7.11.70.10 2048 Bytes 04.04.2013 13:32:27
VBASE011.VDF : 7.11.70.11 2048 Bytes 04.04.2013 13:32:27
VBASE012.VDF : 7.11.70.12 2048 Bytes 04.04.2013 13:32:27
VBASE013.VDF : 7.11.70.13 2048 Bytes 04.04.2013 13:32:27
VBASE014.VDF : 7.11.70.103 136192 Bytes 05.04.2013 20:28:38
VBASE015.VDF : 7.11.70.183 183808 Bytes 06.04.2013 15:26:45
VBASE016.VDF : 7.11.71.9 145920 Bytes 08.04.2013 12:56:50
VBASE017.VDF : 7.11.71.115 169472 Bytes 10.04.2013 11:32:27
VBASE018.VDF : 7.11.71.197 172544 Bytes 11.04.2013 09:37:00
VBASE019.VDF : 7.11.72.17 135168 Bytes 12.04.2013 11:36:06
VBASE020.VDF : 7.11.72.103 158208 Bytes 15.04.2013 11:39:29
VBASE021.VDF : 7.11.72.137 152064 Bytes 15.04.2013 11:39:29
VBASE022.VDF : 7.11.72.223 159232 Bytes 16.04.2013 12:55:10
VBASE023.VDF : 7.11.73.59 204288 Bytes 18.04.2013 05:45:56
VBASE024.VDF : 7.11.73.133 164864 Bytes 19.04.2013 12:08:14
VBASE025.VDF : 7.11.73.201 225792 Bytes 22.04.2013 11:38:41
VBASE026.VDF : 7.11.73.202 1536 Bytes 22.04.2013 11:38:41
VBASE027.VDF : 7.11.73.203 1536 Bytes 22.04.2013 11:38:41
VBASE028.VDF : 7.11.73.204 1536 Bytes 22.04.2013 11:38:41
VBASE029.VDF : 7.11.73.205 1536 Bytes 22.04.2013 11:38:41
VBASE030.VDF : 7.11.73.206 1536 Bytes 22.04.2013 11:38:41
VBASE031.VDF : 7.11.73.224 35840 Bytes 22.04.2013 11:38:41
Engineversion : 8.2.12.30
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 14:42:55
AESCRIPT.DLL : 8.1.4.106 483709 Bytes 11.04.2013 15:37:01
AESCN.DLL : 8.1.10.4 131446 Bytes 28.03.2013 13:52:25
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 16:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 14:11:00
AEPACK.DLL : 8.3.2.6 827767 Bytes 28.03.2013 13:52:25
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 14:36:21
AEHEUR.DLL : 8.1.4.302 5890425 Bytes 18.04.2013 14:18:24
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 15:52:32
AEGEN.DLL : 8.1.7.2 442741 Bytes 28.03.2013 13:52:21
AEEXP.DLL : 8.4.0.22 196982 Bytes 18.04.2013 14:18:25
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 13:52:18
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:07:19
AVWINLL.DLL : 13.6.0.480 26480 Bytes 07.02.2013 14:04:58
AVPREF.DLL : 13.6.0.480 51056 Bytes 07.02.2013 14:05:27
AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 13:59:17
AVARKT.DLL : 13.6.0.902 260832 Bytes 28.03.2013 13:52:26
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 28.03.2013 13:52:27
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 07.02.2013 14:05:29
NETNT.DLL : 13.6.0.480 16240 Bytes 07.02.2013 14:05:59
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 12.12.2012 13:21:30
RCTEXT.DLL : 13.6.0.976 69344 Bytes 28.03.2013 13:52:19
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\Dell\AppData\Local\Temp\3e3552a5.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 22. April 2013 14:01
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Dell\Downloads\*** MAHNUNG www.sanicare.de 19593280.zip'
C:\Users\Dell\Downloads\*** MAHNUNG www.sanicare.de 19593280.zip
[0] Archivtyp: ZIP
--> Rechnung.scr
[FUND] Ist das Trojanische Pferd TR/Rogue.957311
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Desinfektion:
C:\Users\Dell\Downloads\*** MAHNUNG www.sanicare.de 19593280.zip
[FUND] Ist das Trojanische Pferd TR/Rogue.957311
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '565f84c6.qua' verschoben!
Ende des Suchlaufs: Montag, 22. April 2013 14:01
Benötigte Zeit: 00:00 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
3 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
2 Dateien ohne Befall
1 Archive wurden durchsucht
1 Warnungen
1 Hinweise
|
|
24.04.2013, 13:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zip Anhang mit TR/Roque.957311 geöffnet Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.04.2013, 16:00
| #5 |
| | Zip Anhang mit TR/Roque.957311 geöffnet Hallo, zuerst Malwarebites Antirootkit: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.24.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dell :: DELL-PC [administrator]
24.04.2013 16:34:31
mbar-log-2013-04-24 (16-34-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 40852
Time elapsed: 9 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-24 16:38:54
-----------------------------
16:38:54.606 OS Version: Windows x64 6.1.7601 Service Pack 1
16:38:54.606 Number of processors: 4 586 0x2A07
16:38:54.607 ComputerName: DELL-PC UserName: Dell
16:38:56.143 Initialize success
16:44:03.865 AVAST engine defs: 13042400
16:44:16.247 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:44:16.249 Disk 0 Vendor: Hitachi_ JF3O Size: 476940MB BusType: 3
16:44:17.518 Disk 0 MBR read successfully
16:44:17.524 Disk 0 MBR scan
16:44:17.535 Disk 0 Windows 7 default MBR code
16:44:17.700 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
16:44:17.827 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 206848
16:44:17.908 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456838 MB offset 41166848
16:44:19.785 Disk 0 scanning C:\windows\system32\drivers
16:47:11.563 Service scanning
16:47:37.786 Modules scanning
16:47:37.802 Disk 0 trace - called modules:
16:47:37.924 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
16:47:37.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a72060]
16:47:37.962 3 CLASSPNP.SYS[fffff88001a2c43f] -> nt!IofCallDriver -> [0xfffffa8004906890]
16:47:37.974 5 stdcfltn.sys[fffff880016d5c52] -> nt!IofCallDriver -> [0xfffffa800449f800]
16:47:37.981 7 ACPI.sys[fffff88000f067a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80044a5050]
16:47:39.021 AVAST engine scan C:\windows
16:49:25.295 Disk 0 MBR has been saved successfully to "C:\Users\Dell\Desktop\MBR.dat"
16:49:25.314 The log file has been saved successfully to "C:\Users\Dell\Desktop\aswMBR.txt"
Code:
ATTFilter 16:52:25.0271 2920 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:52:25.0419 2920 ============================================================
16:52:25.0419 2920 Current date / time: 2013/04/24 16:52:25.0419
16:52:25.0419 2920 SystemInfo:
16:52:25.0419 2920
16:52:25.0419 2920 OS Version: 6.1.7601 ServicePack: 1.0
16:52:25.0419 2920 Product type: Workstation
16:52:25.0419 2920 ComputerName: DELL-PC
16:52:25.0419 2920 UserName: Dell
16:52:25.0419 2920 Windows directory: C:\windows
16:52:25.0419 2920 System windows directory: C:\windows
16:52:25.0419 2920 Running under WOW64
16:52:25.0419 2920 Processor architecture: Intel x64
16:52:25.0419 2920 Number of processors: 4
16:52:25.0419 2920 Page size: 0x1000
16:52:25.0419 2920 Boot type: Normal boot
16:52:25.0419 2920 ============================================================
16:52:25.0895 2920 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:52:25.0899 2920 ============================================================
16:52:25.0899 2920 \Device\Harddisk0\DR0:
16:52:25.0899 2920 MBR partitions:
16:52:25.0899 2920 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2710000
16:52:25.0899 2920 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x37C43030
16:52:25.0899 2920 ============================================================
16:52:25.0938 2920 C: <-> \Device\Harddisk0\DR0\Partition2
16:52:25.0938 2920 ============================================================
16:52:25.0938 2920 Initialize success
16:52:25.0938 2920 ============================================================
16:53:21.0902 4472 ============================================================
16:53:21.0902 4472 Scan started
16:53:21.0902 4472 Mode: Manual; SigCheck; TDLFS;
16:53:21.0902 4472 ============================================================
16:53:22.0077 4472 ================ Scan system memory ========================
16:53:22.0077 4472 System memory - ok
16:53:22.0077 4472 ================ Scan services =============================
16:53:22.0290 4472 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
16:53:22.0532 4472 1394ohci - ok
16:53:22.0560 4472 [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler C:\windows\system32\DRIVERS\Accelern.sys
16:53:22.0605 4472 Acceler - ok
16:53:22.0640 4472 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
16:53:22.0668 4472 ACPI - ok
16:53:22.0686 4472 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
16:53:22.0782 4472 AcpiPmi - ok
16:53:22.0856 4472 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:53:22.0882 4472 AdobeARMservice - ok
16:53:22.0985 4472 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:53:23.0017 4472 AdobeFlashPlayerUpdateSvc - ok
16:53:23.0058 4472 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
16:53:23.0091 4472 adp94xx - ok
16:53:23.0533 4472 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
16:53:23.0557 4472 adpahci - ok
16:53:23.0683 4472 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
16:53:23.0715 4472 adpu320 - ok
16:53:23.0749 4472 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:53:23.0923 4472 AeLookupSvc - ok
16:53:24.0011 4472 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
16:53:24.0117 4472 AESTFilters - ok
16:53:24.0166 4472 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
16:53:24.0282 4472 AFD - ok
16:53:24.0318 4472 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
16:53:24.0345 4472 agp440 - ok
16:53:24.0382 4472 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
16:53:24.0457 4472 ALG - ok
16:53:24.0492 4472 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
16:53:24.0501 4472 aliide - ok
16:53:24.0535 4472 [ CA52F07AB224527F0E2AFF987A4DEAAE ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
16:53:24.0660 4472 AMD External Events Utility - ok
16:53:24.0686 4472 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
16:53:24.0711 4472 amdide - ok
16:53:24.0782 4472 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
16:53:24.0862 4472 AmdK8 - ok
16:53:25.0113 4472 [ 5752679DF26FFF6F87E8EE7318F4931D ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
16:53:25.0387 4472 amdkmdag - ok
16:53:25.0452 4472 [ 0F010003B8032DDB4E5A4DFC37D6FDBD ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
16:53:25.0514 4472 amdkmdap - ok
16:53:25.0539 4472 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
16:53:25.0601 4472 AmdPPM - ok
16:53:25.0646 4472 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
16:53:25.0676 4472 amdsata - ok
16:53:25.0697 4472 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
16:53:25.0709 4472 amdsbs - ok
16:53:25.0722 4472 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
16:53:25.0736 4472 amdxata - ok
16:53:25.0776 4472 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
16:53:25.0863 4472 AMPPAL - ok
16:53:25.0877 4472 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
16:53:25.0895 4472 AMPPALP - ok
16:53:25.0975 4472 [ A47D7FEBD9381D34DDB4FF38B15A67FE ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:53:26.0001 4472 AMPPALR3 - ok
16:53:26.0076 4472 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:53:26.0099 4472 AntiVirSchedulerService - ok
16:53:26.0117 4472 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:53:26.0126 4472 AntiVirService - ok
16:53:26.0158 4472 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
16:53:26.0322 4472 AppID - ok
16:53:26.0344 4472 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:53:26.0418 4472 AppIDSvc - ok
16:53:26.0454 4472 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
16:53:26.0532 4472 Appinfo - ok
16:53:26.0576 4472 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
16:53:26.0602 4472 arc - ok
16:53:26.0615 4472 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
16:53:26.0625 4472 arcsas - ok
16:53:26.0717 4472 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:53:26.0751 4472 aspnet_state - ok
16:53:26.0774 4472 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:53:26.0861 4472 AsyncMac - ok
16:53:26.0896 4472 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
16:53:26.0906 4472 atapi - ok
16:53:26.0975 4472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:53:27.0074 4472 AudioEndpointBuilder - ok
16:53:27.0084 4472 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
16:53:27.0121 4472 AudioSrv - ok
16:53:27.0233 4472 [ F431DC5D94F4B2FDBC927655D8A9B10E ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
16:53:27.0264 4472 Autodesk Content Service - ok
16:53:27.0317 4472 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
16:53:27.0342 4472 avgntflt - ok
16:53:27.0369 4472 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
16:53:27.0379 4472 avipbb - ok
16:53:27.0399 4472 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
16:53:27.0407 4472 avkmgr - ok
16:53:27.0442 4472 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
16:53:27.0567 4472 AxInstSV - ok
16:53:27.0612 4472 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
16:53:27.0691 4472 b06bdrv - ok
16:53:27.0721 4472 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
16:53:27.0784 4472 b57nd60a - ok
16:53:27.0846 4472 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
16:53:27.0936 4472 BDESVC - ok
16:53:27.0963 4472 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
16:53:28.0065 4472 Beep - ok
16:53:28.0108 4472 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
16:53:28.0210 4472 BFE - ok
16:53:28.0249 4472 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
16:53:28.0364 4472 BITS - ok
16:53:28.0396 4472 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:53:28.0439 4472 blbdrive - ok
16:53:28.0536 4472 [ 6D625A18DDFCD0464B914B71293AD837 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
16:53:28.0573 4472 Bluetooth Device Monitor - ok
16:53:28.0613 4472 [ 74B2BF80D966CFE8BC8005D19E40608D ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
16:53:28.0663 4472 Bluetooth Media Service - ok
16:53:28.0720 4472 [ 707BF27D30ADAB7798C69D5BF41C7131 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
16:53:28.0757 4472 Bluetooth OBEX Service - ok
16:53:28.0785 4472 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:53:28.0869 4472 bowser - ok
16:53:28.0905 4472 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
16:53:28.0958 4472 BrFiltLo - ok
16:53:28.0985 4472 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
16:53:29.0040 4472 BrFiltUp - ok
16:53:29.0100 4472 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
16:53:29.0141 4472 Browser - ok
16:53:29.0174 4472 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:53:29.0260 4472 Brserid - ok
16:53:29.0282 4472 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:53:29.0337 4472 BrSerWdm - ok
16:53:29.0375 4472 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:53:29.0431 4472 BrUsbMdm - ok
16:53:29.0454 4472 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:53:29.0486 4472 BrUsbSer - ok
16:53:29.0531 4472 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
16:53:29.0611 4472 BthEnum - ok
16:53:29.0650 4472 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
16:53:29.0702 4472 BTHMODEM - ok
16:53:29.0724 4472 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
16:53:29.0799 4472 BthPan - ok
16:53:29.0847 4472 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
16:53:29.0946 4472 BTHPORT - ok
16:53:29.0982 4472 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
16:53:30.0015 4472 bthserv - ok
16:53:30.0038 4472 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:53:30.0048 4472 BTHSSecurityMgr - ok
16:53:30.0079 4472 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
16:53:30.0131 4472 BTHUSB - ok
16:53:30.0175 4472 [ 3676BEAA7D842047D30E95D59B241F22 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
16:53:30.0243 4472 btmaux - ok
16:53:30.0290 4472 [ FA0E7B5AFB8FD335234916764A2D6CF9 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
16:53:30.0368 4472 btmhsf - ok
16:53:30.0403 4472 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:53:30.0492 4472 cdfs - ok
16:53:30.0527 4472 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
16:53:30.0580 4472 cdrom - ok
16:53:30.0621 4472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
16:53:30.0706 4472 CertPropSvc - ok
16:53:30.0755 4472 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
16:53:30.0768 4472 circlass - ok
16:53:30.0787 4472 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
16:53:30.0803 4472 CLFS - ok
16:53:30.0854 4472 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:30.0865 4472 clr_optimization_v2.0.50727_32 - ok
16:53:30.0884 4472 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:53:30.0893 4472 clr_optimization_v2.0.50727_64 - ok
16:53:30.0967 4472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:53:30.0990 4472 clr_optimization_v4.0.30319_32 - ok
16:53:31.0012 4472 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:53:31.0047 4472 clr_optimization_v4.0.30319_64 - ok
16:53:31.0067 4472 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:53:31.0192 4472 CmBatt - ok
16:53:31.0227 4472 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
16:53:31.0249 4472 cmdide - ok
16:53:31.0307 4472 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
16:53:31.0371 4472 CNG - ok
16:53:31.0405 4472 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
16:53:31.0431 4472 Compbatt - ok
16:53:31.0446 4472 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
16:53:31.0500 4472 CompositeBus - ok
16:53:31.0524 4472 COMSysApp - ok
16:53:31.0544 4472 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
16:53:31.0570 4472 crcdisk - ok
16:53:31.0635 4472 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
16:53:31.0754 4472 CryptSvc - ok
16:53:31.0799 4472 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
16:53:31.0884 4472 CtClsFlt - ok
16:53:31.0932 4472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
16:53:32.0018 4472 DcomLaunch - ok
16:53:32.0057 4472 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
16:53:32.0138 4472 defragsvc - ok
16:53:32.0176 4472 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:53:32.0262 4472 DfsC - ok
16:53:32.0309 4472 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
16:53:32.0403 4472 Dhcp - ok
16:53:32.0423 4472 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
16:53:32.0507 4472 discache - ok
16:53:32.0561 4472 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
16:53:32.0589 4472 Disk - ok
16:53:32.0626 4472 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
16:53:32.0699 4472 Dnscache - ok
16:53:32.0723 4472 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
16:53:32.0805 4472 dot3svc - ok
16:53:32.0881 4472 [ C43618154FC0C8480F53B04BA7A2F371 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
16:53:32.0912 4472 DpHost - ok
16:53:32.0926 4472 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
16:53:32.0984 4472 DPS - ok
16:53:33.0021 4472 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:53:33.0072 4472 drmkaud - ok
16:53:33.0101 4472 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:53:33.0130 4472 DXGKrnl - ok
16:53:33.0148 4472 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
16:53:33.0199 4472 EapHost - ok
16:53:33.0296 4472 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
16:53:33.0375 4472 ebdrv - ok
16:53:33.0413 4472 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
16:53:33.0521 4472 EFS - ok
16:53:33.0582 4472 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
16:53:33.0664 4472 ehRecvr - ok
16:53:33.0677 4472 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
16:53:33.0722 4472 ehSched - ok
16:53:33.0783 4472 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
16:53:33.0817 4472 elxstor - ok
16:53:33.0829 4472 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
16:53:33.0862 4472 ErrDev - ok
16:53:33.0909 4472 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
16:53:33.0999 4472 EventSystem - ok
16:53:34.0097 4472 [ B20A788579E443F768AAB1A24F705D0A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:53:34.0135 4472 EvtEng - ok
16:53:34.0160 4472 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
16:53:34.0214 4472 exfat - ok
16:53:34.0226 4472 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
16:53:34.0281 4472 fastfat - ok
16:53:34.0341 4472 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
16:53:34.0435 4472 Fax - ok
16:53:34.0462 4472 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
16:53:34.0513 4472 fdc - ok
16:53:34.0568 4472 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
16:53:34.0633 4472 fdPHost - ok
16:53:34.0642 4472 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
16:53:34.0694 4472 FDResPub - ok
16:53:34.0729 4472 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:53:34.0740 4472 FileInfo - ok
16:53:34.0759 4472 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:53:34.0862 4472 Filetrace - ok
16:53:34.0959 4472 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:53:35.0001 4472 FLEXnet Licensing Service 64 - ok
16:53:35.0018 4472 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
16:53:35.0029 4472 flpydisk - ok
16:53:35.0059 4472 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:53:35.0080 4472 FltMgr - ok
16:53:35.0127 4472 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
16:53:35.0251 4472 FontCache - ok
16:53:35.0294 4472 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:53:35.0316 4472 FontCache3.0.0.0 - ok
16:53:35.0332 4472 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:53:35.0346 4472 FsDepends - ok
16:53:35.0369 4472 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:53:35.0379 4472 Fs_Rec - ok
16:53:35.0409 4472 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:53:35.0437 4472 fvevol - ok
16:53:35.0462 4472 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
16:53:35.0472 4472 gagp30kx - ok
16:53:35.0503 4472 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
16:53:35.0546 4472 gpsvc - ok
16:53:35.0611 4472 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:53:35.0635 4472 gupdate - ok
16:53:35.0641 4472 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:53:35.0649 4472 gupdatem - ok
16:53:35.0686 4472 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:53:35.0755 4472 hcw85cir - ok
16:53:35.0778 4472 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:53:35.0834 4472 HdAudAddService - ok
16:53:35.0867 4472 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
16:53:35.0920 4472 HDAudBus - ok
16:53:35.0955 4472 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
16:53:36.0008 4472 HidBatt - ok
16:53:36.0035 4472 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
16:53:36.0090 4472 HidBth - ok
16:53:36.0121 4472 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
16:53:36.0152 4472 HidIr - ok
16:53:36.0174 4472 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
16:53:36.0226 4472 hidserv - ok
16:53:36.0254 4472 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
16:53:36.0264 4472 HidUsb - ok
16:53:36.0300 4472 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
16:53:36.0379 4472 hkmsvc - ok
16:53:36.0422 4472 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:53:36.0507 4472 HomeGroupListener - ok
16:53:36.0530 4472 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:53:36.0578 4472 HomeGroupProvider - ok
16:53:36.0619 4472 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
16:53:36.0648 4472 HpSAMD - ok
16:53:36.0673 4472 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
16:53:36.0759 4472 HTTP - ok
16:53:36.0797 4472 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:53:36.0806 4472 hwpolicy - ok
16:53:36.0821 4472 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
16:53:36.0833 4472 i8042prt - ok
16:53:36.0857 4472 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
16:53:36.0870 4472 iaStor - ok
16:53:36.0908 4472 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:53:36.0926 4472 IAStorDataMgrSvc - ok
16:53:36.0969 4472 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:53:36.0997 4472 iaStorV - ok
16:53:37.0008 4472 [ 653A38B868A5F20BB506AB57AC41B936 ] ibtfltcoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
16:53:37.0016 4472 ibtfltcoex - ok
16:53:37.0071 4472 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:53:37.0110 4472 idsvc - ok
16:53:37.0140 4472 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
16:53:37.0167 4472 iirsp - ok
16:53:37.0210 4472 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
16:53:37.0282 4472 IKEEXT - ok
16:53:37.0327 4472 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
16:53:37.0349 4472 intaud_WaveExtensible - ok
16:53:37.0398 4472 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
16:53:37.0474 4472 IntcDAud - ok
16:53:37.0504 4472 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
16:53:37.0529 4472 intelide - ok
16:53:37.0754 4472 [ 978D876A581D57E0DE6437674EB0014D ] intelkmd C:\windows\system32\DRIVERS\igdpmd64.sys
16:53:38.0063 4472 intelkmd - ok
16:53:38.0102 4472 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
16:53:38.0155 4472 intelppm - ok
16:53:38.0203 4472 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:53:38.0294 4472 IPBusEnum - ok
16:53:38.0308 4472 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:53:38.0340 4472 IpFilterDriver - ok
16:53:38.0402 4472 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
16:53:38.0491 4472 iphlpsvc - ok
16:53:38.0533 4472 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
16:53:38.0589 4472 IPMIDRV - ok
16:53:38.0630 4472 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:53:38.0715 4472 IPNAT - ok
16:53:38.0757 4472 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
16:53:38.0791 4472 IRENUM - ok
16:53:38.0804 4472 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
16:53:38.0813 4472 isapnp - ok
16:53:38.0833 4472 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
16:53:38.0847 4472 iScsiPrt - ok
16:53:38.0887 4472 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys
16:53:38.0908 4472 iwdbus - ok
16:53:38.0943 4472 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
16:53:38.0969 4472 kbdclass - ok
16:53:38.0979 4472 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
16:53:39.0027 4472 kbdhid - ok
16:53:39.0055 4472 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
16:53:39.0077 4472 KeyIso - ok
16:53:39.0115 4472 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:53:39.0140 4472 KSecDD - ok
16:53:39.0186 4472 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:53:39.0212 4472 KSecPkg - ok
16:53:39.0247 4472 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
16:53:39.0319 4472 ksthunk - ok
16:53:39.0368 4472 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
16:53:39.0456 4472 KtmRm - ok
16:53:39.0498 4472 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
16:53:39.0585 4472 LanmanServer - ok
16:53:39.0616 4472 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:53:39.0719 4472 LanmanWorkstation - ok
16:53:39.0754 4472 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:53:39.0849 4472 lltdio - ok
16:53:39.0902 4472 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
16:53:39.0973 4472 lltdsvc - ok
16:53:40.0000 4472 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
16:53:40.0087 4472 lmhosts - ok
16:53:40.0158 4472 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:53:40.0192 4472 LMS - ok
16:53:40.0232 4472 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
16:53:40.0260 4472 LSI_FC - ok
16:53:40.0278 4472 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
16:53:40.0289 4472 LSI_SAS - ok
16:53:40.0304 4472 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
16:53:40.0314 4472 LSI_SAS2 - ok
16:53:40.0325 4472 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
16:53:40.0336 4472 LSI_SCSI - ok
16:53:40.0351 4472 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
16:53:40.0422 4472 luafv - ok
16:53:40.0483 4472 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
16:53:40.0504 4472 MBAMProtector - ok
16:53:40.0587 4472 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:53:40.0621 4472 MBAMScheduler - ok
16:53:40.0664 4472 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:53:40.0691 4472 MBAMService - ok
16:53:40.0722 4472 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
16:53:40.0769 4472 Mcx2Svc - ok
16:53:40.0805 4472 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
16:53:40.0830 4472 megasas - ok
16:53:40.0846 4472 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
16:53:40.0860 4472 MegaSR - ok
16:53:40.0912 4472 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
16:53:40.0933 4472 MEIx64 - ok
16:53:41.0080 4472 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2013_64 C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
16:53:41.0090 4472 mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - warning
16:53:41.0090 4472 mi-raysat_3dsmax2013_64 - detected UnsignedFile.Multi.Generic (1)
16:53:41.0125 4472 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
16:53:41.0206 4472 MMCSS - ok
16:53:41.0242 4472 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
16:53:41.0323 4472 Modem - ok
16:53:41.0347 4472 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:53:41.0400 4472 monitor - ok
16:53:41.0421 4472 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
16:53:41.0437 4472 mouclass - ok
16:53:41.0454 4472 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
16:53:41.0468 4472 mouhid - ok
16:53:41.0492 4472 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:53:41.0519 4472 mountmgr - ok
16:53:41.0559 4472 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:53:41.0581 4472 MozillaMaintenance - ok
16:53:41.0599 4472 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
16:53:41.0611 4472 mpio - ok
16:53:41.0625 4472 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:53:41.0659 4472 mpsdrv - ok
16:53:41.0696 4472 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
16:53:41.0800 4472 MpsSvc - ok
16:53:41.0826 4472 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:53:41.0881 4472 MRxDAV - ok
16:53:41.0904 4472 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:53:41.0991 4472 mrxsmb - ok
16:53:42.0025 4472 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:53:42.0058 4472 mrxsmb10 - ok
16:53:42.0074 4472 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:53:42.0118 4472 mrxsmb20 - ok
16:53:42.0149 4472 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
16:53:42.0174 4472 msahci - ok
16:53:42.0196 4472 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
16:53:42.0208 4472 msdsm - ok
16:53:42.0221 4472 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
16:53:42.0266 4472 MSDTC - ok
16:53:42.0298 4472 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
16:53:42.0350 4472 Msfs - ok
16:53:42.0375 4472 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:53:42.0459 4472 mshidkmdf - ok
16:53:42.0482 4472 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
16:53:42.0491 4472 msisadrv - ok
16:53:42.0509 4472 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:53:42.0587 4472 MSiSCSI - ok
16:53:42.0590 4472 msiserver - ok
16:53:42.0627 4472 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:53:42.0678 4472 MSKSSRV - ok
16:53:42.0705 4472 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:53:42.0770 4472 MSPCLOCK - ok
16:53:42.0796 4472 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:53:42.0880 4472 MSPQM - ok
16:53:42.0909 4472 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:53:42.0925 4472 MsRPC - ok
16:53:42.0935 4472 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
16:53:42.0944 4472 mssmbios - ok
16:53:42.0974 4472 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:53:43.0041 4472 MSTEE - ok
16:53:43.0061 4472 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
16:53:43.0104 4472 MTConfig - ok
16:53:43.0128 4472 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
16:53:43.0139 4472 Mup - ok
16:53:43.0172 4472 [ F217D7718FD7577AF331E89910B2D21E ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:53:43.0206 4472 MyWiFiDHCPDNS - ok
16:53:43.0241 4472 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
16:53:43.0331 4472 napagent - ok
16:53:43.0415 4472 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:53:43.0465 4472 NativeWifiP - ok
16:53:43.0545 4472 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
16:53:43.0592 4472 NDIS - ok
16:53:43.0618 4472 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:53:43.0697 4472 NdisCap - ok
16:53:43.0730 4472 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:53:43.0812 4472 NdisTapi - ok
16:53:43.0845 4472 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:53:43.0885 4472 Ndisuio - ok
16:53:43.0913 4472 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:53:43.0993 4472 NdisWan - ok
16:53:44.0018 4472 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:53:44.0051 4472 NDProxy - ok
16:53:44.0069 4472 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:53:44.0145 4472 NetBIOS - ok
16:53:44.0174 4472 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:53:44.0208 4472 NetBT - ok
16:53:44.0222 4472 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
16:53:44.0232 4472 Netlogon - ok
16:53:44.0269 4472 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
16:53:44.0353 4472 Netman - ok
16:53:44.0385 4472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:44.0414 4472 NetMsmqActivator - ok
16:53:44.0422 4472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:44.0436 4472 NetPipeActivator - ok
16:53:44.0453 4472 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
16:53:44.0532 4472 netprofm - ok
16:53:44.0536 4472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:44.0545 4472 NetTcpActivator - ok
16:53:44.0550 4472 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:44.0559 4472 NetTcpPortSharing - ok
16:53:44.0757 4472 [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
16:53:45.0000 4472 NETwNs64 - ok
16:53:45.0048 4472 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
16:53:45.0072 4472 nfrd960 - ok
16:53:45.0130 4472 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
16:53:45.0180 4472 NlaSvc - ok
16:53:45.0207 4472 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
16:53:45.0260 4472 Npfs - ok
16:53:45.0279 4472 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
16:53:45.0312 4472 nsi - ok
16:53:45.0321 4472 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:53:45.0353 4472 nsiproxy - ok
16:53:45.0428 4472 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:53:45.0477 4472 Ntfs - ok
16:53:45.0497 4472 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
16:53:45.0529 4472 Null - ok
16:53:45.0563 4472 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
16:53:45.0589 4472 nusb3hub - ok
16:53:45.0627 4472 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
16:53:45.0668 4472 nusb3xhc - ok
16:53:45.0710 4472 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
16:53:45.0740 4472 nvraid - ok
16:53:45.0756 4472 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
16:53:45.0768 4472 nvstor - ok
16:53:45.0798 4472 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
16:53:45.0827 4472 nv_agp - ok
16:53:45.0846 4472 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
16:53:45.0888 4472 ohci1394 - ok
16:53:45.0937 4472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:53:45.0985 4472 p2pimsvc - ok
16:53:46.0005 4472 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
16:53:46.0023 4472 p2psvc - ok
16:53:46.0046 4472 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
16:53:46.0073 4472 Parport - ok
16:53:46.0098 4472 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
16:53:46.0107 4472 partmgr - ok
16:53:46.0127 4472 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
16:53:46.0188 4472 PcaSvc - ok
16:53:46.0227 4472 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
16:53:46.0257 4472 pci - ok
16:53:46.0267 4472 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
16:53:46.0277 4472 pciide - ok
16:53:46.0298 4472 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
16:53:46.0311 4472 pcmcia - ok
16:53:46.0329 4472 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
16:53:46.0339 4472 pcw - ok
16:53:46.0362 4472 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:53:46.0423 4472 PEAUTH - ok
16:53:46.0535 4472 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
16:53:46.0590 4472 PerfHost - ok
16:53:46.0672 4472 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
16:53:46.0728 4472 pla - ok
16:53:46.0768 4472 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:53:46.0854 4472 PlugPlay - ok
16:53:46.0875 4472 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:53:46.0917 4472 PNRPAutoReg - ok
16:53:46.0953 4472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:53:46.0983 4472 PNRPsvc - ok
16:53:47.0018 4472 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:53:47.0113 4472 PolicyAgent - ok
16:53:47.0145 4472 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
16:53:47.0218 4472 Power - ok
16:53:47.0259 4472 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:53:47.0352 4472 PptpMiniport - ok
16:53:47.0377 4472 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
16:53:47.0419 4472 Processor - ok
16:53:47.0474 4472 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
16:53:47.0552 4472 ProfSvc - ok
16:53:47.0565 4472 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:53:47.0585 4472 ProtectedStorage - ok
16:53:47.0607 4472 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:53:47.0683 4472 Psched - ok
16:53:47.0724 4472 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
16:53:47.0747 4472 PxHlpa64 - ok
16:53:47.0809 4472 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
16:53:47.0849 4472 ql2300 - ok
16:53:47.0886 4472 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
16:53:47.0912 4472 ql40xx - ok
16:53:47.0939 4472 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
16:53:47.0976 4472 QWAVE - ok
16:53:47.0991 4472 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:53:48.0029 4472 QWAVEdrv - ok
16:53:48.0067 4472 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:53:48.0141 4472 RasAcd - ok
16:53:48.0183 4472 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:53:48.0233 4472 RasAgileVpn - ok
16:53:48.0257 4472 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
16:53:48.0344 4472 RasAuto - ok
16:53:48.0367 4472 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:53:48.0400 4472 Rasl2tp - ok
16:53:48.0423 4472 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
16:53:48.0460 4472 RasMan - ok
16:53:48.0469 4472 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:53:48.0507 4472 RasPppoe - ok
16:53:48.0528 4472 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:53:48.0613 4472 RasSstp - ok
16:53:48.0652 4472 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:53:48.0734 4472 rdbss - ok
16:53:48.0759 4472 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
16:53:48.0772 4472 rdpbus - ok
16:53:48.0798 4472 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:53:48.0834 4472 RDPCDD - ok
16:53:48.0845 4472 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:53:48.0918 4472 RDPENCDD - ok
16:53:48.0944 4472 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:53:48.0976 4472 RDPREFMP - ok
16:53:49.0034 4472 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
16:53:49.0102 4472 RdpVideoMiniport - ok
16:53:49.0133 4472 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:53:49.0180 4472 RDPWD - ok
16:53:49.0209 4472 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:53:49.0235 4472 rdyboost - ok
16:53:49.0305 4472 [ B9A0810D16EA7935B10A5499ABA61DC3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:53:49.0335 4472 RegSrvc - ok
16:53:49.0371 4472 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
16:53:49.0452 4472 RemoteAccess - ok
16:53:49.0499 4472 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:53:49.0581 4472 RemoteRegistry - ok
16:53:49.0616 4472 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
16:53:49.0678 4472 RFCOMM - ok
16:53:49.0817 4472 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
16:53:49.0849 4472 RoxMediaDB12OEM - ok
16:53:49.0875 4472 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
16:53:49.0886 4472 RoxWatch12 - ok
16:53:49.0913 4472 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:53:49.0966 4472 RpcEptMapper - ok
16:53:49.0989 4472 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
16:53:50.0037 4472 RpcLocator - ok
16:53:50.0072 4472 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
16:53:50.0126 4472 RpcSs - ok
16:53:50.0146 4472 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:53:50.0179 4472 rspndr - ok
16:53:50.0225 4472 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
16:53:50.0251 4472 RSUSBSTOR - ok
16:53:50.0298 4472 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
16:53:50.0325 4472 RTL8167 - ok
16:53:50.0329 4472 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
16:53:50.0342 4472 SamSs - ok
16:53:50.0356 4472 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
16:53:50.0366 4472 sbp2port - ok
16:53:50.0388 4472 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
16:53:50.0443 4472 SCardSvr - ok
16:53:50.0464 4472 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:53:50.0536 4472 scfilter - ok
16:53:50.0582 4472 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
16:53:50.0683 4472 Schedule - ok
16:53:50.0714 4472 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
16:53:50.0745 4472 SCPolicySvc - ok
16:53:50.0769 4472 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:53:50.0848 4472 SDRSVC - ok
16:53:50.0871 4472 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
16:53:50.0953 4472 secdrv - ok
16:53:50.0978 4472 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
16:53:51.0067 4472 seclogon - ok
16:53:51.0117 4472 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
16:53:51.0195 4472 SENS - ok
16:53:51.0230 4472 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
16:53:51.0296 4472 SensrSvc - ok
16:53:51.0315 4472 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
16:53:51.0357 4472 Serenum - ok
16:53:51.0402 4472 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
16:53:51.0458 4472 Serial - ok
16:53:51.0493 4472 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
16:53:51.0523 4472 sermouse - ok
16:53:51.0560 4472 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
16:53:51.0642 4472 SessionEnv - ok
16:53:51.0662 4472 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
16:53:51.0711 4472 sffdisk - ok
16:53:51.0739 4472 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
16:53:51.0795 4472 sffp_mmc - ok
16:53:51.0826 4472 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
16:53:51.0881 4472 sffp_sd - ok
16:53:51.0909 4472 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
16:53:51.0938 4472 sfloppy - ok
16:53:51.0986 4472 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
16:53:52.0069 4472 SharedAccess - ok
16:53:52.0116 4472 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:53:52.0208 4472 ShellHWDetection - ok
16:53:52.0281 4472 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
16:53:52.0308 4472 SiSRaid2 - ok
16:53:52.0323 4472 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
16:53:52.0334 4472 SiSRaid4 - ok
16:53:52.0404 4472 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:53:52.0429 4472 SkypeUpdate - ok
16:53:52.0454 4472 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
16:53:52.0542 4472 Smb - ok
16:53:52.0582 4472 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:53:52.0605 4472 SNMPTRAP - ok
16:53:52.0616 4472 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
16:53:52.0628 4472 spldr - ok
16:53:52.0672 4472 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
16:53:52.0748 4472 Spooler - ok
16:53:52.0853 4472 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
16:53:52.0985 4472 sppsvc - ok
16:53:53.0006 4472 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:53:53.0040 4472 sppuinotify - ok
16:53:53.0065 4472 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
16:53:53.0141 4472 srv - ok
16:53:53.0162 4472 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:53:53.0210 4472 srv2 - ok
16:53:53.0259 4472 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:53:53.0283 4472 srvnet - ok
16:53:53.0305 4472 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:53:53.0388 4472 SSDPSRV - ok
16:53:53.0413 4472 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
16:53:53.0447 4472 SstpSvc - ok
16:53:53.0488 4472 [ 7BF818B11C1FEDC3E76D233124470A30 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
16:53:53.0546 4472 STacSV - ok
16:53:53.0594 4472 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\windows\system32\DRIVERS\stdcfltn.sys
16:53:53.0615 4472 stdcfltn - ok
16:53:53.0642 4472 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
16:53:53.0667 4472 stexstor - ok
16:53:53.0713 4472 [ EBC1A5E076A9BE314D3D9E8ED19ABB0A ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
16:53:53.0756 4472 STHDA - ok
16:53:53.0813 4472 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
16:53:53.0894 4472 stisvc - ok
16:53:53.0959 4472 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:53:53.0981 4472 stllssvr - ok
16:53:54.0004 4472 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
16:53:54.0028 4472 swenum - ok
16:53:54.0051 4472 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
16:53:54.0159 4472 swprv - ok
16:53:54.0239 4472 [ 09E811486038F1C06F9E00DFFAAB7A4E ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
16:53:54.0288 4472 SynTP - ok
16:53:54.0332 4472 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
16:53:54.0410 4472 SysMain - ok
16:53:54.0440 4472 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:53:54.0474 4472 TabletInputService - ok
16:53:54.0491 4472 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
16:53:54.0528 4472 TapiSrv - ok
16:53:54.0545 4472 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
16:53:54.0578 4472 TBS - ok
16:53:54.0660 4472 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:53:54.0705 4472 Tcpip - ok
16:53:54.0737 4472 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:53:54.0773 4472 TCPIP6 - ok
16:53:54.0811 4472 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:53:54.0839 4472 tcpipreg - ok
16:53:54.0859 4472 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:53:54.0929 4472 TDPIPE - ok
16:53:54.0962 4472 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:53:55.0014 4472 TDTCP - ok
16:53:55.0040 4472 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:53:55.0095 4472 tdx - ok
16:53:55.0111 4472 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
16:53:55.0120 4472 TermDD - ok
16:53:55.0160 4472 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
16:53:55.0204 4472 TermService - ok
16:53:55.0219 4472 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
16:53:55.0236 4472 Themes - ok
16:53:55.0259 4472 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
16:53:55.0292 4472 THREADORDER - ok
16:53:55.0314 4472 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
16:53:55.0394 4472 TrkWks - ok
16:53:55.0454 4472 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:53:55.0515 4472 TrustedInstaller - ok
16:53:55.0538 4472 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:53:55.0608 4472 tssecsrv - ok
16:53:55.0642 4472 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
16:53:55.0706 4472 TsUsbFlt - ok
16:53:55.0732 4472 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
16:53:55.0749 4472 TsUsbGD - ok
16:53:55.0788 4472 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:53:55.0870 4472 tunnel - ok
16:53:55.0895 4472 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
16:53:55.0908 4472 uagp35 - ok
16:53:55.0927 4472 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:53:55.0999 4472 udfs - ok
16:53:56.0043 4472 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:53:56.0072 4472 UI0Detect - ok
16:53:56.0100 4472 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
16:53:56.0127 4472 uliagpkx - ok
16:53:56.0151 4472 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
16:53:56.0193 4472 umbus - ok
16:53:56.0217 4472 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
16:53:56.0248 4472 UmPass - ok
16:53:56.0375 4472 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:53:56.0450 4472 UNS - ok
16:53:56.0482 4472 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
16:53:56.0566 4472 upnphost - ok
16:53:56.0593 4472 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:53:56.0676 4472 usbccgp - ok
16:53:56.0693 4472 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
16:53:56.0710 4472 usbcir - ok
16:53:56.0724 4472 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
16:53:56.0761 4472 usbehci - ok
16:53:56.0806 4472 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:53:56.0864 4472 usbhub - ok
16:53:56.0901 4472 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
16:53:56.0943 4472 usbohci - ok
16:53:56.0984 4472 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
16:53:57.0032 4472 usbprint - ok
16:53:57.0069 4472 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
16:53:57.0102 4472 usbscan - ok
16:53:57.0121 4472 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
16:53:57.0215 4472 USBSTOR - ok
16:53:57.0236 4472 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
16:53:57.0269 4472 usbuhci - ok
16:53:57.0320 4472 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
16:53:57.0382 4472 usbvideo - ok
16:53:57.0415 4472 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
16:53:57.0495 4472 UxSms - ok
16:53:57.0515 4472 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
16:53:57.0525 4472 VaultSvc - ok
16:53:57.0605 4472 [ 8C51E58D59CBF2639832484EC9ED8DDA ] vcsFPService C:\Windows\system32\vcsFPService.exe
16:53:57.0672 4472 vcsFPService - ok
16:53:57.0681 4472 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
16:53:57.0690 4472 vdrvroot - ok
16:53:57.0716 4472 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
16:53:57.0791 4472 vds - ok
16:53:57.0833 4472 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:53:57.0887 4472 vga - ok
16:53:57.0916 4472 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
16:53:57.0949 4472 VgaSave - ok
16:53:57.0970 4472 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
16:53:57.0983 4472 vhdmp - ok
16:53:57.0993 4472 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
16:53:58.0002 4472 viaide - ok
16:53:58.0026 4472 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
16:53:58.0036 4472 volmgr - ok
16:53:58.0055 4472 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:53:58.0070 4472 volmgrx - ok
16:53:58.0090 4472 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
16:53:58.0104 4472 volsnap - ok
16:53:58.0130 4472 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
16:53:58.0147 4472 vsmraid - ok
16:53:58.0209 4472 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
16:53:58.0293 4472 VSS - ok
16:53:58.0324 4472 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:53:58.0381 4472 vwifibus - ok
16:53:58.0406 4472 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:53:58.0442 4472 vwififlt - ok
16:53:58.0467 4472 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
16:53:58.0502 4472 vwifimp - ok
16:53:58.0537 4472 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
16:53:58.0588 4472 W32Time - ok
16:53:58.0608 4472 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
16:53:58.0655 4472 WacomPen - ok
16:53:58.0702 4472 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:53:58.0784 4472 WANARP - ok
16:53:58.0787 4472 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:53:58.0818 4472 Wanarpv6 - ok
16:53:58.0881 4472 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
16:53:58.0913 4472 WatAdminSvc - ok
16:53:58.0971 4472 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
16:53:59.0063 4472 wbengine - ok
16:53:59.0086 4472 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
16:53:59.0116 4472 WbioSrvc - ok
16:53:59.0144 4472 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
16:53:59.0183 4472 wcncsvc - ok
16:53:59.0212 4472 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:53:59.0281 4472 WcsPlugInService - ok
16:53:59.0304 4472 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
16:53:59.0331 4472 Wd - ok
16:53:59.0386 4472 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
16:53:59.0416 4472 Wdf01000 - ok
16:53:59.0443 4472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
16:53:59.0559 4472 WdiServiceHost - ok
16:53:59.0566 4472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
16:53:59.0591 4472 WdiSystemHost - ok
16:53:59.0602 4472 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
16:53:59.0657 4472 WebClient - ok
16:53:59.0695 4472 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
16:53:59.0777 4472 Wecsvc - ok
16:53:59.0801 4472 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
16:53:59.0836 4472 wercplsupport - ok
16:53:59.0857 4472 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
16:53:59.0892 4472 WerSvc - ok
16:53:59.0902 4472 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
16:53:59.0934 4472 WfpLwf - ok
16:53:59.0963 4472 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
16:53:59.0980 4472 WIMMount - ok
16:54:00.0008 4472 WinDefend - ok
16:54:00.0014 4472 WinHttpAutoProxySvc - ok
16:54:00.0063 4472 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
16:54:00.0162 4472 Winmgmt - ok
16:54:00.0238 4472 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
16:54:00.0299 4472 WinRM - ok
16:54:00.0353 4472 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
16:54:00.0396 4472 WinUSB - ok
16:54:00.0443 4472 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
16:54:00.0527 4472 Wlansvc - ok
16:54:00.0569 4472 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:54:00.0592 4472 wlcrasvc - ok
16:54:00.0692 4472 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:54:00.0732 4472 wlidsvc - ok
16:54:00.0757 4472 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
16:54:00.0799 4472 WmiAcpi - ok
16:54:00.0846 4472 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
16:54:00.0907 4472 wmiApSrv - ok
16:54:00.0953 4472 WMPNetworkSvc - ok
16:54:00.0975 4472 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
16:54:01.0010 4472 WPCSvc - ok
16:54:01.0030 4472 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
16:54:01.0070 4472 WPDBusEnum - ok
16:54:01.0098 4472 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
16:54:01.0151 4472 ws2ifsl - ok
16:54:01.0168 4472 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
16:54:01.0217 4472 wscsvc - ok
16:54:01.0227 4472 WSearch - ok
16:54:01.0321 4472 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
16:54:01.0377 4472 wuauserv - ok
16:54:01.0413 4472 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
16:54:01.0488 4472 WudfPf - ok
16:54:01.0518 4472 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
16:54:01.0562 4472 WUDFRd - ok
16:54:01.0606 4472 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
16:54:01.0662 4472 wudfsvc - ok
16:54:01.0704 4472 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
16:54:01.0743 4472 WwanSvc - ok
16:54:01.0760 4472 ================ Scan global ===============================
16:54:01.0783 4472 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
16:54:01.0826 4472 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:54:01.0843 4472 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:54:01.0871 4472 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
16:54:01.0892 4472 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
16:54:01.0902 4472 [Global] - ok
16:54:01.0904 4472 ================ Scan MBR ==================================
16:54:01.0918 4472 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:54:02.0371 4472 \Device\Harddisk0\DR0 - ok
16:54:02.0372 4472 ================ Scan VBR ==================================
16:54:02.0411 4472 [ 45A5ECABE538EF4D16A872BC9AA46E20 ] \Device\Harddisk0\DR0\Partition1
16:54:02.0415 4472 \Device\Harddisk0\DR0\Partition1 - ok
16:54:02.0433 4472 [ 98DC1CDFF4AB0E27F5BFEF327D5B9724 ] \Device\Harddisk0\DR0\Partition2
16:54:02.0437 4472 \Device\Harddisk0\DR0\Partition2 - ok
16:54:02.0438 4472 ============================================================
16:54:02.0438 4472 Scan finished
16:54:02.0438 4472 ============================================================
16:54:02.0458 5828 Detected object count: 1
16:54:02.0458 5828 Actual detected object count: 1
16:54:42.0245 5828 mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0245 5828 mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:56.0081 4888 Deinitialize success
 |
|
24.04.2013, 20:39
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zip Anhang mit TR/Roque.957311 geöffnetZitat:
Was machst du denn mit dieser teuren Software, auf einem privaten (?) PC? 
__________________ --> Zip Anhang mit TR/Roque.957311 geöffnet |
|
25.04.2013, 10:51
| #7 | |
| | Zip Anhang mit TR/Roque.957311 geöffnetZitat:
Aber ansonsten: heisst das jetzt, dass mein Laptop Trojanerfrei ist??? Viele Grüße |
|
25.04.2013, 12:06
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zip Anhang mit TR/Roque.957311 geöffnet Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.04.2013, 16:16
| #9 |
| | Zip Anhang mit TR/Roque.957311 geöffnet So, das ist nun auch durch. Obwohl ich Antivir in der Taskleiste deaktiviert hatte, hat es sich 2 mal jeweils beim Erstellen des Wiederherstellungspunktes zu Wort gemeldet. unerlaubter Zugriff auf Regestry... Code:
ATTFilter ComboFix 13-04-25.01 - Dell 25.04.2013 17:04:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4003.1726 [GMT 2:00]
ausgeführt von:: c:\users\Dell\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\6032\AddOnDownloaded\07287f2e-4f82-4848-8132-7055ef322318.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2d5007b2-cc36-4b97-a231-d0c427a69035.dll
c:\programdata\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\75609d46-7fbb-40a8-a578-eec234c38e9a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\827ed839-f1a1-460d-82db-7790aaf0bceb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c870b857-9ba2-408a-b058-928ff7135168.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ca39d363-7f7b-442f-9d1a-7cf8e06b7b08.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f04a4d58-1eb6-4e35-b4b4-db6bab11e49b.dll
c:\programdata\Roaming
c:\windows\Downloaded Program Files\IDropPTB.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-25 bis 2013-04-25 ))))))))))))))))))))))))))))))
.
.
2013-04-25 15:09 . 2013-04-25 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-22 12:09 . 2013-04-22 12:09 -------- d-----w- c:\users\Dell\AppData\Roaming\Malwarebytes
2013-04-22 12:09 . 2013-04-22 12:09 -------- d-----w- c:\programdata\Malwarebytes
2013-04-22 12:09 . 2013-04-22 12:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-22 12:09 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-22 12:08 . 2013-04-22 12:08 -------- d-----w- c:\users\Dell\AppData\Local\Programs
2013-04-22 11:53 . 2013-04-22 11:53 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6136AC0A-5EA2-4E60-893C-C49C88864E60}\offreg.dll
2013-04-22 11:43 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6136AC0A-5EA2-4E60-893C-C49C88864E60}\mpengine.dll
2013-04-22 11:41 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-22 11:41 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-22 11:41 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-22 11:41 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-22 11:41 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-22 11:41 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-22 11:41 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-22 11:41 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-11 09:44 . 2013-04-11 09:44 -------- d-----w- c:\users\Dell\AppData\Roaming\Buhl Data Service
2013-04-11 09:44 . 2013-04-11 09:44 -------- d-----w- c:\users\Dell\AppData\Local\Buhl Data Service
2013-04-11 09:43 . 2013-04-11 09:44 -------- d-----w- c:\users\Dell\AppData\Local\Buhl
2013-04-11 09:40 . 2013-04-20 08:03 -------- d-----w- c:\program files (x86)\Steuer 2012
2013-04-11 09:39 . 2013-04-20 08:03 -------- d-----w- c:\programdata\Buhl Data Service GmbH
2013-03-28 13:52 . 2013-03-28 13:52 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-28 13:52 . 2013-03-28 13:52 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-28 13:52 . 2013-03-28 13:52 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-01 17:58 . 2012-06-16 11:15 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-12 19:40 . 2012-05-30 03:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 19:40 . 2012-05-30 03:59 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-11 23:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AviraSpeedup"="c:\program files (x86)\AviraSpeedup\AviraSpeedup.exe" [2012-11-05 4856296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-06 343168]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-28 345312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
"Z1"="c:\users\Dell\Desktop\mbar-1.05.0.1001\mbar\mbar.exe" [2013-04-24 1398856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
3;3 MBAMProtector;MBAMProtector [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-15 86016]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-30 1432400]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-15 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-06 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-03-27 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-03-27 1104208]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-12-03 3143472]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-03-27 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-02-13 95232]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-02-13 747008]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-03-21 60928]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-09-26 12309440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 10615902
*NewlyCreated* - ASWMBR
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - PXLDAPOD
*Deregistered* - 10615902
*Deregistered* - aswMBR
*Deregistered* - pxldapod
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 19:40]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 14:12]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 14:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-26 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-26 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-26 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-15 1935120]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://web.de/
uLocal Page = c:\windows\system32\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\r4y2oheo.default\
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-25 17:11:55
ComboFix-quarantined-files.txt 2013-04-25 15:11
.
Vor Suchlauf: 10 Verzeichnis(se), 354.040.713.216 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 354.709.827.584 Bytes frei
.
- - End Of File - - 26969C688D1DE392A208A9E1AAE40125
|
|
25.04.2013, 21:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zip Anhang mit TR/Roque.957311 geöffnet JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2013, 15:57
| #11 |
| | Zip Anhang mit TR/Roque.957311 geöffnet So, hat alles ohne Fehlermeldung geklappt. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dell on 26.04.2013 at 16:28:30,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Dell\AppData\Roaming\dvdvideosoftiehelpers"
~~~ FireFox
Emptied folder: C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\minidumps [204 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.04.2013 at 16:32:22,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.202 - Datei am 26/04/2013 um 16:35:06 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dell - DELL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dell\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Dell\AppData\Roaming\DesktopIconForAmazon
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\OCS
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\r4y2oheo.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [902 octets] - [26/04/2013 16:35:06]
########## EOF - C:\AdwCleaner[S1].txt - [961 octets] ##########
Code:
ATTFilter OTL logfile created on: 26.04.2013 16:42:59 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,09% Memory free 7,82 Gb Paging File | 5,88 Gb Available in Paging File | 75,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 330,32 Gb Free Space | 74,04% Space Free | Partition Type: NTFS Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dell\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) PRC - C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe () PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.) PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (mi-raysat_3dsmax2013_64) -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe () SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.) SRV - (RoxWatch12) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\..\SearchScopes\{3D66E81A-7403-4C61-B2B7-2245EB226AAB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA5%7D:1.5.5 FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012.05.30 06:42:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 16:54:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 16:54:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.17 10:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Extensions [2013.02.14 18:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Firefox\Profiles\r4y2oheo.default\extensions [2013.01.03 20:26:08 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Dell\AppData\Roaming\mozilla\Firefox\Profiles\r4y2oheo.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.09.27 16:50:04 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2013.02.14 18:55:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.12 16:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 16:54:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 18:11:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.25 17:09:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1716932777-2091039190-360034761-1000..\Run: [AviraSpeedup] C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe (Avira) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O7 - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F154892-42A4-4EBD-AEDB-3D39BD955A2B}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.26 16:31:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.26 16:28:27 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013.04.26 16:28:16 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.26 16:23:45 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dell\Desktop\JRT.exe [2013.04.25 17:11:57 | 000,000,000 | ---D | C] -- C:\windows\temp [2013.04.25 17:02:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.04.25 17:02:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.04.25 17:02:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.04.25 17:02:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.25 17:01:48 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.04.25 16:58:59 | 005,059,017 | R--- | C] (Swearware) -- C:\Users\Dell\Desktop\ComboFix.exe [2013.04.24 16:52:00 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dell\Desktop\tdsskiller.exe [2013.04.24 16:36:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Dell\Desktop\aswMBR.exe [2013.04.24 16:21:44 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\mbar-1.05.0.1001 [2013.04.22 16:10:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe [2013.04.22 14:09:53 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Malwarebytes [2013.04.22 14:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.22 14:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.22 14:09:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.04.22 14:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.22 14:08:45 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Programs [2013.04.22 13:42:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2013.04.22 13:42:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013.04.22 13:42:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013.04.22 13:42:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2013.04.22 13:42:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2013.04.22 13:42:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.04.22 13:42:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2013.04.22 13:42:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2013.04.22 13:42:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.04.22 13:42:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2013.04.22 13:42:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2013.04.22 13:42:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2013.04.22 13:42:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.04.22 13:42:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.04.22 13:42:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2013.04.22 13:41:48 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys [2013.04.22 13:41:16 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2013.04.22 13:41:15 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2013.04.22 13:41:15 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2013.04.22 13:41:15 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe [2013.04.22 13:41:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll [2013.04.22 13:41:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll [2013.04.12 16:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.11 11:44:58 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Buhl Data Service [2013.04.11 11:44:56 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Buhl Data Service [2013.04.11 11:43:48 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Buhl [2013.04.11 11:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2012 [2013.04.11 11:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steuer 2012 [2013.04.11 11:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2013.03.28 15:52:59 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.03.28 15:52:59 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.03.28 15:52:59 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys ========== Files - Modified Within 30 Days ========== [2013.04.26 16:45:26 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 16:45:26 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 16:42:36 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.04.26 16:42:36 | 000,696,870 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.04.26 16:42:36 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.04.26 16:42:36 | 000,148,134 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.04.26 16:42:36 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.04.26 16:39:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.04.26 16:38:00 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.26 16:37:49 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.26 16:37:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.04.26 16:36:49 | 3148,214,272 | -HS- | M] () -- C:\hiberfil.sys [2013.04.26 16:26:50 | 000,619,461 | ---- | M] () -- C:\Users\Dell\Desktop\adwcleaner.exe [2013.04.26 16:23:54 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dell\Desktop\JRT.exe [2013.04.25 17:09:36 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013.04.25 16:59:23 | 005,059,017 | R--- | M] (Swearware) -- C:\Users\Dell\Desktop\ComboFix.exe [2013.04.24 16:52:04 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dell\Desktop\tdsskiller.exe [2013.04.24 16:49:25 | 000,000,512 | ---- | M] () -- C:\Users\Dell\Desktop\MBR.dat [2013.04.24 16:38:10 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Dell\Desktop\aswMBR.exe [2013.04.22 16:14:05 | 000,000,000 | ---- | M] () -- C:\Users\Dell\defogger_reenable [2013.04.22 16:12:01 | 000,377,856 | ---- | M] () -- C:\Users\Dell\Desktop\gmer_2.1.19163.exe [2013.04.22 16:10:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe [2013.04.22 16:09:36 | 000,050,477 | ---- | M] () -- C:\Users\Dell\Desktop\Defogger.exe [2013.04.22 14:09:37 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.22 13:49:30 | 000,456,864 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.04.20 10:03:53 | 000,000,590 | ---- | M] () -- C:\windows\wiso.ini [2013.04.14 19:42:26 | 000,025,043 | ---- | M] () -- C:\Users\Dell\Desktop\heidelberg.odt [2013.04.11 11:43:46 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2012.lnk [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.03.30 20:00:34 | 000,020,696 | ---- | M] () -- C:\Users\Dell\Desktop\Zählerstände.ods [2013.03.28 15:52:46 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.03.28 15:52:46 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.03.28 15:52:46 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2013.04.26 16:26:45 | 000,619,461 | ---- | C] () -- C:\Users\Dell\Desktop\adwcleaner.exe [2013.04.25 17:02:15 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.04.25 17:02:15 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.04.25 17:02:15 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.04.25 17:02:15 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.04.25 17:02:15 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.04.24 16:49:25 | 000,000,512 | ---- | C] () -- C:\Users\Dell\Desktop\MBR.dat [2013.04.22 16:14:05 | 000,000,000 | ---- | C] () -- C:\Users\Dell\defogger_reenable [2013.04.22 16:12:00 | 000,377,856 | ---- | C] () -- C:\Users\Dell\Desktop\gmer_2.1.19163.exe [2013.04.22 16:09:34 | 000,050,477 | ---- | C] () -- C:\Users\Dell\Desktop\Defogger.exe [2013.04.22 14:09:37 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.11 11:43:49 | 000,000,590 | ---- | C] () -- C:\windows\wiso.ini [2013.04.11 11:43:46 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2012.lnk [2013.03.06 19:16:39 | 000,007,602 | ---- | C] () -- C:\Users\Dell\AppData\Local\Resmon.ResmonCfg [2012.11.30 14:52:04 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.07.10 16:33:14 | 000,003,584 | ---- | C] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.16 20:55:58 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll [2012.05.30 08:21:42 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2012.05.30 08:21:20 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.05.30 08:21:20 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.05.30 08:21:19 | 013,903,360 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2012.05.30 08:21:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2012.05.30 08:21:19 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.05.30 08:21:18 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2012.05.30 06:11:06 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012.05.30 06:04:16 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat [2012.05.30 05:59:04 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2012.02.26 14:02:17 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini [2012.02.26 14:02:12 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini [2012.02.26 14:02:12 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini [2012.02.26 14:02:12 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini [2012.02.26 14:02:12 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini [2012.02.26 14:02:12 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini [2012.02.26 14:02:12 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini [2012.02.26 14:02:12 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini [2012.02.26 12:54:12 | 001,590,378 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.11.06 05:29:16 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.04.2013 16:42:59 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,09% Memory free
7,82 Gb Paging File | 5,88 Gb Available in Paging File | 75,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 330,32 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1716932777-2091039190-360034761-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BC8C789-F3B9-42A7-AAA6-1D69A661269A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{117D4677-D8EA-40B9-9180-9DFE17E91E85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1283A4DE-C313-4FAE-8042-7AA23B10431F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3132D0E6-A733-49BC-B081-C12E3CF44337}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{422AD37F-6FB6-4A23-9143-66B94919174E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A927413-5148-4029-9BA8-4C4976D23A58}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E2AC7C0-314A-4CBB-8ED4-A99C25B52808}" = rport=445 | protocol=6 | dir=out | app=system |
"{6A463D46-71C3-4A78-8AC7-35A2CC31BAD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F4D462D-1D33-4CB6-B63E-5679FEC30FE0}" = rport=137 | protocol=17 | dir=out | app=system |
"{71A9AA7A-567E-4B17-AEE3-FF6D6E14A1E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73B69D36-F0CF-465B-8CD3-2B677787F9AA}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{7681E210-3CD1-424A-971E-A41B0F9B9356}" = rport=139 | protocol=6 | dir=out | app=system |
"{7885BFAC-FE6F-43AA-9699-FA9FA0236AFD}" = lport=137 | protocol=17 | dir=in | app=system |
"{87FF8E46-5005-4CD4-AF8C-60B052C46BCE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{93F40161-FDDB-40BA-BF13-AD118786C601}" = lport=138 | protocol=17 | dir=in | app=system |
"{AC8E7156-242B-4CE3-83E7-CC12549F7371}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AFC544BD-0F6D-4245-A929-572A79FF0021}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B98ACCCB-7D1E-40A5-A7C3-986B1AB2B90F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB194FCB-6B84-4C74-BB34-B63B164E86AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C7963706-CC40-4CDE-AB91-8E9E3AFC7ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D864C982-D7A7-423D-BE77-679B471DFD69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA369F9F-05F8-47FF-94CE-FF2436AEAC64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DA554FFE-A00F-48E5-AD8B-B6E591FF2653}" = lport=445 | protocol=6 | dir=in | app=system |
"{DBBA19C4-AAD1-4340-8AA9-40F2838247DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{DDC0E055-B74A-459E-A1D4-4A08A737DFE7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F2090B15-0FB2-4573-B3F3-8D90064EA90F}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00157835-4941-4EDB-8FAF-48333FECC051}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{089018CE-FF27-43BF-B037-1273B7895A29}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0AA2009F-B8EE-4B08-9C8E-F433E19D82F9}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{1512C413-38C8-48A0-941C-3E3A0EBBF388}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1AAEA8AE-A448-45C3-9C9D-DB207041D598}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2326A654-26EE-4E86-A1BD-D11B14090837}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{2405D26C-B145-47F2-BF2A-35B8A0B18359}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{28E1CA45-4F9E-46C2-9B78-B0CE7382561C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3221953B-4AC8-43E7-B7D3-817741E20375}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{396B2D02-7495-401D-9637-BB3924CDB0A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40499D98-55AB-4E3D-9C58-B7042B070CCE}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{4677DA17-B9B5-4014-8D7B-A3242B684C71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{480F099C-A9A3-41FC-A4AA-42C90B130D72}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"{495D5EA1-01AC-493E-B677-50EBAEE462D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4E89CE42-6345-4329-8991-B0A2033A332D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F754371-9F94-4033-AEF1-EC696EF4AB17}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{578A1964-18F1-4488-A012-9E11B4DD9129}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe |
"{5A1F8F06-97B7-440A-8616-8B298FC5AB28}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{5CAE8FE3-0095-48C5-9C40-8C9F16EA1B95}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FC3C365-CB61-45BB-8585-88F851C1CD37}" = protocol=6 | dir=out | app=system |
"{621E5781-1769-46D0-AC65-2401415A6C9D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{62B95C17-DAB1-4428-AF74-E58F22D5A403}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{6E478732-72C8-4450-A005-E17C2C207CF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EE865C4-0FD7-4601-81A4-834C3AE7ABAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8DB2F86C-285B-4558-8F91-30545D4342D6}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe |
"{9ED8876C-4BB5-4549-9792-980F9D56316B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9F940E32-A58B-45B6-BF2B-3052DCBDD479}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A74FC99D-F505-4F8C-8218-EE719E1AD753}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{A7BDAB15-4005-4C7C-BCB7-F4FA26F0D3C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA6BE318-9614-4B26-93A0-3B46F6811818}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE572531-9E61-431A-AD62-6C9E9BC9B489}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"{B4CC58E6-4937-42CE-B8E8-82D4EB0258A1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{BCEAC1C3-271C-40DF-9DE9-6E0C2105C738}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{C3DCD12D-B304-49D5-9754-AF9D45442D84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA9AC0A5-9D62-46D5-9143-05512F089DA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D62675CA-48EA-49A1-BC8B-F0D0895AE209}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE9C3BF7-C818-4B00-A5D3-7A94271B3BFC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{F2DAEBC7-7A4A-4000-9601-58FABD8A153F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F8C24C10-FDCB-483A-B03F-79FACE294038}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{036983CC-5AA7-F67F-A0AC-E2A9395BAE1E}" = ccc-utility64
"{06388E0D-A364-478B-8E40-7D76142A8DF5}" = Autodesk Workflows - Product Design Suite 2013
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{07DC9A9D-1793-4EB4-AC1A-70750F9FB72B}" = Autodesk Navisworks Simulate 2013 - 2009 DWG File Reader
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0C821839-EA2A-48C2-BBD5-2B3D28159BC0}" = Autodesk Mudbox 2013 64-bit
"{0D53A298-B2B7-4746-BB92-B757A6E559C3}" = Autodesk Navisworks Simulate 2013 - 2010 DWG File Reader
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{107CB1E9-DDA9-40B5-8A6D-325361402200}" = Autodesk Navisworks Simulate 2013 - 2011 DWG File Reader
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel(R) PROSet/Wireless WiFi-Software
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{3CB60177-D3D2-4E9C-BE4D-8372B34B4C7F}" = Autodesk SketchBook Designer 2013
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F744A9A-3067-4605-8864-DA1658059F0B}" = Autodesk Navisworks Simulate 2013 - 2008 DWG File Reader
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{56BAC4EE-B1DA-42A7-ACA5-7A353F2ED1DA}" = Validity Sensors DDK
"{5783F2D7-B005-0000-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 Language Pack - Deutsch (German)
"{5783F2D7-B005-0407-2102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B007-0407-0102-0060B0CE6BBA}" = AutoCAD Electrical 2013 - Deutsch (German)
"{5783F2D7-B007-0407-1102-0060B0CE6BBA}" = AutoCAD Electrical 2013 Language Pack - Deutsch
"{5783F2D7-B007-0407-2102-0060B0CE6BBA}" = AutoCAD Electrical 2013
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{5AF0B1A8-1EF7-0FF7-5504-4983FB76F914}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62CBE596-1BB8-4D7B-A056-103287BAD1C4}" = Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7B42AD25-3D13-4422-A445-F5E18BD963FC}" = Autodesk SketchBook Designer for AutoCAD 2013
"{7D65612F-53B4-0409-85AA-21DF5A8E9455}" = Autodesk 3ds Max Design 2013 64-bit
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor 2013 Language Pack - Deutsch (German)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion Plugin for AutoCAD 2013
"{84A6C8C6-0000-0264-0002-83487CD4C147}" = Autodesk Product Design Suite Premium 2013
"{84A6C8C6-0010-0264-0002-83487CD4C147}" = Autodesk Product Design Suite 2013 Language Pack
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{907A3175-B78E-0407-A98B-0A97BDE8A59C}" = Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch
"{90A2F9D3-3E5E-4EF4-BC83-E7795CEF1A42}" = Autodesk Navisworks Simulate 2013 - 2012 DWG File Reader
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A15BFC7D-6A90-47E6-8C6E-D51B2929D8C8}" = Autodesk Showcase 2013 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{BC66B242-DF13-1664-851B-00123612ED98}" = Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{CBED6FC7-FB20-4920-AA80-3D6F3459F902}" = Autodesk Navisworks Simulate 2013 - 2013 DWG File Reader
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{CFAD9B91-391E-8337-859E-B14918E9ABB3}" = AMD AVIVO64 Codecs
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D28EFBA5-1764-4B79-946A-000BE950E8E2}" = Autodesk Product Design Suite 2013 Schnelle Deinstallation
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DE7FFE23-D092-5379-B83C-0E27FF07E329}" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F17E30E2-7ED4-0000-8A8E-CAB597E3F8ED}" = Autodesk Navisworks Simulate 2013
"{F17E30E2-7ED4-0407-8A8E-CAB597E3F8ED}" = Autodesk Navisworks Simulate 2013 Language Pack - Deutsch
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"AutoCAD Electrical 2013 - Deutsch (German)" = AutoCAD Electrical 2013 - Deutsch (German)
"AutoCAD Mechanical 2013 - Deutsch (German)" = AutoCAD Mechanical 2013 - Deutsch (German)
"Autodesk 3ds Max Design 2013 64-bit" = Autodesk 3ds Max Design 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit
"Autodesk Inventor 2013" = Autodesk Inventor 2013 Deutsch (German)
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion Plugin for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Autodesk Mudbox 2013 64-bit" = Autodesk Mudbox 2013 64-bit
"Autodesk Navisworks 2013 64 bit Exporter Plug-ins" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins
"Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch" = Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch
"Autodesk Navisworks Simulate 2013" = Autodesk Navisworks Simulate 2013
"Autodesk Navisworks Simulate 2013 Language Pack - Deutsch" = Autodesk Navisworks Simulate 2013 Language Pack - Deutsch
"Autodesk Product Design Suite Premium 2013" = Autodesk Product Design Suite Premium 2013
"Autodesk Showcase 2013 64-bit" = Autodesk Showcase 2013 64-bit
"Autodesk SketchBook Designer 2013" = Autodesk SketchBook Designer 2013
"Autodesk SketchBook Designer for AutoCAD 2013" = Autodesk SketchBook Designer for AutoCAD 2013
"DWG TrueView 2013" = DWG TrueView 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{12867B14-03B1-5FEA-B987-9508DBB92A51}" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{249A3D8F-FE03-374E-BFB2-ED3B1FF072C6}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34CB9121-4C52-7854-5E6B-30C00F603782}" = CCC Help Chinese Traditional
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EF2FD37-A6AF-030E-5140-6D64264CB0CC}" = CCC Help Swedish
"{4614113D-DB85-EBE8-C550-52D5134A25E5}" = Catalyst Control Center
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5CD64D9F-9525-4CED-34F9-CD600D486A7B}" = CCC Help Russian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60D2D550-6DA4-E943-592A-B71B577767A6}" = PX Profile Update
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E469237-BA9E-DF10-9DE1-1BC649DEDC01}" = Catalyst Control Center InstallProxy
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70E3E97D-726D-B60E-B776-AC3200A870F3}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{7E30BC50-4F89-1E78-BE14-13395A356BE7}" = CCC Help Dutch
"{7EC2E893-73FC-6AEA-F8C6-A7C74C541C73}" = CCC Help French
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84D61D1B-4F89-D6B1-79B9-FA390A9B05F5}" = CCC Help Japanese
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8754105B-2BEF-0407-83F9-573C69BB204F}" = Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5921F0-8370-171D-D0D1-C83A7BD17400}" = CCC Help Danish
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9669EB2-B188-2D11-1562-BBB7BF0342E9}" = CCC Help Italian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5E44903-EE08-4B97-9A0F-08E2E1AAACF5}" = PowerXpressHybrid
"{BB531F76-F03F-B6DC-B740-830B46A60616}" = Catalyst Control Center Profiles Mobile
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7755E3B-57EF-ADF8-A112-85C14D0388D0}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB89DE9-C8FD-4D33-986A-DBDEC5309378}" = Catalyst Control Center - Branding
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2643DB8-3102-A67F-E1C0-4292FACC3637}" = CCC Help Portuguese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF86FC7A-4065-D2D2-99FB-E86E8CB9D64E}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBEA3B88-360E-858B-53F5-1948FF0466D9}" = CCC Help German
"{ED18994D-D12A-CD81-D1B9-C8844B5654BB}" = CCC Help Chinese Standard
"{ED3264CD-DF55-ECEE-9ED6-C85BAD78512F}" = CCC Help Finnish
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F13E6A6E-95B7-0352-2292-AAADF81FC560}" = CCC Help English
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}" = Autodesk Civil View for 3ds Max Design 2013
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Navisworks 2013 32 bit Exporter Plug-ins" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins
"Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch" = Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviraSpeedup" = Avira System Speedup
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Dell Webcam Central" = Dell Webcam Central
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.04.2013 10:37:46 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =
< End of report >
|
|
26.04.2013, 16:23
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zip Anhang mit TR/Roque.957311 geöffnet Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2013, 10:50
| #13 |
| | Zip Anhang mit TR/Roque.957311 geöffnet Malwarebites hab ich versehentlich einen kompett-Scan gemacht. Hier das Log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.26.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dell :: DELL-PC [Administrator] Schutz: Deaktiviert 26.04.2013 22:20:23 mbam-log-2013-04-26 (22-20-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 492610 Laufzeit: 1 Stunde(n), 9 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fbcf97834bccf74387773be2bf62a188
# engine=13707
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-27 09:45:20
# local_time=2013-04-27 11:45:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 48464 232475610 356 0
# compatibility_mode=5893 16776573 100 94 424330 118685770 0 0
# scanned=300581
# found=0
# cleaned=0
# scan_time=7188
|
|
27.04.2013, 17:05
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zip Anhang mit TR/Roque.957311 geöffnet Komplettscan mit Malwarebytes schadet nicht ist nur sehr oft unnötigSieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2013, 10:12
| #15 |
| | Zip Anhang mit TR/Roque.957311 geöffnet Der Rechner läuft soweit einwandfrei, keine weiteren Funde Die Host-Datei hab ich mal aufgespielt, Danke für den Tipp. Jetzt kann ich ja mein Desktop wieder aufräumen, in der Hoffnung, dass ich die ganzen Helferlein so schnell nicht mehr brauche... Die erste Amtshandlung mit dem nun sauberen PC wird eine Online-Überweisung ans TB sein. Vielen Dank! |
|
| Themen zu Zip Anhang mit TR/Roque.957311 geöffnet |
| 32 bit, antivir, autorun, avira, bho, converter, error, fehler, firefox, flash player, format, helper, home, igdpmd64.sys, install.exe, logfile, monitor.exe, mozilla, mp3, ntdll.dll, plug-in, realtek, registry, rundll, scan, software, spam, svchost.exe, system, usb, windows |
Linear-Darstellung
