Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.05.2013, 21:37   #1
MadLeo
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Hallo zusammen,

auf einmal werden von meiner GMX-Emailadresse Spam Mails versendet. Ich vermute daher, dass mein PC oder ein anderes Gerät, mit dem ich meine Emails abrufe, Teil eines Bot netzes geworden ist. Neben meinem Windows-PC greife ich über ein iPhone und ein iPad auf das GMX Konto zu. Könnten die i-Geräte auch infiziert sein oder ist das auszuschließen?

Die Email sieht wie folgt aus:
Code:
ATTFilter
Delivered-To: EMPFAENGER@gmail.com
Received: by 10.14.126.133 with SMTP id b5csp132563eei;
        Tue, 30 Apr 2013 17:09:17 -0700 (PDT)
X-Received: by 10.15.27.195 with SMTP id p43mr1612485eeu.8.1367366956228;
        Tue, 30 Apr 2013 17:09:16 -0700 (PDT)
Return-Path: <ABSENDER@gmx.de>
Received: from mout.gmx.net (mout.gmx.net. [212.227.15.19])
        by mx.google.com with ESMTP id z5si645481eee.228.2013.04.30.17.09.15
        for <EMPFAENGER@gmail.com>;
        Tue, 30 Apr 2013 17:09:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of ABSENDER@gmx.de designates 212.227.15.19 as permitted sender) client-ip=212.227.15.19;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ABSENDER@gmx.de designates 212.227.15.19 as permitted sender) smtp.mail=ABSENDER@gmx.de
Message-Id: <51805d2c.05580e0a.2144.5e34SMTPIN_ADDED_MISSING@mx.google.com>
Received: from mailout-de.gmx.net ([10.1.76.16]) by mrigmx.server.lan
 (mrigmx002) with ESMTP (Nemesis) id 0M4USY-1UNTIV1ABI-00ylfa for
 <EMPFAENGER@gmail.com>; Wed, 01 May 2013 02:09:15 +0200
Received: (qmail invoked by alias); 01 May 2013 00:09:14 -0000
Received: from mf95036d0.tmodns.net (EHLO localhost) [208.54.80.249]
  by mail.gmx.net (mp016) with SMTP; 01 May 2013 02:09:14 +0200
X-Authenticated: #15878213
X-Provags-ID: V01U2FsdGVkX1+yhGgIkd6yCCB8t9g8RAI8AIEkdH43WweA8Y246U
	9f4ccaKBy1jh76
Date: Thu,  4 Apr 2013 00:06:38 +0100
From: ABSENDERNAME= <ABSENDER@gmx.de>
To: Leo  <EMPFAENGER@gmail.com>
Subject: Fwd:
Content-Type: text/plain;
X-Y-GMX-Trusted: 0

hxxp://arc2.dominiotemporario.com/d8ikqh.php
         
Ähnliche Mails sind an mein gesamtes Adressbuch gegangen. Ich finde an der email auffällig, dass Daten vom 4 April bis zum 1 May darin vorkommen. Allerdings verstehe ich zu wenig davon um irgendwas genaueres daraus zu lesen.

Es kann ja auch sein, dass jemand das Passwort meines Emailaccounts geknackt hat, und so die Mails verschickt hat, oder? Sicherheitshalber habe ich mein Kennwort bereits geändert.
Kann man irgendwie rausfinden, worüber und wann diese Mails verschickt wurden?

Auf dem PC habe ich eben mal den DE-Cleaner laufen lassen. Dieser hat in der Datei namens

IE10-Windows6.1-KB2718695-x64[1].cab

den Fund

TR/Crypt.XPACK.Gen3

gemeldet.

Allerdings steht dazu im Logfile "Bei diesem Fund handelt es sich aller Wahrscheinlichkeit nach um eine Fehlmeldung."

Habt ihr Vorschläge für ein weiteres Vorgehen?

Danke im Voraus!

Alt 07.05.2013, 11:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 07.05.2013, 12:51   #3
MadLeo
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Hallo und danke für deine Antwort!

Mittlerweile habe ich vollständige Scans mit mit Antivir und Malwarebytes durchgeführt. Beides ohne Funde.
__________________

Alt 07.05.2013, 14:03   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Zitat:
Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
Warum überliest das eigentlich hier fast jeder?!
Du solltest noch keine neuen Scans machen, ich frage nach schon vorhandenen Funde, siehe verlinkten Artikel
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.05.2013, 14:42   #5
MadLeo
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Entschuldige bitte! Diese Scans hatte ich gestern nach dem Posten und vor deiner Antwort getätigt. Ich weiß deine Hilfe zu schätzen und vorsuche dir so gut es geht Infos zu liefern! Alte Scans habe ich leider keine. Bin vor diesem Problem einfach nicht auf die Idee gekommen zu scannen und bei den routinescans von Antivir wurde nie etwas gefunden.


Alt 07.05.2013, 15:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
--> Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com

Alt 07.05.2013, 15:31   #7
MadLeo
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Ok, mache ich heute Abend wenn ich nach Hause komme!

Denkst du denn generell, dass wir iPhone und iPad als Quelle der Spam-Mails ausschließen können und somit nur der PC oder das emailkonto direkt in Frage kommen?

Alt 07.05.2013, 15:34   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Ohne Logs lässt sich garnix sagen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.05.2013, 12:01   #9
MadLeo
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Hallo cosinus,

tschuldige, dass ich erst jetzt poste. Hoffe das dämpft dich nicht in deiner Hilfsbereitschaft!

Hier sind die OTL Logs:

Code:
ATTFilter
OTL logfile created on: 5/10/2013 3:18:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\UserX\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 48.11% Memory free
7.78 Gb Paging File | 5.54 Gb Available in Paging File | 71.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92.95 Gb Total Space | 17.61 Gb Free Space | 18.95% Space Free | Partition Type: NTFS
 
Computer Name: UserX-PC | User Name: UserX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\UserX\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\UserX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\QtdSync\QtdSync.exe (Thomas Döring)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (ISCTAgent) -- c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor9.0) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cymfltrService) -- C:\Windows\SysNative\drivers\cymfltr.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (cykbfltrService) -- C:\Windows\SysNative\drivers\cykbfltr.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (cyhid) -- C:\Windows\SysNative\drivers\cyhid.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic)
DRV:64bit: - (FLxHCIh) -- C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (EvoMouseDriverFilterHidUsb) -- C:\Windows\SysNative\drivers\EvoMouseDriverFilterHidUsb.sys (Evoluent)
DRV:64bit: - (EvoMouseDriverMini) -- C:\Windows\SysNative\drivers\EvoMouseDriverMini.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (AX88178) -- C:\Windows\SysNative\drivers\ax88178.sys (ASIX Electronics Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision )
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A84FE0EA-997E-45E8-B6DC-908BDA3C3205}
IE:64bit: - HKLM\..\SearchScopes\{A84FE0EA-997E-45E8-B6DC-908BDA3C3205}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {A84FE0EA-997E-45E8-B6DC-908BDA3C3205}
IE - HKLM\..\SearchScopes\{A84FE0EA-997E-45E8-B6DC-908BDA3C3205}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1751555800-720010317-3298505323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1751555800-720010317-3298505323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1751555800-720010317-3298505323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1751555800-720010317-3298505323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1751555800-720010317-3298505323-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1751555800-720010317-3298505323-1000\..\SearchScopes,DefaultScope = {A84FE0EA-997E-45E8-B6DC-908BDA3C3205}
IE - HKU\S-1-5-21-1751555800-720010317-3298505323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1751555800-720010317-3298505323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.8.307
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\UserX\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\UserX\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 10:27:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 10:27:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/11/26 20:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserX\AppData\Roaming\Mozilla\Extensions
[2012/11/26 20:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserX\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/05/10 14:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserX\AppData\Roaming\Mozilla\Firefox\Profiles\suxb1j6v.default\extensions
[2013/04/13 11:14:13 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\UserX\AppData\Roaming\Mozilla\Firefox\Profiles\suxb1j6v.default\extensions\donottrackplus@abine.com
[2013/05/10 14:30:57 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\UserX\AppData\Roaming\Mozilla\Firefox\Profiles\suxb1j6v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/07 02:06:18 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\UserX\AppData\Roaming\Mozilla\Firefox\Profiles\suxb1j6v.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
[2013/05/06 13:26:38 | 000,001,050 | ---- | M] () -- C:\Users\UserX\AppData\Roaming\Mozilla\Firefox\Profiles\suxb1j6v.default\searchplugins\11-suche.xml
[2013/05/06 13:26:38 | 000,002,418 | ---- | M] () -- C:\Users\UserX\AppData\Roaming\Mozilla\Firefox\Profiles\suxb1j6v.default\searchplugins\englische-ergebnisse.xml
[2013/05/06 13:26:38 | 000,010,701 | ---- | M] () -- C:\Users\UserX\AppData\Roaming\Mozilla\Firefox\Profiles\suxb1j6v.default\searchplugins\gmx-suche.xml
[2013/05/06 13:26:38 | 000,002,432 | ---- | M] () -- C:\Users\UserX\AppData\Roaming\Mozilla\Firefox\Profiles\suxb1j6v.default\searchplugins\lastminute.xml
[2013/05/06 13:26:38 | 000,005,682 | ---- | M] () -- C:\Users\UserX\AppData\Roaming\Mozilla\Firefox\Profiles\suxb1j6v.default\searchplugins\webde-suche.xml
[2013/04/13 10:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/13 10:27:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/13 10:27:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/02/16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/02/16 06:15:47 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2013/02/16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/02/16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/02/16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\UserX\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\UserX\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\UserX\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\UserX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\UserX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\UserX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Vanilla Cookie Manager = C:\Users\UserX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj\1.3.1_0\
CHR - Extension: AdBlock = C:\Users\UserX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Disconnect = C:\Users\UserX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\4.2.0_0\
CHR - Extension: Google Mail = C:\Users\UserX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe (Cypress Semiconductor, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1751555800-720010317-3298505323-1000..\Run: [Google Update] C:\Users\UserX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1751555800-720010317-3298505323-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1751555800-720010317-3298505323-1000..\Run: [QtdSync] C:\Program Files (x86)\QtdSync\QtdSyncMonitor.exe (Thomas Döring)
O4 - HKU\S-1-5-21-1751555800-720010317-3298505323-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\UserX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\UserX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8E2D0EC-4121-45E1-AA78-ED044D18E4F6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB1B0DDF-3D95-434F-9FC6-C9AC8077F384}: DhcpNameServer = 13.35.0.102
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/07 15:37:17 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/05/07 00:33:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/05/06 23:00:50 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/06 22:54:42 | 000,000,000 | ---D | C] -- C:\Users\UserX\AppData\Roaming\Malwarebytes
[2013/05/06 22:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/06 22:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/06 22:54:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/06 22:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/06 22:54:12 | 000,000,000 | ---D | C] -- C:\Users\UserX\AppData\Local\Programs
[2013/05/06 22:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/05/06 15:15:29 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/06 15:15:29 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/06 15:15:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/06 15:15:29 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/05/06 15:15:29 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/05/06 15:15:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/05/06 15:15:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/05/06 15:15:29 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/05/06 15:15:29 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/06 15:15:29 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/05/06 15:15:29 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/05/06 15:15:29 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/05/06 15:15:29 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/06 15:15:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/06 15:15:29 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/05/06 15:15:29 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/05/06 15:15:28 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/06 15:15:28 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/06 15:15:28 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/06 15:15:28 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/05/06 15:15:28 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/05/06 15:15:28 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/05/06 15:15:28 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/06 15:15:28 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/05/06 15:15:28 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/05/06 15:15:28 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/06 15:15:28 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/06 15:15:28 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/06 15:15:28 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/05/06 15:15:28 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/05/06 15:15:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/06 15:15:28 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/05/06 15:15:28 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/05/06 15:15:28 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/06 15:15:28 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/06 15:15:28 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/05/06 15:15:28 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/05/06 15:15:28 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/06 15:15:28 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/05/06 15:15:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/05/06 15:15:28 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/05/06 15:15:28 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/06 15:15:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/05/06 15:15:28 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/05/06 15:15:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/05/06 15:15:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/06 15:15:28 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/05/06 15:15:28 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/06 15:15:28 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/05/06 15:15:28 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/06 15:15:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/05/06 15:15:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/05/06 15:15:28 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/06 15:15:28 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/05/06 15:15:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/06 15:15:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/05/06 15:15:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/05/06 15:15:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/06 15:15:28 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/06 15:15:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/05/06 15:15:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/05/06 15:15:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/05/06 15:15:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/06 15:15:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/06 15:15:28 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/05/06 15:15:28 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/05/06 15:15:28 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/05/06 15:15:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/04/14 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\UserX\Documents\Tax 2012
[2013/04/13 23:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QtdSync
[2013/04/13 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QtdSync
[2013/04/13 10:29:56 | 000,000,000 | ---D | C] -- C:\LGP880
[2013/04/13 10:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/13 10:20:55 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr90.dll
[2013/04/13 10:20:55 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp90.dll
[2013/04/13 10:20:55 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcm90.dll
[2013/04/13 10:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
[2013/04/13 10:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2013/04/11 15:59:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/04/11 10:12:39 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/11 10:12:39 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/11 10:12:39 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/11 10:12:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/11 10:12:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/11 10:12:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/11 10:12:36 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/11 10:12:36 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/11 10:12:36 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/11 10:12:36 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/11 10:12:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/11 10:12:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/10 15:13:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1751555800-720010317-3298505323-1000UA.job
[2013/05/10 15:13:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1751555800-720010317-3298505323-1000Core.job
[2013/05/10 15:01:59 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/10 15:01:59 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/10 14:59:10 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/10 14:59:10 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/10 14:59:10 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/10 14:55:10 | 000,000,383 | ---- | M] () -- C:\Users\UserX\qtdsync.xml
[2013/05/10 14:55:10 | 000,000,127 | ---- | M] () -- C:\Users\UserX\qtdsyncmonitor.xml
[2013/05/10 14:54:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/10 14:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/07 15:37:06 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/05/07 00:33:22 | 584,643,782 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/06 22:00:58 | 000,002,027 | ---- | M] () -- C:\Users\UserX\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013/05/06 22:00:58 | 000,001,956 | ---- | M] () -- C:\Users\UserX\Desktop\Avira DE-Cleaner.lnk
[2013/05/06 15:15:29 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/06 15:15:29 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/06 15:15:29 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/06 15:15:29 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/05/06 15:15:29 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/05/06 15:15:29 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/05/06 15:15:29 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/05/06 15:15:29 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/05/06 15:15:29 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/06 15:15:29 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/05/06 15:15:29 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/05/06 15:15:29 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/05/06 15:15:29 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/06 15:15:29 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/06 15:15:29 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/05/06 15:15:29 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/05/06 15:15:28 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/06 15:15:28 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/06 15:15:28 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/06 15:15:28 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/05/06 15:15:28 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/05/06 15:15:28 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/05/06 15:15:28 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/06 15:15:28 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/05/06 15:15:28 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/05/06 15:15:28 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/06 15:15:28 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/06 15:15:28 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/06 15:15:28 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/05/06 15:15:28 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/05/06 15:15:28 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/06 15:15:28 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/05/06 15:15:28 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/05/06 15:15:28 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/06 15:15:28 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/06 15:15:28 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/05/06 15:15:28 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/05/06 15:15:28 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/06 15:15:28 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/05/06 15:15:28 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/05/06 15:15:28 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/05/06 15:15:28 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/06 15:15:28 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/05/06 15:15:28 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/05/06 15:15:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/05/06 15:15:28 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/06 15:15:28 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/05/06 15:15:28 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/06 15:15:28 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/05/06 15:15:28 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/06 15:15:28 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/05/06 15:15:28 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/05/06 15:15:28 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/06 15:15:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/05/06 15:15:28 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/06 15:15:28 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/05/06 15:15:28 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/05/06 15:15:28 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/06 15:15:28 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/06 15:15:28 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/05/06 15:15:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/05/06 15:15:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/05/06 15:15:28 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/06 15:15:28 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/06 15:15:28 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/05/06 15:15:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/06 15:15:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/06 15:15:28 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/05/06 15:15:28 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/05/06 15:15:28 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/04/26 10:17:53 | 000,224,355 | ---- | M] () -- C:\Users\UserX\Documents\Deutscher Lebenslauf neu.pdf
[2013/04/13 10:32:55 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013/04/11 15:54:08 | 000,415,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/11 14:36:58 | 000,001,014 | ---- | M] () -- C:\Users\UserX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/11 14:36:51 | 000,000,984 | ---- | M] () -- C:\Users\UserX\Desktop\Dropbox.lnk
[2013/04/11 14:28:32 | 000,007,168 | ---- | M] () -- C:\Users\UserX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2013/05/06 22:00:58 | 000,002,027 | ---- | C] () -- C:\Users\UserX\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013/05/06 22:00:58 | 000,001,956 | ---- | C] () -- C:\Users\UserX\Desktop\Avira DE-Cleaner.lnk
[2013/05/06 15:15:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/06 15:15:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/26 10:17:52 | 000,224,355 | ---- | C] () -- C:\Users\UserX\Documents\Deutscher Lebenslauf neu.pdf
[2013/04/14 00:30:16 | 000,000,127 | ---- | C] () -- C:\Users\UserX\qtdsyncmonitor.xml
[2013/04/13 23:45:19 | 000,000,383 | ---- | C] () -- C:\Users\UserX\qtdsync.xml
[2013/04/13 10:20:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013/04/13 10:20:50 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013/04/11 15:53:31 | 584,643,782 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/04/11 14:26:07 | 000,007,168 | ---- | C] () -- C:\Users\UserX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/14 12:53:32 | 000,001,046 | ---- | C] () -- C:\Users\UserX\Documents - Shortcut.lnk
[2012/12/25 15:38:02 | 000,000,644 | ---- | C] () -- C:\Users\UserX\UserX - Shortcut.lnk
[2012/10/06 00:37:42 | 000,024,019 | ---- | C] () -- C:\Users\UserX\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/06/20 21:32:19 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012/06/01 03:30:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/01 03:30:32 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/01 03:30:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/01 03:30:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/06/01 03:30:26 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/10 14:55:19 | 000,000,000 | ---D | M] -- C:\Users\UserX\AppData\Roaming\Dropbox
[2012/06/12 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\UserX\AppData\Roaming\Fingertapps
[2012/10/08 22:50:11 | 000,000,000 | ---D | M] -- C:\Users\UserX\AppData\Roaming\Garmin
[2012/06/23 18:03:27 | 000,000,000 | ---D | M] -- C:\Users\UserX\AppData\Roaming\PCDr
[2013/05/06 21:36:52 | 000,000,000 | ---D | M] -- C:\Users\UserX\AppData\Roaming\TeamViewer
[2012/11/26 20:35:23 | 000,000,000 | ---D | M] -- C:\Users\UserX\AppData\Roaming\TomTom
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 5/10/2013 3:18:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\UserX\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 48.11% Memory free
7.78 Gb Paging File | 5.54 Gb Available in Paging File | 71.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92.95 Gb Total Space | 17.61 Gb Free Space | 18.95% Space Free | Partition Type: NTFS
 
Computer Name: UserX-PC | User Name: UserX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1751555800-720010317-3298505323-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{358A4067-B67C-4401-83E5-F1D059A08C30}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{762C03D4-E5C9-43BE-A5D1-E0214A1748FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{29CF6099-7894-40AC-8F76-90EB23A66D89}C:\users\UserX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\UserX\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{392E33CB-E515-4E61-8C6E-2480072E057E}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"TCP Query User{A374BE45-EE40-466F-ABD5-9213C002EFE0}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{DBEA9B75-6C9B-42AB-988D-F83C37E1ED4E}C:\users\UserX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\UserX\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{47B0AD90-6AB5-4C74-8A47-B011031293EE}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{5B14FE99-741C-42C7-B2E5-64177D4886A0}C:\users\UserX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\UserX\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{F6B85D10-6C2B-40AE-A7D7-EF9C0E3E711D}C:\users\UserX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\UserX\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0F8F4447-1F0B-4703-9BD5-53F0274CE856}" = Evoluent Mouse Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{39D1D2EA-6F53-4268-B5E8-F78B22049A41}" = Intel(R) Smart Connect Technology 2.0 x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1" = Cypress TrackPad
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D2DB454C-645C-448A-A0B9-B6F6C1D75BA8}" = Garmin Communicator Plugin x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{387B63A5-5016-1015-B06B-A9A1030E3125}" = Intel(R) Identity Protection Technology 1.2.22.0
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{49086A1D-874D-4FBC-906F-EF470C7CE829}" = CK Visitenkarten Designer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}" = Dell Digital Delivery
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}" = Intel(R) WiDi
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Dell Webcam Central" = Dell Webcam Central
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.2.0.802
"Navionics PC App 1.7.4.0" = Navionics PC App-1.7.4.0
"Navionics World 1.2.3" = Navionics World
"Navionics World 1.4.9" = Navionics World
"Navionics World 1.5.1" = Navionics World
"Office14.SingleImage" = Microsoft Office Professional 2010
"Picasa 3" = Picasa 3
"PremElem90" = Adobe Premiere Elements 9
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1751555800-720010317-3298505323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/25/2013 10:06:34 AM | Computer Name = UserX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/25/2013 11:39:11 AM | Computer Name = UserX-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
 Express\CoziExpress.exe".Error in manifest or policy file "" on line .  A component
 version required by the application conflicts with another component version already
 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 3/25/2013 1:00:05 PM | Computer Name = UserX-PC | Source = VSS | ID = 8194
Description = 
 
Error - 3/26/2013 4:52:29 AM | Computer Name = UserX-PC | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 3/26/2013 4:52:30 AM | Computer Name = UserX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/11/2013 4:02:48 AM | Computer Name = UserX-PC | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 4/11/2013 4:02:49 AM | Computer Name = UserX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/11/2013 4:03:27 AM | Computer Name = UserX-PC | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 4/11/2013 4:03:27 AM | Computer Name = UserX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/11/2013 6:30:32 AM | Computer Name = UserX-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
 Express\CoziExpress.exe".Error in manifest or policy file "" on line .  A component
 version required by the application conflicts with another component version already
 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 2/25/2013 12:03:01 PM | Computer Name = UserX-PC | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 2/25/2013 1:03:51 PM | Computer Name = UserX-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 2/25/2013 1:05:59 PM | Computer Name = UserX-PC | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 2/25/2013 1:11:35 PM | Computer Name = UserX-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 2/25/2013 1:13:43 PM | Computer Name = UserX-PC | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 2/26/2013 9:32:38 AM | Computer Name = UserX-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 2/26/2013 9:34:47 AM | Computer Name = UserX-PC | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 2/27/2013 6:37:30 AM | Computer Name = UserX-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 2/27/2013 6:39:39 AM | Computer Name = UserX-PC | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 2/27/2013 7:22:52 AM | Computer Name = UserX-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
 
< End of report >
         

Alt 12.05.2013, 20:09   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2013, 09:38   #11
MadLeo
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Hallo, hier die Logs:

GMER:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-13 10:02:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.CXM1 119.24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\UserX\AppData\Local\Temp\afdirpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                fffff800031ab000 8 bytes [00, 00, 0C, 02, 46, 4D, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 576                                                                fffff800031ab010 3 bytes [45, 63, 70]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077091465 2 bytes [09, 77]
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000770914bb 2 bytes [09, 77]
.text     ...                                                                                                                               * 2
.text     C:\Users\UserX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4256] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69             0000000077091465 2 bytes [09, 77]
.text     C:\Users\UserX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4256] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155            00000000770914bb 2 bytes [09, 77]
.text     ...                                                                                                                               * 2
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000077091465 2 bytes [09, 77]
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000770914bb 2 bytes [09, 77]
.text     ...                                                                                                                               * 2
.text     C:\Program Files (x86)\QtdSync\QtdSync.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000077091465 2 bytes [09, 77]
.text     C:\Program Files (x86)\QtdSync\QtdSync.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         00000000770914bb 2 bytes [09, 77]
.text     ...                                                                                                                               * 2

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00dbdf06122d                                                       
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00dbdf06122d (not active ControlSet)                                   

---- EOF - GMER 2.1 ----
         

Und MBAR:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
UserX :: UserX-PC [administrator]

5/13/2013 10:22:15 AM
mbar-log-2013-05-13 (10-22-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28986
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Nix gefunden, oder?

Alt 13.05.2013, 10:52   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2013, 12:26   #13
MadLeo
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Ok, danke für die schnellen Antworten! Die Scans werde ich als nächstes machen. Logs folgen!

Kannst du denn schon was aus den bisherigen Logs ableiten, oder hat sich noch nichts verdächtiges gezeigt?

Alt 13.05.2013, 13:26   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Noch konnteich nichts sehen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2013, 15:31   #15
MadLeo
 
Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Standard

Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com



Alles klar, hier ist der nächste Schwung Logfiles. Wie viele Programme hast du noch auf Lager bis wir den Rechner für sauber erklären können?

Code:
ATTFilter
16:06:00.0181 4900  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:06:00.0293 4900  ============================================================
16:06:00.0293 4900  Current date / time: 2013/05/13 16:06:00.0293
16:06:00.0293 4900  SystemInfo:
16:06:00.0293 4900  
16:06:00.0293 4900  OS Version: 6.1.7601 ServicePack: 1.0
16:06:00.0294 4900  Product type: Workstation
16:06:00.0294 4900  ComputerName: UserX-PC
16:06:00.0294 4900  UserName: UserX
16:06:00.0294 4900  Windows directory: C:\Windows
16:06:00.0294 4900  System windows directory: C:\Windows
16:06:00.0294 4900  Running under WOW64
16:06:00.0294 4900  Processor architecture: Intel x64
16:06:00.0294 4900  Number of processors: 4
16:06:00.0294 4900  Page size: 0x1000
16:06:00.0294 4900  Boot type: Normal boot
16:06:00.0294 4900  ============================================================
16:06:00.0617 4900  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:06:00.0622 4900  ============================================================
16:06:00.0622 4900  \Device\Harddisk0\DR0:
16:06:00.0622 4900  MBR partitions:
16:06:00.0622 4900  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x247F000
16:06:00.0622 4900  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2493000, BlocksNum 0xB9E8800
16:06:00.0622 4900  ============================================================
16:06:00.0624 4900  C: <-> \Device\Harddisk0\DR0\Partition2
16:06:00.0624 4900  ============================================================
16:06:00.0624 4900  Initialize success
16:06:00.0624 4900  ============================================================
16:06:25.0171 5600  Deinitialize success
         
Code:
ATTFilter
16:07:40.0054 3208  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:07:40.0188 3208  ============================================================
16:07:40.0188 3208  Current date / time: 2013/05/13 16:07:40.0188
16:07:40.0188 3208  SystemInfo:
16:07:40.0188 3208  
16:07:40.0188 3208  OS Version: 6.1.7601 ServicePack: 1.0
16:07:40.0188 3208  Product type: Workstation
16:07:40.0189 3208  ComputerName: UserX-PC
16:07:40.0189 3208  UserName: UserX
16:07:40.0189 3208  Windows directory: C:\Windows
16:07:40.0189 3208  System windows directory: C:\Windows
16:07:40.0189 3208  Running under WOW64
16:07:40.0189 3208  Processor architecture: Intel x64
16:07:40.0189 3208  Number of processors: 4
16:07:40.0189 3208  Page size: 0x1000
16:07:40.0189 3208  Boot type: Normal boot
16:07:40.0189 3208  ============================================================
16:07:40.0454 3208  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:07:40.0458 3208  ============================================================
16:07:40.0458 3208  \Device\Harddisk0\DR0:
16:07:40.0458 3208  MBR partitions:
16:07:40.0458 3208  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x247F000
16:07:40.0458 3208  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2493000, BlocksNum 0xB9E8800
16:07:40.0458 3208  ============================================================
16:07:40.0460 3208  C: <-> \Device\Harddisk0\DR0\Partition2
16:07:40.0460 3208  ============================================================
16:07:40.0460 3208  Initialize success
16:07:40.0460 3208  ============================================================
16:07:51.0781 1208  ============================================================
16:07:51.0781 1208  Scan started
16:07:51.0781 1208  Mode: Manual; SigCheck; TDLFS; 
16:07:51.0781 1208  ============================================================
16:07:52.0081 1208  ================ Scan system memory ========================
16:07:52.0081 1208  System memory - ok
16:07:52.0082 1208  ================ Scan services =============================
16:07:52.0146 1208  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:07:52.0222 1208  1394ohci - ok
16:07:52.0229 1208  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:07:52.0246 1208  ACPI - ok
16:07:52.0249 1208  [ 12C5274CD87449A2A37A607CDB321922 ] acpials         C:\Windows\system32\DRIVERS\acpials.sys
16:07:52.0263 1208  acpials - ok
16:07:52.0267 1208  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:07:52.0291 1208  AcpiPmi - ok
16:07:52.0301 1208  [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
16:07:52.0313 1208  AdobeActiveFileMonitor9.0 - ok
16:07:52.0319 1208  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:07:52.0330 1208  AdobeARMservice - ok
16:07:52.0356 1208  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:07:52.0369 1208  AdobeFlashPlayerUpdateSvc - ok
16:07:52.0378 1208  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:07:52.0396 1208  adp94xx - ok
16:07:52.0405 1208  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:07:52.0420 1208  adpahci - ok
16:07:52.0425 1208  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:07:52.0438 1208  adpu320 - ok
16:07:52.0444 1208  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:07:52.0522 1208  AeLookupSvc - ok
16:07:52.0527 1208  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:07:52.0536 1208  AERTFilters - ok
16:07:52.0545 1208  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:07:52.0565 1208  AFD - ok
16:07:52.0570 1208  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:07:52.0580 1208  agp440 - ok
16:07:52.0586 1208  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:07:52.0607 1208  ALG - ok
16:07:52.0610 1208  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:07:52.0620 1208  aliide - ok
16:07:52.0624 1208  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:07:52.0633 1208  amdide - ok
16:07:52.0638 1208  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:07:52.0650 1208  AmdK8 - ok
16:07:52.0655 1208  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:07:52.0667 1208  AmdPPM - ok
16:07:52.0672 1208  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:07:52.0683 1208  amdsata - ok
16:07:52.0689 1208  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:07:52.0702 1208  amdsbs - ok
16:07:52.0706 1208  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:07:52.0716 1208  amdxata - ok
16:07:52.0722 1208  [ 157B1C973637919DCD0D0464167C86BA ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
16:07:52.0736 1208  AMPPAL - ok
16:07:52.0741 1208  [ 157B1C973637919DCD0D0464167C86BA ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
16:07:52.0753 1208  AMPPALP - ok
16:07:52.0764 1208  [ FB70F8C1283C8CC6BFAA6F9971107E68 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:07:52.0795 1208  AMPPALR3 - ok
16:07:52.0799 1208  AndNetDiag - ok
16:07:52.0803 1208  ANDNetModem - ok
16:07:52.0812 1208  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:07:52.0822 1208  AntiVirSchedulerService - ok
16:07:52.0826 1208  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:07:52.0836 1208  AntiVirService - ok
16:07:52.0840 1208  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:07:52.0910 1208  AppID - ok
16:07:52.0914 1208  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:07:52.0954 1208  AppIDSvc - ok
16:07:52.0958 1208  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:07:52.0992 1208  Appinfo - ok
16:07:52.0998 1208  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:07:53.0010 1208  Apple Mobile Device - ok
16:07:53.0014 1208  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
16:07:53.0024 1208  arc - ok
16:07:53.0030 1208  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:07:53.0041 1208  arcsas - ok
16:07:53.0056 1208  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:07:53.0067 1208  aspnet_state - ok
16:07:53.0071 1208  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:07:53.0106 1208  AsyncMac - ok
16:07:53.0110 1208  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:07:53.0120 1208  atapi - ok
16:07:53.0131 1208  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:07:53.0183 1208  AudioEndpointBuilder - ok
16:07:53.0193 1208  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:07:53.0232 1208  AudioSrv - ok
16:07:53.0237 1208  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:07:53.0246 1208  avgntflt - ok
16:07:53.0251 1208  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:07:53.0261 1208  avipbb - ok
16:07:53.0265 1208  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:07:53.0274 1208  avkmgr - ok
16:07:53.0279 1208  [ CAEBC32C72C6E454CA0F0931A049CA25 ] AX88178         C:\Windows\system32\DRIVERS\ax88178.sys
16:07:53.0290 1208  AX88178 - ok
16:07:53.0296 1208  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:07:53.0320 1208  AxInstSV - ok
16:07:53.0329 1208  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:07:53.0346 1208  b06bdrv - ok
16:07:53.0353 1208  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:07:53.0368 1208  b57nd60a - ok
16:07:53.0375 1208  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:07:53.0393 1208  BDESVC - ok
16:07:53.0396 1208  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:07:53.0432 1208  Beep - ok
16:07:53.0443 1208  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:07:53.0497 1208  BFE - ok
16:07:53.0510 1208  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:07:53.0559 1208  BITS - ok
16:07:53.0563 1208  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:07:53.0575 1208  blbdrive - ok
16:07:53.0589 1208  [ 6D625A18DDFCD0464B914B71293AD837 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
16:07:53.0616 1208  Bluetooth Device Monitor - ok
16:07:53.0633 1208  [ 74B2BF80D966CFE8BC8005D19E40608D ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
16:07:53.0664 1208  Bluetooth Media Service - ok
16:07:53.0678 1208  [ 707BF27D30ADAB7798C69D5BF41C7131 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
16:07:53.0706 1208  Bluetooth OBEX Service - ok
16:07:53.0715 1208  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:07:53.0730 1208  Bonjour Service - ok
16:07:53.0735 1208  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:07:53.0749 1208  bowser - ok
16:07:53.0752 1208  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:07:53.0767 1208  BrFiltLo - ok
16:07:53.0770 1208  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:07:53.0784 1208  BrFiltUp - ok
16:07:53.0789 1208  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:07:53.0811 1208  Browser - ok
16:07:53.0818 1208  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:07:53.0835 1208  Brserid - ok
16:07:53.0839 1208  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:07:53.0854 1208  BrSerWdm - ok
16:07:53.0858 1208  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:07:53.0873 1208  BrUsbMdm - ok
16:07:53.0877 1208  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:07:53.0888 1208  BrUsbSer - ok
16:07:53.0892 1208  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
16:07:53.0906 1208  BthEnum - ok
16:07:53.0910 1208  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:07:53.0926 1208  BTHMODEM - ok
16:07:53.0931 1208  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:07:53.0946 1208  BthPan - ok
16:07:53.0955 1208  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
16:07:53.0975 1208  BTHPORT - ok
16:07:53.0979 1208  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:07:54.0019 1208  bthserv - ok
16:07:54.0024 1208  [ FA2D081709A764F6BEE16B7FFE03E36C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:07:54.0035 1208  BTHSSecurityMgr - ok
16:07:54.0041 1208  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
16:07:54.0053 1208  BTHUSB - ok
16:07:54.0057 1208  [ 3676BEAA7D842047D30E95D59B241F22 ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
16:07:54.0069 1208  btmaux - ok
16:07:54.0081 1208  [ FA0E7B5AFB8FD335234916764A2D6CF9 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
16:07:54.0102 1208  btmhsf - ok
16:07:54.0106 1208  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:07:54.0144 1208  cdfs - ok
16:07:54.0149 1208  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:07:54.0163 1208  cdrom - ok
16:07:54.0167 1208  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:07:54.0207 1208  CertPropSvc - ok
16:07:54.0211 1208  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
16:07:54.0225 1208  circlass - ok
16:07:54.0232 1208  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:07:54.0248 1208  CLFS - ok
16:07:54.0256 1208  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:07:54.0274 1208  clr_optimization_v2.0.50727_32 - ok
16:07:54.0280 1208  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:07:54.0295 1208  clr_optimization_v2.0.50727_64 - ok
16:07:54.0306 1208  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:07:54.0325 1208  clr_optimization_v4.0.30319_32 - ok
16:07:54.0330 1208  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:07:54.0346 1208  clr_optimization_v4.0.30319_64 - ok
16:07:54.0349 1208  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:07:54.0361 1208  CmBatt - ok
16:07:54.0365 1208  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:07:54.0375 1208  cmdide - ok
16:07:54.0384 1208  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:07:54.0410 1208  CNG - ok
16:07:54.0414 1208  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:07:54.0424 1208  Compbatt - ok
16:07:54.0428 1208  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:07:54.0442 1208  CompositeBus - ok
16:07:54.0445 1208  COMSysApp - ok
16:07:54.0451 1208  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:07:54.0462 1208  crcdisk - ok
16:07:54.0469 1208  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:07:54.0492 1208  CryptSvc - ok
16:07:54.0497 1208  [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:07:54.0511 1208  CtClsFlt - ok
16:07:54.0516 1208  [ 5B1D567FC3D039A672B29FBFBF59C74C ] cyhid           C:\Windows\system32\DRIVERS\cyhid.sys
16:07:54.0527 1208  cyhid - ok
16:07:54.0533 1208  [ 94726BD599CF72E4817B72A0C07F04DD ] cykbfltrService C:\Windows\system32\DRIVERS\cykbfltr.sys
16:07:54.0544 1208  cykbfltrService - ok
16:07:54.0548 1208  [ 878EA2FB6007828D91998F7FC803DE05 ] cymfltrService  C:\Windows\system32\DRIVERS\cymfltr.sys
16:07:54.0560 1208  cymfltrService - ok
16:07:54.0571 1208  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:07:54.0612 1208  DcomLaunch - ok
16:07:54.0619 1208  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:07:54.0665 1208  defragsvc - ok
16:07:54.0671 1208  [ 2050309BAB03DFCEE455DBF913BF91B1 ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
16:07:54.0677 1208  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
16:07:54.0677 1208  DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
16:07:54.0682 1208  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:07:54.0717 1208  DfsC - ok
16:07:54.0720 1208  DgiVecp - ok
16:07:54.0728 1208  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:07:54.0745 1208  Dhcp - ok
16:07:54.0749 1208  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:07:54.0787 1208  discache - ok
16:07:54.0791 1208  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
16:07:54.0802 1208  Disk - ok
16:07:54.0808 1208  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:07:54.0831 1208  Dnscache - ok
16:07:54.0837 1208  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:07:54.0880 1208  dot3svc - ok
16:07:54.0887 1208  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:07:54.0924 1208  DPS - ok
16:07:54.0927 1208  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:07:54.0942 1208  drmkaud - ok
16:07:54.0957 1208  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:07:54.0985 1208  DXGKrnl - ok
16:07:54.0990 1208  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:07:55.0030 1208  EapHost - ok
16:07:55.0067 1208  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:07:55.0121 1208  ebdrv - ok
16:07:55.0126 1208  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:07:55.0143 1208  EFS - ok
16:07:55.0156 1208  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:07:55.0190 1208  ehRecvr - ok
16:07:55.0194 1208  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:07:55.0213 1208  ehSched - ok
16:07:55.0223 1208  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:07:55.0241 1208  elxstor - ok
16:07:55.0245 1208  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:07:55.0257 1208  ErrDev - ok
16:07:55.0268 1208  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:07:55.0310 1208  EventSystem - ok
16:07:55.0314 1208  [ 618B2BC3E72A2FBDF2FA4A7350DE3695 ] EvoMouseDriverFilterHidUsb C:\Windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys
16:07:55.0322 1208  EvoMouseDriverFilterHidUsb - ok
16:07:55.0326 1208  [ EC0FE22EB2F3B32E046E01496B88D523 ] EvoMouseDriverMini C:\Windows\system32\drivers\EvoMouseDriverMini.sys
16:07:55.0333 1208  EvoMouseDriverMini - ok
16:07:55.0345 1208  [ 23D401A43DADED10A153B9F3A7E66C91 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:07:55.0365 1208  EvtEng - ok
16:07:55.0370 1208  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:07:55.0410 1208  exfat - ok
16:07:55.0417 1208  [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP           C:\Windows\system32\DRIVERS\facap.sys
16:07:55.0428 1208  FACAP - ok
16:07:55.0433 1208  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:07:55.0473 1208  fastfat - ok
16:07:55.0485 1208  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:07:55.0508 1208  Fax - ok
16:07:55.0512 1208  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
16:07:55.0523 1208  fdc - ok
16:07:55.0528 1208  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:07:55.0565 1208  fdPHost - ok
16:07:55.0569 1208  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:07:55.0609 1208  FDResPub - ok
16:07:55.0613 1208  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:07:55.0624 1208  FileInfo - ok
16:07:55.0627 1208  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:07:55.0662 1208  Filetrace - ok
16:07:55.0666 1208  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:07:55.0678 1208  flpydisk - ok
16:07:55.0684 1208  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:07:55.0700 1208  FltMgr - ok
16:07:55.0706 1208  [ 0C8583071EBC32007C8304BA979170DB ] FLxHCIc         C:\Windows\system32\DRIVERS\FLxHCIc.sys
16:07:55.0719 1208  FLxHCIc - ok
16:07:55.0724 1208  [ 1C6BEC5768486349394D0EA4796A3C61 ] FLxHCIh         C:\Windows\system32\DRIVERS\FLxHCIh.sys
16:07:55.0735 1208  FLxHCIh - ok
16:07:55.0751 1208  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
16:07:55.0791 1208  FontCache - ok
16:07:55.0796 1208  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:07:55.0809 1208  FontCache3.0.0.0 - ok
16:07:55.0813 1208  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:07:55.0824 1208  FsDepends - ok
16:07:55.0829 1208  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:07:55.0839 1208  Fs_Rec - ok
16:07:55.0845 1208  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:07:55.0863 1208  fvevol - ok
16:07:55.0867 1208  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:07:55.0877 1208  gagp30kx - ok
16:07:55.0882 1208  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:07:55.0890 1208  GEARAspiWDM - ok
16:07:55.0902 1208  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:07:55.0946 1208  gpsvc - ok
16:07:55.0952 1208  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:07:55.0970 1208  gusvc - ok
16:07:55.0974 1208  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:07:55.0987 1208  hcw85cir - ok
16:07:55.0992 1208  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:07:56.0009 1208  HDAudBus - ok
16:07:56.0012 1208  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:07:56.0025 1208  HidBatt - ok
16:07:56.0029 1208  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:07:56.0045 1208  HidBth - ok
16:07:56.0049 1208  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:07:56.0064 1208  HidIr - ok
16:07:56.0067 1208  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:07:56.0107 1208  hidserv - ok
16:07:56.0111 1208  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:07:56.0123 1208  HidUsb - ok
16:07:56.0127 1208  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:07:56.0167 1208  hkmsvc - ok
16:07:56.0174 1208  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:07:56.0198 1208  HomeGroupListener - ok
16:07:56.0203 1208  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:07:56.0218 1208  HomeGroupProvider - ok
16:07:56.0223 1208  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:07:56.0234 1208  HpSAMD - ok
16:07:56.0246 1208  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:07:56.0292 1208  HTTP - ok
16:07:56.0295 1208  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:07:56.0306 1208  hwpolicy - ok
16:07:56.0310 1208  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:07:56.0323 1208  i8042prt - ok
16:07:56.0335 1208  [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor          C:\Windows\system32\drivers\iaStor.sys
16:07:56.0352 1208  iaStor - ok
16:07:56.0362 1208  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:07:56.0379 1208  iaStorV - ok
16:07:56.0383 1208  [ 653A38B868A5F20BB506AB57AC41B936 ] ibtfltcoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
16:07:56.0393 1208  ibtfltcoex - ok
16:07:56.0406 1208  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:07:56.0450 1208  idsvc - ok
16:07:56.0577 1208  [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:07:56.0753 1208  igfx - ok
16:07:56.0759 1208  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:07:56.0769 1208  iirsp - ok
16:07:56.0773 1208  [ F6DB46FAAAAFCF14B9207425E67CEC8C ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
16:07:56.0782 1208  ikbevent - ok
16:07:56.0795 1208  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:07:56.0851 1208  IKEEXT - ok
16:07:56.0856 1208  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
16:07:56.0868 1208  Impcd - ok
16:07:56.0876 1208  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
16:07:56.0885 1208  intaud_WaveExtensible - ok
16:07:56.0925 1208  [ D20E649D87193BBCEE5CB0EAB75F96A4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:07:56.0999 1208  IntcAzAudAddService - ok
16:07:57.0007 1208  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
16:07:57.0021 1208  IntcDAud - ok
16:07:57.0025 1208  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:07:57.0036 1208  intelide - ok
16:07:57.0041 1208  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:07:57.0053 1208  intelppm - ok
16:07:57.0058 1208  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:07:57.0101 1208  IPBusEnum - ok
16:07:57.0105 1208  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:07:57.0139 1208  IpFilterDriver - ok
16:07:57.0148 1208  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:07:57.0168 1208  iphlpsvc - ok
16:07:57.0172 1208  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:07:57.0185 1208  IPMIDRV - ok
16:07:57.0190 1208  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:07:57.0225 1208  IPNAT - ok
16:07:57.0235 1208  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:07:57.0254 1208  iPod Service - ok
16:07:57.0259 1208  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:07:57.0275 1208  IRENUM - ok
16:07:57.0279 1208  [ 6DC22BDAA595BE00F19696E72F2F3312 ] irstrtdv        C:\Windows\system32\DRIVERS\irstrtdv.sys
16:07:57.0288 1208  irstrtdv - ok
16:07:57.0309 1208  [ 9877087146E094D790BB03ECA0FBC445 ] irstrtsv        C:\Windows\SysWOW64\irstrtsv.exe
16:07:57.0324 1208  irstrtsv ( UnsignedFile.Multi.Generic ) - warning
16:07:57.0324 1208  irstrtsv - detected UnsignedFile.Multi.Generic (1)
16:07:57.0328 1208  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:07:57.0338 1208  isapnp - ok
16:07:57.0345 1208  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:07:57.0359 1208  iScsiPrt - ok
16:07:57.0363 1208  [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT            C:\Windows\system32\DRIVERS\ISCTD64.sys
16:07:57.0372 1208  ISCT - ok
16:07:57.0377 1208  [ 3800264CED0BB5CC5EEE5DD550CB23D6 ] ISCTAgent       c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
16:07:57.0388 1208  ISCTAgent - ok
16:07:57.0392 1208  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
16:07:57.0400 1208  iwdbus - ok
16:07:57.0406 1208  [ 5A9894E80575647DC77A7D1954B05CE7 ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
16:07:57.0419 1208  jhi_service - ok
16:07:57.0424 1208  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:07:57.0434 1208  kbdclass - ok
16:07:57.0438 1208  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:07:57.0450 1208  kbdhid - ok
16:07:57.0453 1208  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:07:57.0465 1208  KeyIso - ok
16:07:57.0469 1208  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:07:57.0481 1208  KSecDD - ok
16:07:57.0486 1208  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:07:57.0498 1208  KSecPkg - ok
16:07:57.0502 1208  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:07:57.0537 1208  ksthunk - ok
16:07:57.0544 1208  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:07:57.0591 1208  KtmRm - ok
16:07:57.0597 1208  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:07:57.0643 1208  LanmanServer - ok
16:07:57.0647 1208  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:07:57.0691 1208  LanmanWorkstation - ok
16:07:57.0696 1208  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:07:57.0732 1208  lltdio - ok
16:07:57.0739 1208  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:07:57.0782 1208  lltdsvc - ok
16:07:57.0785 1208  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:07:57.0822 1208  lmhosts - ok
16:07:57.0828 1208  [ 8DA2E099B501605E4A5CB38246A9757E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:07:57.0843 1208  LMS - ok
16:07:57.0849 1208  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:07:57.0861 1208  LSI_FC - ok
16:07:57.0865 1208  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:07:57.0876 1208  LSI_SAS - ok
16:07:57.0880 1208  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:07:57.0891 1208  LSI_SAS2 - ok
16:07:57.0895 1208  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:07:57.0907 1208  LSI_SCSI - ok
16:07:57.0913 1208  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:07:57.0950 1208  luafv - ok
16:07:57.0954 1208  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:07:57.0963 1208  MBAMProtector - ok
16:07:57.0972 1208  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:07:57.0985 1208  MBAMScheduler - ok
16:07:57.0996 1208  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:07:58.0015 1208  MBAMService - ok
16:07:58.0019 1208  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:07:58.0037 1208  Mcx2Svc - ok
16:07:58.0042 1208  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:07:58.0052 1208  megasas - ok
16:07:58.0058 1208  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:07:58.0072 1208  MegaSR - ok
16:07:58.0076 1208  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
16:07:58.0085 1208  MEIx64 - ok
16:07:58.0089 1208  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:07:58.0126 1208  MMCSS - ok
16:07:58.0130 1208  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:07:58.0166 1208  Modem - ok
16:07:58.0169 1208  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:07:58.0183 1208  monitor - ok
16:07:58.0187 1208  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:07:58.0198 1208  mouclass - ok
16:07:58.0202 1208  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:07:58.0215 1208  mouhid - ok
16:07:58.0219 1208  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:07:58.0231 1208  mountmgr - ok
16:07:58.0235 1208  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:07:58.0247 1208  MozillaMaintenance - ok
16:07:58.0252 1208  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:07:58.0263 1208  mpio - ok
16:07:58.0268 1208  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:07:58.0302 1208  mpsdrv - ok
16:07:58.0314 1208  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:07:58.0360 1208  MpsSvc - ok
16:07:58.0364 1208  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:07:58.0382 1208  MRxDAV - ok
16:07:58.0387 1208  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:07:58.0401 1208  mrxsmb - ok
16:07:58.0408 1208  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:07:58.0422 1208  mrxsmb10 - ok
16:07:58.0426 1208  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:07:58.0439 1208  mrxsmb20 - ok
16:07:58.0443 1208  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:07:58.0453 1208  msahci - ok
16:07:58.0458 1208  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:07:58.0471 1208  msdsm - ok
16:07:58.0476 1208  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:07:58.0497 1208  MSDTC - ok
16:07:58.0503 1208  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:07:58.0538 1208  Msfs - ok
16:07:58.0542 1208  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:07:58.0577 1208  mshidkmdf - ok
16:07:58.0580 1208  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:07:58.0591 1208  msisadrv - ok
16:07:58.0596 1208  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:07:58.0637 1208  MSiSCSI - ok
16:07:58.0641 1208  msiserver - ok
16:07:58.0645 1208  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:07:58.0679 1208  MSKSSRV - ok
16:07:58.0683 1208  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:07:58.0718 1208  MSPCLOCK - ok
16:07:58.0721 1208  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:07:58.0755 1208  MSPQM - ok
16:07:58.0762 1208  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:07:58.0779 1208  MsRPC - ok
16:07:58.0784 1208  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:07:58.0795 1208  mssmbios - ok
16:07:58.0799 1208  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:07:58.0833 1208  MSTEE - ok
16:07:58.0837 1208  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:07:58.0849 1208  MTConfig - ok
16:07:58.0853 1208  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:07:58.0863 1208  Mup - ok
16:07:58.0869 1208  [ 48C9BA25EDA90E3DB07ADAC8CD32F5F3 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:07:58.0883 1208  MyWiFiDHCPDNS - ok
16:07:58.0892 1208  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:07:58.0934 1208  napagent - ok
16:07:58.0941 1208  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:07:58.0962 1208  NativeWifiP - ok
16:07:58.0976 1208  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:07:59.0002 1208  NDIS - ok
16:07:59.0006 1208  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:07:59.0042 1208  NdisCap - ok
16:07:59.0046 1208  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:07:59.0080 1208  NdisTapi - ok
16:07:59.0084 1208  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:07:59.0120 1208  Ndisuio - ok
16:07:59.0126 1208  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:07:59.0161 1208  NdisWan - ok
16:07:59.0165 1208  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:07:59.0199 1208  NDProxy - ok
16:07:59.0203 1208  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:07:59.0237 1208  NetBIOS - ok
16:07:59.0243 1208  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:07:59.0279 1208  NetBT - ok
16:07:59.0283 1208  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:07:59.0294 1208  Netlogon - ok
16:07:59.0302 1208  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:07:59.0342 1208  Netman - ok
16:07:59.0354 1208  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:59.0367 1208  NetMsmqActivator - ok
16:07:59.0370 1208  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:59.0380 1208  NetPipeActivator - ok
16:07:59.0389 1208  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:07:59.0431 1208  netprofm - ok
16:07:59.0435 1208  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:59.0445 1208  NetTcpActivator - ok
16:07:59.0448 1208  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:59.0458 1208  NetTcpPortSharing - ok
16:07:59.0576 1208  [ FAD6C5610D020534401966CD72A1C306 ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
16:07:59.0735 1208  NETwNs64 - ok
16:07:59.0741 1208  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:07:59.0752 1208  nfrd960 - ok
16:07:59.0758 1208  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:07:59.0775 1208  NlaSvc - ok
16:07:59.0779 1208  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:07:59.0814 1208  Npfs - ok
16:07:59.0818 1208  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:07:59.0856 1208  nsi - ok
16:07:59.0859 1208  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:07:59.0895 1208  nsiproxy - ok
16:07:59.0916 1208  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:07:59.0954 1208  Ntfs - ok
16:07:59.0958 1208  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:07:59.0994 1208  Null - ok
16:07:59.0998 1208  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:08:00.0012 1208  nvraid - ok
16:08:00.0017 1208  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:08:00.0029 1208  nvstor - ok
16:08:00.0034 1208  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:08:00.0046 1208  nv_agp - ok
16:08:00.0051 1208  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:08:00.0063 1208  ohci1394 - ok
16:08:00.0069 1208  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:08:00.0079 1208  ose - ok
16:08:00.0126 1208  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:08:00.0218 1208  osppsvc - ok
16:08:00.0228 1208  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:08:00.0245 1208  p2pimsvc - ok
16:08:00.0253 1208  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:08:00.0276 1208  p2psvc - ok
16:08:00.0281 1208  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
16:08:00.0293 1208  Parport - ok
16:08:00.0297 1208  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:08:00.0308 1208  partmgr - ok
16:08:00.0314 1208  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:08:00.0334 1208  PcaSvc - ok
16:08:00.0340 1208  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:08:00.0352 1208  pci - ok
16:08:00.0355 1208  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:08:00.0366 1208  pciide - ok
16:08:00.0371 1208  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:08:00.0385 1208  pcmcia - ok
16:08:00.0389 1208  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:08:00.0400 1208  pcw - ok
16:08:00.0409 1208  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:08:00.0452 1208  PEAUTH - ok
16:08:00.0458 1208  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:08:00.0475 1208  PerfHost - ok
16:08:00.0498 1208  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:08:00.0560 1208  pla - ok
16:08:00.0568 1208  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:08:00.0587 1208  PlugPlay - ok
16:08:00.0591 1208  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:08:00.0607 1208  PNRPAutoReg - ok
16:08:00.0615 1208  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:08:00.0630 1208  PNRPsvc - ok
16:08:00.0639 1208  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:08:00.0687 1208  PolicyAgent - ok
16:08:00.0696 1208  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
16:08:00.0711 1208  Power - ok
16:08:00.0715 1208  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:08:00.0751 1208  PptpMiniport - ok
16:08:00.0755 1208  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
16:08:00.0768 1208  Processor - ok
16:08:00.0773 1208  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:08:00.0789 1208  ProfSvc - ok
16:08:00.0792 1208  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:08:00.0805 1208  ProtectedStorage - ok
16:08:00.0809 1208  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:08:00.0846 1208  Psched - ok
16:08:00.0850 1208  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
16:08:00.0859 1208  PxHlpa64 - ok
16:08:00.0879 1208  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:08:00.0914 1208  ql2300 - ok
16:08:00.0919 1208  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:08:00.0931 1208  ql40xx - ok
16:08:00.0937 1208  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:08:00.0964 1208  QWAVE - ok
16:08:00.0968 1208  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:08:00.0985 1208  QWAVEdrv - ok
16:08:00.0988 1208  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:08:01.0022 1208  RasAcd - ok
16:08:01.0026 1208  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:08:01.0061 1208  RasAgileVpn - ok
16:08:01.0065 1208  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:08:01.0107 1208  RasAuto - ok
16:08:01.0112 1208  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:08:01.0146 1208  Rasl2tp - ok
16:08:01.0153 1208  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:08:01.0199 1208  RasMan - ok
16:08:01.0203 1208  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:08:01.0238 1208  RasPppoe - ok
16:08:01.0242 1208  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:08:01.0278 1208  RasSstp - ok
16:08:01.0285 1208  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:08:01.0323 1208  rdbss - ok
16:08:01.0327 1208  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:08:01.0342 1208  rdpbus - ok
16:08:01.0347 1208  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:08:01.0381 1208  RDPCDD - ok
16:08:01.0386 1208  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:08:01.0423 1208  RDPENCDD - ok
16:08:01.0429 1208  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:08:01.0464 1208  RDPREFMP - ok
16:08:01.0470 1208  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:08:01.0484 1208  RDPWD - ok
16:08:01.0490 1208  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:08:01.0503 1208  rdyboost - ok
16:08:01.0508 1208  [ 0C2B4C3B10D183BE116A38353E937F62 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:08:01.0519 1208  RegSrvc - ok
16:08:01.0523 1208  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:08:01.0570 1208  RemoteAccess - ok
16:08:01.0576 1208  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:08:01.0619 1208  RemoteRegistry - ok
16:08:01.0624 1208  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:08:01.0641 1208  RFCOMM - ok
16:08:01.0645 1208  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:08:01.0685 1208  RpcEptMapper - ok
16:08:01.0690 1208  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:08:01.0705 1208  RpcLocator - ok
16:08:01.0713 1208  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:08:01.0754 1208  RpcSs - ok
16:08:01.0759 1208  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:08:01.0795 1208  rspndr - ok
16:08:01.0801 1208  [ 5D63CCD46688B775382AA68EF844510C ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
16:08:01.0812 1208  RtkAudioService - ok
16:08:01.0816 1208  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:08:01.0829 1208  SamSs - ok
16:08:01.0833 1208  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:08:01.0844 1208  sbp2port - ok
16:08:01.0850 1208  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:08:01.0891 1208  SCardSvr - ok
16:08:01.0894 1208  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:08:01.0929 1208  scfilter - ok
16:08:01.0943 1208  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:08:02.0007 1208  Schedule - ok
16:08:02.0011 1208  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:08:02.0046 1208  SCPolicySvc - ok
16:08:02.0051 1208  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:08:02.0074 1208  SDRSVC - ok
16:08:02.0079 1208  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:08:02.0114 1208  secdrv - ok
16:08:02.0118 1208  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:08:02.0156 1208  seclogon - ok
16:08:02.0160 1208  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:08:02.0197 1208  SENS - ok
16:08:02.0201 1208  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:08:02.0214 1208  SensrSvc - ok
16:08:02.0218 1208  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:08:02.0230 1208  Serenum - ok
16:08:02.0234 1208  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
16:08:02.0247 1208  Serial - ok
16:08:02.0250 1208  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:08:02.0262 1208  sermouse - ok
16:08:02.0272 1208  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:08:02.0314 1208  SessionEnv - ok
16:08:02.0318 1208  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:08:02.0332 1208  sffdisk - ok
16:08:02.0336 1208  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:08:02.0350 1208  sffp_mmc - ok
16:08:02.0354 1208  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:08:02.0369 1208  sffp_sd - ok
16:08:02.0372 1208  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:08:02.0383 1208  sfloppy - ok
16:08:02.0390 1208  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:08:02.0436 1208  SharedAccess - ok
16:08:02.0443 1208  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:08:02.0491 1208  ShellHWDetection - ok
16:08:02.0495 1208  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:08:02.0505 1208  SiSRaid2 - ok
16:08:02.0509 1208  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:08:02.0520 1208  SiSRaid4 - ok
16:08:02.0526 1208  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:08:02.0537 1208  SkypeUpdate - ok
16:08:02.0542 1208  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:08:02.0580 1208  Smb - ok
16:08:02.0587 1208  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:08:02.0601 1208  SNMPTRAP - ok
16:08:02.0605 1208  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:08:02.0615 1208  spldr - ok
16:08:02.0624 1208  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:08:02.0654 1208  Spooler - ok
16:08:02.0690 1208  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:08:02.0770 1208  sppsvc - ok
16:08:02.0774 1208  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:08:02.0815 1208  sppuinotify - ok
16:08:02.0823 1208  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:08:02.0841 1208  srv - ok
16:08:02.0849 1208  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:08:02.0865 1208  srv2 - ok
16:08:02.0870 1208  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:08:02.0882 1208  srvnet - ok
16:08:02.0888 1208  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:08:02.0926 1208  SSDPSRV - ok
16:08:02.0930 1208  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
16:08:02.0939 1208  SSPORT - ok
16:08:02.0943 1208  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:08:02.0980 1208  SstpSvc - ok
16:08:02.0985 1208  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:08:02.0995 1208  stexstor - ok
16:08:03.0007 1208  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:08:03.0039 1208  stisvc - ok
16:08:03.0042 1208  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:08:03.0052 1208  swenum - ok
16:08:03.0061 1208  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:08:03.0103 1208  swprv - ok
16:08:03.0125 1208  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:08:03.0178 1208  SysMain - ok
16:08:03.0182 1208  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:08:03.0206 1208  TabletInputService - ok
16:08:03.0213 1208  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:08:03.0258 1208  TapiSrv - ok
16:08:03.0262 1208  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:08:03.0298 1208  TBS - ok
16:08:03.0319 1208  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:08:03.0360 1208  Tcpip - ok
16:08:03.0382 1208  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:08:03.0420 1208  TCPIP6 - ok
16:08:03.0426 1208  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:08:03.0437 1208  tcpipreg - ok
16:08:03.0443 1208  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:08:03.0455 1208  TDPIPE - ok
16:08:03.0459 1208  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:08:03.0470 1208  TDTCP - ok
16:08:03.0475 1208  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:08:03.0511 1208  tdx - ok
16:08:03.0515 1208  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:08:03.0525 1208  TermDD - ok
16:08:03.0536 1208  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:08:03.0591 1208  TermService - ok
16:08:03.0595 1208  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:08:03.0618 1208  Themes - ok
16:08:03.0622 1208  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:08:03.0658 1208  THREADORDER - ok
16:08:03.0663 1208  [ 0765EE4A7A0D6609BF91CA2E4700E885 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
16:08:03.0673 1208  TomTomHOMEService - ok
16:08:03.0677 1208  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:08:03.0723 1208  TrkWks - ok
16:08:03.0728 1208  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:08:03.0764 1208  TrustedInstaller - ok
16:08:03.0769 1208  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:08:03.0804 1208  tssecsrv - ok
16:08:03.0808 1208  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:08:03.0820 1208  TsUsbFlt - ok
16:08:03.0824 1208  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:08:03.0835 1208  TsUsbGD - ok
16:08:03.0840 1208  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:08:03.0876 1208  tunnel - ok
16:08:03.0880 1208  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:08:03.0891 1208  uagp35 - ok
16:08:03.0898 1208  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:08:03.0935 1208  udfs - ok
16:08:03.0942 1208  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:08:03.0960 1208  UI0Detect - ok
16:08:03.0964 1208  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:08:03.0975 1208  uliagpkx - ok
16:08:03.0978 1208  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:08:03.0991 1208  umbus - ok
16:08:03.0994 1208  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:08:04.0006 1208  UmPass - ok
16:08:04.0034 1208  [ 3B124E086DA2F3F9888A8E28B6574DDD ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:08:04.0087 1208  UNS - ok
16:08:04.0096 1208  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:08:04.0142 1208  upnphost - ok
16:08:04.0147 1208  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:08:04.0152 1208  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
16:08:04.0152 1208  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
16:08:04.0156 1208  usbbus - ok
16:08:04.0161 1208  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:08:04.0174 1208  usbccgp - ok
16:08:04.0179 1208  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:08:04.0193 1208  usbcir - ok
16:08:04.0198 1208  UsbDiag - ok
16:08:04.0202 1208  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:08:04.0213 1208  usbehci - ok
16:08:04.0221 1208  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:08:04.0236 1208  usbhub - ok
16:08:04.0239 1208  USBModem - ok
16:08:04.0243 1208  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:08:04.0254 1208  usbohci - ok
16:08:04.0258 1208  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:08:04.0272 1208  usbprint - ok
16:08:04.0276 1208  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:08:04.0290 1208  usbscan - ok
16:08:04.0294 1208  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:08:04.0308 1208  USBSTOR - ok
16:08:04.0312 1208  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:08:04.0324 1208  usbuhci - ok
16:08:04.0329 1208  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:08:04.0345 1208  usbvideo - ok
16:08:04.0349 1208  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:08:04.0389 1208  UxSms - ok
16:08:04.0392 1208  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:08:04.0405 1208  VaultSvc - ok
16:08:04.0408 1208  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:08:04.0419 1208  vdrvroot - ok
16:08:04.0428 1208  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:08:04.0477 1208  vds - ok
16:08:04.0481 1208  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:08:04.0495 1208  vga - ok
16:08:04.0499 1208  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:08:04.0537 1208  VgaSave - ok
16:08:04.0542 1208  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:08:04.0556 1208  vhdmp - ok
16:08:04.0560 1208  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:08:04.0571 1208  viaide - ok
16:08:04.0575 1208  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:08:04.0586 1208  volmgr - ok
16:08:04.0594 1208  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:08:04.0610 1208  volmgrx - ok
16:08:04.0617 1208  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:08:04.0632 1208  volsnap - ok
16:08:04.0637 1208  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:08:04.0650 1208  vsmraid - ok
16:08:04.0670 1208  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:08:04.0724 1208  VSS - ok
16:08:04.0728 1208  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:08:04.0743 1208  vwifibus - ok
16:08:04.0748 1208  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:08:04.0766 1208  vwififlt - ok
16:08:04.0769 1208  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:08:04.0786 1208  vwifimp - ok
16:08:04.0794 1208  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:08:04.0836 1208  W32Time - ok
16:08:04.0842 1208  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:08:04.0854 1208  WacomPen - ok
16:08:04.0858 1208  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:08:04.0893 1208  WANARP - ok
16:08:04.0896 1208  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:08:04.0932 1208  Wanarpv6 - ok
16:08:04.0948 1208  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:08:04.0998 1208  WatAdminSvc - ok
16:08:05.0018 1208  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:08:05.0056 1208  wbengine - ok
16:08:05.0062 1208  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:08:05.0087 1208  WbioSrvc - ok
16:08:05.0094 1208  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:08:05.0122 1208  wcncsvc - ok
16:08:05.0125 1208  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:08:05.0142 1208  WcsPlugInService - ok
16:08:05.0146 1208  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
16:08:05.0156 1208  Wd - ok
16:08:05.0169 1208  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:08:05.0193 1208  Wdf01000 - ok
16:08:05.0197 1208  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:08:05.0233 1208  WdiServiceHost - ok
16:08:05.0236 1208  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:08:05.0255 1208  WdiSystemHost - ok
16:08:05.0262 1208  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:08:05.0290 1208  WebClient - ok
16:08:05.0296 1208  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:08:05.0340 1208  Wecsvc - ok
16:08:05.0345 1208  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:08:05.0381 1208  wercplsupport - ok
16:08:05.0385 1208  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:08:05.0427 1208  WerSvc - ok
16:08:05.0430 1208  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:08:05.0465 1208  WfpLwf - ok
16:08:05.0470 1208  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
16:08:05.0481 1208  WimFltr - ok
16:08:05.0485 1208  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:08:05.0496 1208  WIMMount - ok
16:08:05.0499 1208  WinDefend - ok
16:08:05.0506 1208  WinHttpAutoProxySvc - ok
16:08:05.0517 1208  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:08:05.0563 1208  Winmgmt - ok
16:08:05.0586 1208  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:08:05.0656 1208  WinRM - ok
16:08:05.0663 1208  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:08:05.0678 1208  WinUsb - ok
16:08:05.0692 1208  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:08:05.0721 1208  Wlansvc - ok
16:08:05.0725 1208  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:08:05.0739 1208  wlcrasvc - ok
16:08:05.0767 1208  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:08:05.0822 1208  wlidsvc - ok
16:08:05.0827 1208  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:08:05.0839 1208  WmiAcpi - ok
16:08:05.0846 1208  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:08:05.0867 1208  wmiApSrv - ok
16:08:05.0870 1208  WMPNetworkSvc - ok
16:08:05.0874 1208  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:08:05.0889 1208  WPCSvc - ok
16:08:05.0894 1208  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:08:05.0920 1208  WPDBusEnum - ok
16:08:05.0923 1208  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:08:05.0959 1208  ws2ifsl - ok
16:08:05.0964 1208  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:08:05.0983 1208  wscsvc - ok
16:08:05.0986 1208  WSearch - ok
16:08:06.0015 1208  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:08:06.0068 1208  wuauserv - ok
16:08:06.0073 1208  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:08:06.0087 1208  WudfPf - ok
16:08:06.0092 1208  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:08:06.0106 1208  WUDFRd - ok
16:08:06.0110 1208  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:08:06.0127 1208  wudfsvc - ok
16:08:06.0133 1208  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:08:06.0159 1208  WwanSvc - ok
16:08:06.0192 1208  [ D2FE4103450E52CB248D842501F84B90 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
16:08:06.0245 1208  ZeroConfigService - ok
16:08:06.0255 1208  ================ Scan global ===============================
16:08:06.0258 1208  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:08:06.0268 1208  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:08:06.0282 1208  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:08:06.0287 1208  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:08:06.0297 1208  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:08:06.0301 1208  [Global] - ok
16:08:06.0302 1208  ================ Scan MBR ==================================
16:08:06.0304 1208  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:08:06.0445 1208  \Device\Harddisk0\DR0 - ok
16:08:06.0446 1208  ================ Scan VBR ==================================
16:08:06.0451 1208  [ FC2508B435C4114CC03906BBBA3FC917 ] \Device\Harddisk0\DR0\Partition1
16:08:06.0454 1208  \Device\Harddisk0\DR0\Partition1 - ok
16:08:06.0460 1208  [ F68178BA65424B27A30E942F22FFAACC ] \Device\Harddisk0\DR0\Partition2
16:08:06.0463 1208  \Device\Harddisk0\DR0\Partition2 - ok
16:08:06.0464 1208  ============================================================
16:08:06.0464 1208  Scan finished
16:08:06.0464 1208  ============================================================
16:08:06.0485 5232  Detected object count: 3
16:08:06.0485 5232  Actual detected object count: 3
16:08:52.0294 5232  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:52.0294 5232  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:08:52.0295 5232  irstrtsv ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:52.0296 5232  irstrtsv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:08:52.0298 5232  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:08:52.0298 5232  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:09:16.0772 3964  Deinitialize success
         
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-13 15:04:42
-----------------------------
15:04:42.663    OS Version: Windows x64 6.1.7601 Service Pack 1
15:04:42.663    Number of processors: 4 586 0x2A07
15:04:42.664    ComputerName: UserX-PC  UserName: UserX
15:04:42.812    Initialize success
16:03:43.615    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:03:43.623    Disk 0 Vendor: SAMSUNG_ CXM1 Size: 122104MB BusType: 3
16:03:43.639    Disk 0 MBR read successfully
16:03:43.641    Disk 0 MBR scan
16:03:43.643    Disk 0 Windows VISTA default MBR code
16:03:43.646    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
16:03:43.649    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        18686 MB offset 81920
16:03:43.651    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        95185 MB offset 38350848
16:03:43.655    Disk 0 Partition 4 00     84 OS/2 hidden C:              8192 MB offset 233289728
16:03:43.667    Disk 0 scanning C:\Windows\system32\drivers
16:03:45.848    Service scanning
16:03:48.653    Modules scanning
16:03:48.670    Disk 0 trace - called modules:
16:03:48.676    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:03:48.681    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006110060]
16:03:48.685    3 CLASSPNP.SYS[fffff88001c2043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80039d9050]
16:03:48.690    Scan finished successfully
16:04:28.099    Disk 0 MBR has been saved successfully to "C:\Users\UserX\Desktop\MBR.dat"
16:04:28.106    The log file has been saved successfully to "C:\Users\UserX\Desktop\aswMBR.txt"
         

Antwort

Themen zu Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com
absender, anderes, april, bot, code, datei, daten, emails, geknackt, georg, gmx.de, hallo zusammen, infiziert, kennwort, konto, link, localhost, logfile, mails, nemesis, passwort, qmail, smtp, spam, tr/crypt.xpack.ge, tr/crypt.xpack.gen, verschickt, vorschläge, zusammen



Ähnliche Themen: Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com


  1. FW:Important Mails verschickt, vermutlich Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 18.10.2015 (14)
  2. Phishing-Mails Link geöffnet
    Plagegeister aller Art und deren Bekämpfung - 03.10.2015 (15)
  3. Neuer PC Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 05.12.2014 (8)
  4. Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 30.10.2014 (1)
  5. Mailer Daemon Mails von GMX-Konto - Spam oder sendet Outlook selbstständig Mails?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (8)
  6. Spam Mails von mir selbst? (GMX)
    Log-Analyse und Auswertung - 29.10.2013 (5)
  7. Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (11)
  8. Verschicke Spam Mails
    Log-Analyse und Auswertung - 25.01.2013 (12)
  9. eMail Account gehackt? Versende unkontrolliert Spam-eMails mit dubiosen Links
    Log-Analyse und Auswertung - 09.07.2012 (5)
  10. Phorpiex Virus verschickt Mails mit Link
    Plagegeister aller Art und deren Bekämpfung - 06.12.2011 (49)
  11. Ich versende Spam über mein Webinterface?
    Plagegeister aller Art und deren Bekämpfung - 29.10.2011 (2)
  12. Versende unbewusst Spam an die Kontaktliste (hotmail)
    Plagegeister aller Art und deren Bekämpfung - 16.06.2011 (11)
  13. Brief von der Telekom: Rechner versende Spam
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (10)
  14. Mein Computer versende SPAM - Internet-Zugang gesperrt...
    Log-Analyse und Auswertung - 31.03.2010 (4)
  15. Spam-Mails
    Überwachung, Datenschutz und Spam - 07.11.2006 (5)
  16. Spam Mails + HTML
    Überwachung, Datenschutz und Spam - 09.05.2006 (4)
  17. Spam Mails
    Überwachung, Datenschutz und Spam - 17.04.2005 (3)

Zum Thema Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com - Hallo zusammen, auf einmal werden von meiner GMX-Emailadresse Spam Mails versendet. Ich vermute daher, dass mein PC oder ein anderes Gerät, mit dem ich meine Emails abrufe, Teil eines Bot - Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com...
Archiv
Du betrachtest: Ich versende Spam Mails mit Link zu arc2.dominiotemporario.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.