Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Delta Search Babylon

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.05.2013, 11:55   #1
katrin87
 
Delta Search Babylon - Standard

Delta Search Babylon



Hallo liebes Team von Trojaner-Board,

ich bin bei der Internetrecherche nach meinem Problem direkt auf eurer Seite bzw. bei diesem Post gelandet http://www.trojaner-board.de/132461-delta-search.html und wende mich daher hilfesuchend an euch.

Wenn ich in Firefox ein neues Fenster öffnen will, erscheint stets nur die Seite von Delta Search. In meiner laienhaften Unwissenheit hab ich erstmal das Programm "Delta Search" deinstalliert, weil ich dachte das löst das Problem - falsch gedacht.

Ich habe die beiden Schritte im oben genannten Post (ESET und SecurityCheck) bereits wie beschrieben (mit allen Unterpunkten und in der richtige Reihenfolge) durchgeführt.

Hier die Ergebnisse:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=71bcd6f49217bd49a167c7a94a07b268
# engine=13891
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-23 10:24:29
# local_time=2013-05-23 12:24:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 3933512 28810780 0 0
# scanned=259587
# found=2
# cleaned=0
# scan_time=11483
sh=8B2D5D03121F1CEF583DC5547A74808EC3AABCC9 ft=1 fh=5816e48e95d2682b vn="a variant of Win32/Adware.AddLyrics.B application" ac=I fn="C:\Users\Katrin\AppData\Local\Temp\is357113909\LyricsFinder.exe"
sh=DA602313EC344E31F340105C29DF699267F73B84 ft=1 fh=34999f3f19837452 vn="multiple threats" ac=I fn="C:\Users\Katrin\AppData\Local\Temp\is357113909\yontoo-C4.exe"


Results of screen317's Security Check version 0.99.63
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


Ich hoffe ihr könnt mir helfen!


Viele Grüße
Katrin

Alt 23.05.2013, 11:56   #2
markusg
/// Malware-holic
 
Delta Search Babylon - Standard

Delta Search Babylon



hi

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 23.05.2013, 12:30   #3
katrin87
 
Delta Search Babylon - Standard

Delta Search Babylon



Hallo,

der Link zum OLT-Download funktioniert bei mir nicht.

VG
__________________

Alt 23.05.2013, 12:34   #4
markusg
/// Malware-holic
 
Delta Search Babylon - Standard

Delta Search Babylon



da sind 2 links., nimm bitte den Zweiten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.05.2013, 13:49   #5
katrin87
 
Delta Search Babylon - Standard

Delta Search Babylon



Okay, hat funktioniert:

OLT.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.05.2013 13:46:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,70 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 61,93% Memory free
4,32 Gb Paging File | 2,69 Gb Available in Paging File | 62,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,95 Gb Total Space | 372,25 Gb Free Space | 82,55% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\****\.thinkbuzan\imindmap6\preload\iMindMap6_Preloader.exe ()
PRC - C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ThinkBuzan\iMindMap 6\iMindMap 6.exe (ThinkBuzan)
PRC - C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office 15\root\office15\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Users\****\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6c54b85a401b0379a9b775a644fad1b7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa29c7539bd729147a7d1f1ae0ce5670\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\024a883cc8b0013f72a77d594c278f4d\System.Core.ni.dll ()
MOD - C:\Users\****\.thinkbuzan\imindmap6\preload\iMindMap6_Preloader.exe ()
MOD - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll ()
MOD - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll ()
MOD - C:\Programme\Microsoft Office 15\root\office15\c2r32.dll ()
MOD - C:\Programme\Microsoft Office 15\root\office15\appvisvstream32.dll ()
MOD - C:\Users\****\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\780ee51b01c636cf43ec0011100a8cbc\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\bbebe831e3b0761ad47dcc09231cbc29\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\cb1bedf1f9e8972aa76ad73f725b964b\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cc1fac6c6b0786c2f207370cf737c9bc\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\d6c3813f8784ba727c402f06663a400b\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\****\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (OfficeSvc) -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV - (GoToMyPC) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.)
SRV - (ETDService) -- C:\Programme\Elantech\ETDService.exe (ELAN Microelectronics Corp.)
SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (DeviceFastLaneService) -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GemCCID) -- C:\Windows\SysNative\Drivers\GemCCID.sys (Gemalto)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (monblanking) -- C:\Windows\SysNative\Drivers\monblanking.sys (Citrix Systems, Inc.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\Drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\Drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS (Broadcom Corporation)
DRV:64bit: - (QRDCIO) -- C:\Windows\SysNative\Drivers\QRDCIO.sys (QUANTA)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\Drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {844E06C9-CCCE-4FD3-8DFC-115F466B5DD5}
IE:64bit: - HKLM\..\SearchScopes\{844E06C9-CCCE-4FD3-8DFC-115F466B5DD5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {844E06C9-CCCE-4FD3-8DFC-115F466B5DD5}
IE - HKLM\..\SearchScopes\{844E06C9-CCCE-4FD3-8DFC-115F466B5DD5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes,DefaultScope = {844E06C9-CCCE-4FD3-8DFC-115F466B5DD5}
IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=72501A9423A374C9
IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes\{4FD3A71F-0BED-4E33-BF7C-392EF7220A53}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes\{679E13FD-8A9A-4565-9327-3AAE15D1069A}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes\{A8638B91-5411-4062-B81C-ED36D9705D96}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes\{CC07F895-C6AA-44F1-9A47-753BE8C743F6}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
[2013.05.21 10:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-819108653-2580796249-2928164313-1001..\Run: [Outlook Sync] C:\Program Files (x86)\CodeTwo\Outlook Sync\C2OutlookSync.exe File not found
O4 - HKU\S-1-5-21-819108653-2580796249-2928164313-1001..\Run: [SkyDrive] C:\Users\****\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-819108653-2580796249-2928164313-1001..\Run: [Spotify Web Helper] C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk = C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk = C:\Users\****\.thinkbuzan\imindmap6\preload\iMindMap6_Preloader.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.251.36.6 137.251.36.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{609739CE-D1D8-4C1E-9BBE-A391AB5DC558}: DhcpNameServer = 40.34.1.201 40.34.1.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4688273-9E95-4B97-9F54-CE14BB215258}: DhcpNameServer = 137.251.36.6 137.251.36.4
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\x-owacid2 - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b90781c8-7ff6-11e2-be7c-689423a374c9}\Shell - "" = AutoRun
O33 - MountPoints2\{b90781c8-7ff6-11e2-be7c-689423a374c9}\Shell\AutoRun\command - "" = "D:\AutoRun.exe" 
O33 - MountPoints2\{b9078207-7ff6-11e2-be7c-689423a374c9}\Shell - "" = AutoRun
O33 - MountPoints2\{b9078207-7ff6-11e2-be7c-689423a374c9}\Shell\AutoRun\command - "" = "D:\AutoRun.exe" 
O33 - MountPoints2\{c3695ba6-8636-11e2-be84-689423a374c9}\Shell - "" = AutoRun
O33 - MountPoints2\{c3695ba6-8636-11e2-be84-689423a374c9}\Shell\AutoRun\command - "" = "D:\Startme.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 13:40:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.05.21 12:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.05.21 10:44:34 | 000,000,000 | ---D | C] -- C:\Users\****\.thinkbuzan
[2013.05.21 10:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\JSoft
[2013.05.21 10:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ThinkBuzan
[2013.05.21 10:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThinkBuzan
[2013.05.21 10:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMindMap 6
[2013.05.21 10:38:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Downloaded Installations
[2013.05.21 10:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.05.21 10:37:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.05.21 10:37:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.05.21 10:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.21 10:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.05.21 10:36:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\DealPly
[2013.05.21 10:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Converter
[2013.05.21 10:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.05.21 10:36:34 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Babylon
[2013.05.21 10:36:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\DSite
[2013.05.14 18:19:27 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\My Offline Maps
[2013.05.14 17:55:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\MindomoDesktop
[2013.05.13 09:59:54 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\NYC_neu
[2013.05.08 10:35:43 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.02 08:43:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.05.02 08:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2013.05.02 08:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.05.01 11:01:12 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Meine iMindMap-Dateien
[2013.05.01 11:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BOL
[2013.05.01 11:00:58 | 000,000,000 | ---D | C] -- C:\Users\****\.imindmap
[2013.05.01 10:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Buzan Online
[2013.04.27 06:08:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Apple Computer
[2013.04.27 06:08:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apple Computer
[2013.04.27 06:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.04.27 06:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.04.27 06:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.04.27 06:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.04.27 06:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.04.27 06:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.04.27 06:06:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apple
[2013.04.27 06:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.04.27 06:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.04.27 06:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.04.27 06:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.04.27 06:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.04.27 06:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.04.24 07:12:06 | 000,129,792 | ---- | C] (Gemalto) -- C:\Windows\SysNative\drivers\GemCCID.sys
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 13:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.05.23 13:36:00 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.05.23 13:18:14 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 12:11:52 | 001,783,300 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.23 12:11:52 | 000,772,388 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.23 12:11:52 | 000,717,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.23 12:11:52 | 000,161,464 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.23 12:11:52 | 000,137,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.23 08:58:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 08:56:48 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.23 08:56:09 | 000,421,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.23 08:55:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.23 08:55:46 | 3176,136,704 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.21 12:43:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
[2013.05.21 10:47:00 | 000,002,103 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk
[2013.05.21 10:44:06 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\iMindMap 6.lnk
[2013.05.21 10:24:21 | 000,001,016 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.21 10:23:37 | 000,000,986 | ---- | M] () -- C:\Users\****\Desktop\Dropbox.lnk
[2013.05.14 18:34:33 | 000,158,787 | ---- | M] () -- C:\Users\****\Desktop\NYC org chart.png
[2013.05.14 18:25:00 | 000,066,358 | ---- | M] () -- C:\Users\****\Desktop\citywide_org_chart.pdf
[2013.05.08 10:35:19 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.02 06:43:53 | 003,027,514 | ---- | M] () -- C:\Users\****\Documents\Arbeitseinstellung.pdf
[2013.05.01 12:04:44 | 000,212,841 | ---- | M] () -- C:\Users\****\Documents\mm_Ziele.pdf
[2013.04.27 06:08:29 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.27 05:52:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013.04.27 05:21:36 | 000,002,174 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2013.04.27 05:21:36 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\Google Calendar.lnk
[2013.04.24 07:12:06 | 000,129,792 | ---- | M] (Gemalto) -- C:\Windows\SysNative\drivers\GemCCID.sys
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.23 08:55:54 | 000,421,880 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.21 12:43:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
[2013.05.21 10:47:00 | 000,002,103 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk
[2013.05.21 10:44:06 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\iMindMap 6.lnk
[2013.05.21 10:36:35 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.05.21 09:47:06 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.05.14 18:31:40 | 000,158,787 | ---- | C] () -- C:\Users\****\Desktop\NYC org chart.png
[2013.05.14 18:25:00 | 000,066,358 | ---- | C] () -- C:\Users\****\Desktop\citywide_org_chart.pdf
[2013.05.14 17:46:26 | 000,002,451 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Buzan's iMindMap V4.lnk
[2013.05.02 08:43:00 | 000,001,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2013.05.02 06:44:46 | 003,027,514 | ---- | C] () -- C:\Users\****\Documents\Arbeitseinstellung.pdf
[2013.05.01 12:04:56 | 000,212,841 | ---- | C] () -- C:\Users\****\Documents\mm_Ziele.pdf
[2013.04.27 06:08:29 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.27 06:06:45 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.04.27 05:52:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013.04.27 05:21:36 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\Google Calendar.lnk
[2013.02.24 00:35:15 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.02.23 22:23:48 | 001,774,862 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.23 14:44:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.01 06:18:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.01 06:18:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.09.01 06:18:49 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2013.02.21 03:55:20 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.21 10:36:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon
[2013.02.23 22:23:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CodeTwo
[2013.05.02 08:43:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.05.21 10:36:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DealPly
[2013.05.23 08:59:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox
[2013.05.21 10:36:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DSite
[2013.02.20 22:13:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\lm
[2013.05.14 17:55:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MindomoDesktop
[2013.04.16 15:37:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Spotify
[2013.02.26 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Swiss Academic Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.02.20 22:14:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.07.26 09:22:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.02.21 03:56:08 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.02.20 22:16:18 | 000,000,000 | -H-D | M] -- C:\OEM
[2012.07.26 09:33:46 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.21 16:41:36 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.23 12:35:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013.05.22 13:26:51 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013.02.21 03:56:08 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.04.01 11:40:01 | 000,000,000 | -H-D | M] -- C:\SkyDriveTemp
[2012.10.24 00:21:51 | 000,000,000 | ---D | M] -- C:\sources
[2013.05.23 13:50:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.02.20 22:09:54 | 000,000,000 | R--D | M] -- C:\Users
[2013.03.02 19:20:26 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2012.07.26 05:21:04 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2012.09.20 07:55:30 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2012.09.20 07:55:30 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2012.07.26 05:21:04 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2012.07.26 05:21:04 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2012.07.26 09:22:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013.02.21 04:03:05 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.02.21 04:03:07 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 10:36:35 | 000,000,304 | ---- | C] () -- C:\Windows\Tasks\DSite.job
 
< MD5 for: AGP440.SYS  >
[2012.07.26 07:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\drivers\AGP440.sys
[2012.07.26 07:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_81a4c6c9cc9d86a0\AGP440.sys
[2012.07.26 07:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_12dc94a048750f71\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\drivers\atapi.sys
[2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_69660e2be041f47b\atapi.sys
[2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_b733d17ea1e7f604\atapi.sys
[2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_3601cf7eab4e0493\atapi.sys
[2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16548_none_36311422ab29f479\atapi.sys
[2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.20652_none_36a9df45c455182a\atapi.sys
 
< MD5 for: EXPLORER.EXE  >
[2012.10.11 07:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2012.10.11 10:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2012.07.26 05:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012.07.26 06:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe
[2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2012.10.11 09:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe
[2012.10.11 09:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2012.07.26 07:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2012.07.26 07:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_819876bbe5c3b25f\iaStorV.sys
[2012.07.26 07:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.2.9200.16384_none_07daf9dd118c3086\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2012.07.26 05:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll
[2012.07.26 05:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d608f9f61ee049\netlogon.dll
[2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\SysNative\netlogon.dll
[2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_56815ea7c1be1e4e\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2012.07.26 07:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2012.07.26 07:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys
[2012.07.26 07:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_92a46a8c48c2da5e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2012.07.26 05:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\SysNative\scecli.dll
[2012.07.26 05:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_90d789c062dfa509\scecli.dll
[2012.07.26 05:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\SysWOW64\scecli.dll
[2012.07.26 05:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_9b2c341297406704\scecli.dll
 
< MD5 for: USER32.DLL  >
[2012.07.26 05:07:39 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=1D08594400EE1B500B93256795FE30AE -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_260213a5f720b529\user32.dll
[2012.09.20 06:09:35 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=7A4FD11444ABFA9C5D3E17123ABBD8A4 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_311e3b534471206a\user32.dll
[2012.07.26 02:02:48 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=8A93F57772FD24959F76A65FF79D282D -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_3056bdf82b817724\user32.dll
[2012.09.20 08:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\SysNative\user32.dll
[2012.09.20 08:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_263ef3ebf6f3a54e\user32.dll
[2012.09.20 08:32:34 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=AC192A41414561DA0CABD0D36F54FB22 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_26c9910110105e6f\user32.dll
[2012.09.20 06:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\SysWOW64\user32.dll
[2012.09.20 06:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_30939e3e2b546749\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2012.07.26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012.07.26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012.07.26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012.07.26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.20 08:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012.09.20 08:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012.07.26 05:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2012.10.11 07:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012.10.11 07:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2012.10.11 07:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2012.07.26 04:29:29 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=58D492F986EC519ECDD54D93618758F8 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16384_none_a85048395191dc38\ws2ifsl.sys
[2012.09.20 08:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2012.09.20 08:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16420_none_a88d287f5164cc5d\ws2ifsl.sys
[2012.09.20 08:08:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FC56FEC8FB233ABC32D110D031CBC8B0 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.20521_none_a917c5946a81857e\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.10.11 07:06:08 | 000,550,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2013.05.22 16:06:56 | 002,883,584 | -HS- | M] () -- C:\Users\****\NTUSER.DAT
[2013.02.20 22:09:55 | 001,130,496 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG1
[2013.02.20 22:09:55 | 000,000,000 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG2
[2013.05.03 06:58:34 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TM.blf
[2013.05.03 06:58:34 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TMContainer00000000000000000001.regtrans-ms
[2013.02.20 22:10:17 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TMContainer00000000000000000002.regtrans-ms
[2013.02.20 22:09:55 | 000,000,020 | -HS- | M] () -- C:\Users\****\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---


und Extra.txt:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.05.2013 13:46:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,70 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 61,93% Memory free
4,32 Gb Paging File | 2,69 Gb Available in Paging File | 62,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,95 Gb Total Space | 372,25 Gb Free Space | 82,55% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{462CBB38-5E4E-4E25-B5D8-1BA0B20EAE6C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0028A808-58DC-4628-A9C6-C5DEF1281AE0}" = dir=out | name=taptiles | 
"{0385B554-EA81-4EAD-8FC1-517BE8C061D6}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{03C9FE5A-10D6-4298-A123-98683728FC9B}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{05BA9105-A51A-441C-9C3C-3ED32DCC72D2}" = dir=out | name=7digital music store | 
"{0697304B-D027-4742-A49D-4C55F8930A66}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{0787257D-958F-40EB-9CF9-A66DA3E75145}" = dir=out | name=abfahrtsmonitor | 
"{135227B1-5701-483C-B52E-33D61840E7F0}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{15ADF715-0634-4846-91C5-F7A7BFB190E8}" = dir=out | name=social jogger | 
"{166F15FE-4211-4DD5-8F49-853AAA042178}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | 
"{1A3496DB-4E8C-449F-99D3-0C9506FD6907}" = dir=in | name=evernote touch | 
"{1E7F9FFC-4B05-4642-8017-C880D41F5A61}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1FB4C8AE-017E-43D0-9534-3526A245A018}" = dir=in | app=c:\users\****\appdata\local\microsoft\skydrive\skydrive.exe | 
"{24486BDF-6ED6-46F3-8B31-124ABEFBA918}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{26D08E62-B0AE-47FB-883B-F154907505C2}" = dir=out | name=@{babbel.com.learnenglishwithbabbel.com_1.0.1.10_x64__qy1gdghayqfcm?ms-resource://babbel.com.learnenglishwithbabbel.com/apptitles/app_title} | 
"{2CE4C24D-E46C-478E-935F-38C3CC75B212}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{2D9109EF-8774-48F9-A4EE-1361A724F231}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{33C2151C-D07A-4B08-85E1-0834C2EB5E68}" = dir=in | name=ebay | 
"{38837E82-785C-4326-B90C-B608E02D7AE1}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{3EA96328-8BE6-454C-8653-35763DE309FA}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{4C1DD3DA-27F8-4797-9D6B-9ECDA11E6AF0}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{4D4D16F5-F684-41E1-B253-0CE59996F41D}" = dir=out | name=@{44352gadgetwe.unitconversion_1.0.1.4_neutral__wrnqd43hr7tc6?ms-resource://44352gadgetwe.unitconversion/resources/appstorename} | 
"{4F074E7B-42EB-4C0D-8DAD-639CD958BD4A}" = dir=out | name=canon inkjet print utility | 
"{53B279EC-9398-4491-9BDB-861EB48DE5F9}" = dir=out | name=open parlament | 
"{5476B231-E593-460C-B8B1-4C88117E31C5}" = dir=out | name=ebay | 
"{55EDEBFF-6113-46BA-BF39-1B3CE342A318}" = dir=out | name=windows_ie_ac_001 | 
"{5622E8CE-96AC-4BC7-BF64-039CB7F30BE7}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{5CBF1022-8952-4B56-8352-81F67F39A146}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{5CCC98B8-873D-43EE-9CCE-4C2FE8DC3D97}" = dir=out | name=cut the rope | 
"{5E2EE78E-3C15-4018-B719-F4A4A189024E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{5F3D9E76-749C-4E8D-A55F-8FDDC7E12268}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{616349C1-B759-422E-A191-9512DDC96C11}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{6685371E-20E3-4F89-89A3-01F451D68441}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{732DF4B4-5491-4F3E-8798-3F7347D1676B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{760327DA-19CB-4C46-A518-A15E124A558E}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{762FCD47-8325-4E93-A43B-C6590F8CF5D4}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{7889828A-91F2-4566-97B8-5F7892827712}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{7C17EF79-FEA8-4E4E-9FC5-C14A156A89B3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{7C56CACA-15B0-4D89-927A-E1E2C8C164B5}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7CBC6EE2-D982-4FA9-9B46-1E62D0346B55}" = dir=out | name=kindle | 
"{7EC5E834-E2C1-434A-A8ED-B77985C87218}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{80B5DE6A-B9BA-4455-BDFA-6493C66CEBCD}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe | 
"{815EF485-B911-4566-89B1-8E062A98EB7B}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{86F01CA9-DC55-4CE0-990A-49DCADB3530D}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{8E1AD217-DC53-4EB9-83CC-6D5A48BE5B82}" = dir=out | name=evernote touch | 
"{90254326-C0D9-496F-98DA-FA6F5996425A}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe | 
"{92D43822-6528-4FF3-B3D7-CD7662D1B874}" = dir=out | name=amazon | 
"{97A4C780-B22F-48EC-B0E0-8B1476ECABA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{990E6C44-515A-46E8-9D60-E5E5D88F45C6}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{9AA8882A-DDF3-4FF7-9411-3106988385A6}" = dir=out | name=txtr reader | 
"{9B44ACC5-8682-4C37-B176-9B23F34E85C0}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{9DA0ED78-B56C-4247-A410-42349324932F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9EE55D6A-A89B-4C62-BCC0-D22F447E37F9}" = dir=out | name=microsoft mahjong | 
"{A3D4BCE2-D771-4446-8A0E-D4FA7651C7D2}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{A7AA219D-B5A9-4E01-9A1D-623F45BCD245}" = dir=out | name=acer explorer | 
"{A7EBC048-70C4-4F53-9F5C-ACD0AEE5C95D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{AE5063DE-5ECB-48D8-B068-0B79AC9CC4BF}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{B04EBDF7-FDF0-4529-9E0E-0C05AE517CBE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B34374FB-D57C-433A-99B8-8DAA36129186}" = dir=out | name=newsxpresso metro | 
"{B6CD2F1D-9ECE-4A95-AC64-9BA06077AD69}" = dir=out | name=microsoft minesweeper | 
"{B8712D2F-9FF6-4A95-9BDD-64D62CF2ED45}" = dir=out | name=google search | 
"{BB42A541-009F-4C43-97F1-6436673D79D1}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe | 
"{BF7A83AF-BC0C-4AFD-AD2A-B7302D4369C9}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{C0CDA847-7367-4836-B83F-AF87AF22DD74}" = dir=out | name=post mobil | 
"{C211D90A-329A-40E9-A94A-A461B82901FF}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{C2BA1E0D-B0CB-43F9-BDA0-69B206CC0816}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{C363B401-1615-4439-A9CE-190C4B7C4B2E}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe | 
"{C44A4E32-C5C3-4E34-A162-BAD684F7CADB}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{C4C16FF8-F247-457C-8D2A-69B1DEE88ACB}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{C806F73A-4ADB-4ADF-AC3A-E81B55A809AA}" = dir=out | name=acer crystal eye | 
"{C855239C-19C9-45AF-B952-5AE5E6FAA2AA}" = dir=out | name=tunein radio | 
"{C907167F-E90F-414D-82B8-C38261346DF4}" = dir=out | name=microsoft solitaire collection | 
"{CAAADC53-0F89-4202-B3A2-9317C439E7B7}" = dir=in | app=c2outlooksync.exe | 
"{D078EBD5-669D-4912-A87B-CD3DB33C453F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D95B1E73-4EB0-457D-AE2D-A05D65B76B09}" = dir=out | name=espresso mind map light | 
"{DBB44F89-7023-48DE-BCA4-86F0A3F0239C}" = dir=out | name=skitch | 
"{DF2C274D-849B-455E-9434-DACD78854095}" = dir=out | name=weatherbug | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7F15E9A-906D-464C-8676-5C54F71F09C2}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{EA5E1948-1FF1-44DF-A888-86877C2DA515}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F0BE0ADA-A446-4BB2-9CED-202F350E03E7}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{F50976F3-D5D8-4AD5-9BFB-EBBD482C0A6F}" = dir=out | name=@{31026mc2.crosswordsclassicbydynamindstudio_1.0.0.16_neutral__fxfta2ss2hbe6?ms-resource://31026mc2.crosswordsclassicbydynamindstudio/resources/appname} | 
"{FBF8FD0A-040D-49A2-81D5-0327681487D9}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{FD3CF9FE-488A-4D6E-B5E3-C5D05C70DA76}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{FFED52E2-C26E-4AEF-A261-A261715AF567}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"TCP Query User{66A7C0A9-DD59-402F-BCA4-0F9837E4928D}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{49D295DF-A524-499F-AF37-FBEB71959EA8}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0930-000001000000}" = 7-Zip 9.30 (x64 edition)
"{2F1EB597-74DA-2C71-C065-BF4C6B89062C}" = AMD Accelerated Video Transcoding
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7BABDF85-566A-FCC6-E6FE-12DCFF3F9FEB}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{CE02F046-9083-701A-0996-96190306DD5E}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"1DDB4A6E49CF5EAED4A0629D104ACFC2CC28EFED" = Windows-Treiberpaket - Citrix Systems monblanking Citrix Driver  (06/27/2012 6.3.0.48)
"CutePDF Writer Installation" = CutePDF Writer 3.0
"Elantech" = ETDWare PS/2-X64 11.6.8.001_WHQL
"O365HomePremRetail - de-de" = Microsoft Office 365 Home Premium - de-de
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09051A99-111D-4497-8657-EA8A07B47E0B}" = Microsoft S/MIME
"{0CB90E9C-E1C9-4A83-04D3-BF7A6CB9C376}" = CCC Help Japanese
"{0CCE1791-4AD2-0202-2FE9-308D47482C46}" = CCC Help Spanish
"{0F4A9F62-336C-A3DB-3DCB-5E35CCF908D3}" = CCC Help Finnish
"{11759AFC-C44B-4C88-AEFA-235687FBC88F}" = GoToMyPC
"{136F0577-FF5A-3978-4535-3F8034697982}" = AMD VISION Engine Control Center
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{234378F3-28CC-9038-8732-DE44FCD53384}" = CCC Help German
"{25347987-6E58-A41F-19D8-D55EACF69DAF}" = CCC Help French
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{32DD0880-9000-988D-28FA-CBEC75ADE655}" = CCC Help Swedish
"{33FA327B-E7E2-4E38-BF1A-67DCE285BD5C}" = Catalyst Control Center - Branding
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" =  clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3EADFC9D-5747-1F40-B2C9-35EDB21C3B7A}" = CCC Help Portuguese
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4993BB61-D98D-8AC1-3F15-1DF54E51192C}" = CCC Help Danish
"{4B79E2D3-C5CF-3A41-929E-4FD8D90EE1C3}" = CCC Help Korean
"{4D421EC9-86D0-473B-9F7A-0F1220A8E4DF}" = iMindMap 6
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{679F4771-F0E8-BB49-1CB7-6FEEA109DE6A}" = CCC Help Thai
"{698B2C9E-A1B6-37F7-C1E1-EEE252ADC1D0}" = CCC Help Czech
"{6EC7E0E1-5BCA-A74E-CA99-79E765BB271E}" = Catalyst Control Center Localization All
"{700EC2DC-84AC-1C3E-0106-CB11B5B4F7D3}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74D10916-2A98-A824-3CA2-9668D64A0231}" = CCC Help Greek
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9100F286-8053-6382-2DF1-8F50F9E17597}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0E1F04B-9B85-5EEB-86C4-435567588EC3}" = CCC Help Norwegian
"{A3DD31D0-9B99-7222-B038-7D7EF43ED72C}" = Catalyst Control Center InstallProxy
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A6ACFAF3-71E6-88DC-083B-C21F15D2C334}" = CCC Help Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B58AC487-F6E9-336E-204C-DD48F0057CDD}" = CCC Help English
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B860F5DA-9908-FF57-005C-3BBABDB60E7A}" = CCC Help Chinese Standard
"{C19CF633-FAD0-47EC-8276-10F3734D217B}" = Alcor Micro USB Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D0F2B581-5AE4-70B3-95D0-E761BC89E686}" = CCC Help Hungarian
"{D3EAAC35-98A9-8231-2648-0C3BB84606A6}" = CCC Help Polish
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E99A5F3B-50D0-F66F-6FDB-C0DC1B90973E}" = CCC Help Turkish
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EB8920E9-5534-2E03-BE4B-B050C9736676}" = Catalyst Control Center Graphics Previews Common
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" =  clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2F8656A-BDEC-0852-D9FB-8088B9357EA5}" = CCC Help Chinese Traditional
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"Adobe AIR" = Adobe AIR
"AmUStor" = Alcor Micro USB Card Reader
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Antivirus Premium
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"f42012" = f4 2012
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mobile Partner" = Mobile Partner
"Spotify" = Spotify
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-819108653-2580796249-2928164313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"DSite" = Update for Image Editor
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2013 04:02:00 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 06:56:10 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ System Events ]
Error - 16.04.2013 00:04:52 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 00:09:37 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 00:09:43 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 00:14:37 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 00:23:19 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 17:15:33 | Computer Name = **** | Source = DCOM | ID = 10016
Description = 
 
Error - 16.04.2013 17:15:41 | Computer Name = **** | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---


Alt 23.05.2013, 13:51   #6
katrin87
 
Delta Search Babylon - Standard

Delta Search Babylon



und Extra.txt:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.05.2013 13:46:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,70 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 61,93% Memory free
4,32 Gb Paging File | 2,69 Gb Available in Paging File | 62,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,95 Gb Total Space | 372,25 Gb Free Space | 82,55% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{462CBB38-5E4E-4E25-B5D8-1BA0B20EAE6C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0028A808-58DC-4628-A9C6-C5DEF1281AE0}" = dir=out | name=taptiles | 
"{0385B554-EA81-4EAD-8FC1-517BE8C061D6}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{03C9FE5A-10D6-4298-A123-98683728FC9B}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{05BA9105-A51A-441C-9C3C-3ED32DCC72D2}" = dir=out | name=7digital music store | 
"{0697304B-D027-4742-A49D-4C55F8930A66}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{0787257D-958F-40EB-9CF9-A66DA3E75145}" = dir=out | name=abfahrtsmonitor | 
"{135227B1-5701-483C-B52E-33D61840E7F0}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{15ADF715-0634-4846-91C5-F7A7BFB190E8}" = dir=out | name=social jogger | 
"{166F15FE-4211-4DD5-8F49-853AAA042178}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | 
"{1A3496DB-4E8C-449F-99D3-0C9506FD6907}" = dir=in | name=evernote touch | 
"{1E7F9FFC-4B05-4642-8017-C880D41F5A61}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1FB4C8AE-017E-43D0-9534-3526A245A018}" = dir=in | app=c:\users\****\appdata\local\microsoft\skydrive\skydrive.exe | 
"{24486BDF-6ED6-46F3-8B31-124ABEFBA918}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{26D08E62-B0AE-47FB-883B-F154907505C2}" = dir=out | name=@{babbel.com.learnenglishwithbabbel.com_1.0.1.10_x64__qy1gdghayqfcm?ms-resource://babbel.com.learnenglishwithbabbel.com/apptitles/app_title} | 
"{2CE4C24D-E46C-478E-935F-38C3CC75B212}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{2D9109EF-8774-48F9-A4EE-1361A724F231}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{33C2151C-D07A-4B08-85E1-0834C2EB5E68}" = dir=in | name=ebay | 
"{38837E82-785C-4326-B90C-B608E02D7AE1}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{3EA96328-8BE6-454C-8653-35763DE309FA}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{4C1DD3DA-27F8-4797-9D6B-9ECDA11E6AF0}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{4D4D16F5-F684-41E1-B253-0CE59996F41D}" = dir=out | name=@{44352gadgetwe.unitconversion_1.0.1.4_neutral__wrnqd43hr7tc6?ms-resource://44352gadgetwe.unitconversion/resources/appstorename} | 
"{4F074E7B-42EB-4C0D-8DAD-639CD958BD4A}" = dir=out | name=canon inkjet print utility | 
"{53B279EC-9398-4491-9BDB-861EB48DE5F9}" = dir=out | name=open parlament | 
"{5476B231-E593-460C-B8B1-4C88117E31C5}" = dir=out | name=ebay | 
"{55EDEBFF-6113-46BA-BF39-1B3CE342A318}" = dir=out | name=windows_ie_ac_001 | 
"{5622E8CE-96AC-4BC7-BF64-039CB7F30BE7}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{5CBF1022-8952-4B56-8352-81F67F39A146}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{5CCC98B8-873D-43EE-9CCE-4C2FE8DC3D97}" = dir=out | name=cut the rope | 
"{5E2EE78E-3C15-4018-B719-F4A4A189024E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{5F3D9E76-749C-4E8D-A55F-8FDDC7E12268}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{616349C1-B759-422E-A191-9512DDC96C11}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{6685371E-20E3-4F89-89A3-01F451D68441}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{732DF4B4-5491-4F3E-8798-3F7347D1676B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{760327DA-19CB-4C46-A518-A15E124A558E}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{762FCD47-8325-4E93-A43B-C6590F8CF5D4}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{7889828A-91F2-4566-97B8-5F7892827712}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{7C17EF79-FEA8-4E4E-9FC5-C14A156A89B3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{7C56CACA-15B0-4D89-927A-E1E2C8C164B5}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7CBC6EE2-D982-4FA9-9B46-1E62D0346B55}" = dir=out | name=kindle | 
"{7EC5E834-E2C1-434A-A8ED-B77985C87218}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{80B5DE6A-B9BA-4455-BDFA-6493C66CEBCD}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe | 
"{815EF485-B911-4566-89B1-8E062A98EB7B}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{86F01CA9-DC55-4CE0-990A-49DCADB3530D}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{8E1AD217-DC53-4EB9-83CC-6D5A48BE5B82}" = dir=out | name=evernote touch | 
"{90254326-C0D9-496F-98DA-FA6F5996425A}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe | 
"{92D43822-6528-4FF3-B3D7-CD7662D1B874}" = dir=out | name=amazon | 
"{97A4C780-B22F-48EC-B0E0-8B1476ECABA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{990E6C44-515A-46E8-9D60-E5E5D88F45C6}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{9AA8882A-DDF3-4FF7-9411-3106988385A6}" = dir=out | name=txtr reader | 
"{9B44ACC5-8682-4C37-B176-9B23F34E85C0}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{9DA0ED78-B56C-4247-A410-42349324932F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9EE55D6A-A89B-4C62-BCC0-D22F447E37F9}" = dir=out | name=microsoft mahjong | 
"{A3D4BCE2-D771-4446-8A0E-D4FA7651C7D2}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{A7AA219D-B5A9-4E01-9A1D-623F45BCD245}" = dir=out | name=acer explorer | 
"{A7EBC048-70C4-4F53-9F5C-ACD0AEE5C95D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{AE5063DE-5ECB-48D8-B068-0B79AC9CC4BF}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{B04EBDF7-FDF0-4529-9E0E-0C05AE517CBE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B34374FB-D57C-433A-99B8-8DAA36129186}" = dir=out | name=newsxpresso metro | 
"{B6CD2F1D-9ECE-4A95-AC64-9BA06077AD69}" = dir=out | name=microsoft minesweeper | 
"{B8712D2F-9FF6-4A95-9BDD-64D62CF2ED45}" = dir=out | name=google search | 
"{BB42A541-009F-4C43-97F1-6436673D79D1}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe | 
"{BF7A83AF-BC0C-4AFD-AD2A-B7302D4369C9}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{C0CDA847-7367-4836-B83F-AF87AF22DD74}" = dir=out | name=post mobil | 
"{C211D90A-329A-40E9-A94A-A461B82901FF}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{C2BA1E0D-B0CB-43F9-BDA0-69B206CC0816}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{C363B401-1615-4439-A9CE-190C4B7C4B2E}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe | 
"{C44A4E32-C5C3-4E34-A162-BAD684F7CADB}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{C4C16FF8-F247-457C-8D2A-69B1DEE88ACB}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{C806F73A-4ADB-4ADF-AC3A-E81B55A809AA}" = dir=out | name=acer crystal eye | 
"{C855239C-19C9-45AF-B952-5AE5E6FAA2AA}" = dir=out | name=tunein radio | 
"{C907167F-E90F-414D-82B8-C38261346DF4}" = dir=out | name=microsoft solitaire collection | 
"{CAAADC53-0F89-4202-B3A2-9317C439E7B7}" = dir=in | app=c2outlooksync.exe | 
"{D078EBD5-669D-4912-A87B-CD3DB33C453F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D95B1E73-4EB0-457D-AE2D-A05D65B76B09}" = dir=out | name=espresso mind map light | 
"{DBB44F89-7023-48DE-BCA4-86F0A3F0239C}" = dir=out | name=skitch | 
"{DF2C274D-849B-455E-9434-DACD78854095}" = dir=out | name=weatherbug | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7F15E9A-906D-464C-8676-5C54F71F09C2}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{EA5E1948-1FF1-44DF-A888-86877C2DA515}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F0BE0ADA-A446-4BB2-9CED-202F350E03E7}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{F50976F3-D5D8-4AD5-9BFB-EBBD482C0A6F}" = dir=out | name=@{31026mc2.crosswordsclassicbydynamindstudio_1.0.0.16_neutral__fxfta2ss2hbe6?ms-resource://31026mc2.crosswordsclassicbydynamindstudio/resources/appname} | 
"{FBF8FD0A-040D-49A2-81D5-0327681487D9}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{FD3CF9FE-488A-4D6E-B5E3-C5D05C70DA76}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{FFED52E2-C26E-4AEF-A261-A261715AF567}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"TCP Query User{66A7C0A9-DD59-402F-BCA4-0F9837E4928D}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{49D295DF-A524-499F-AF37-FBEB71959EA8}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0930-000001000000}" = 7-Zip 9.30 (x64 edition)
"{2F1EB597-74DA-2C71-C065-BF4C6B89062C}" = AMD Accelerated Video Transcoding
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7BABDF85-566A-FCC6-E6FE-12DCFF3F9FEB}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{CE02F046-9083-701A-0996-96190306DD5E}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"1DDB4A6E49CF5EAED4A0629D104ACFC2CC28EFED" = Windows-Treiberpaket - Citrix Systems monblanking Citrix Driver  (06/27/2012 6.3.0.48)
"CutePDF Writer Installation" = CutePDF Writer 3.0
"Elantech" = ETDWare PS/2-X64 11.6.8.001_WHQL
"O365HomePremRetail - de-de" = Microsoft Office 365 Home Premium - de-de
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09051A99-111D-4497-8657-EA8A07B47E0B}" = Microsoft S/MIME
"{0CB90E9C-E1C9-4A83-04D3-BF7A6CB9C376}" = CCC Help Japanese
"{0CCE1791-4AD2-0202-2FE9-308D47482C46}" = CCC Help Spanish
"{0F4A9F62-336C-A3DB-3DCB-5E35CCF908D3}" = CCC Help Finnish
"{11759AFC-C44B-4C88-AEFA-235687FBC88F}" = GoToMyPC
"{136F0577-FF5A-3978-4535-3F8034697982}" = AMD VISION Engine Control Center
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{234378F3-28CC-9038-8732-DE44FCD53384}" = CCC Help German
"{25347987-6E58-A41F-19D8-D55EACF69DAF}" = CCC Help French
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{32DD0880-9000-988D-28FA-CBEC75ADE655}" = CCC Help Swedish
"{33FA327B-E7E2-4E38-BF1A-67DCE285BD5C}" = Catalyst Control Center - Branding
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" =  clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3EADFC9D-5747-1F40-B2C9-35EDB21C3B7A}" = CCC Help Portuguese
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4993BB61-D98D-8AC1-3F15-1DF54E51192C}" = CCC Help Danish
"{4B79E2D3-C5CF-3A41-929E-4FD8D90EE1C3}" = CCC Help Korean
"{4D421EC9-86D0-473B-9F7A-0F1220A8E4DF}" = iMindMap 6
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{679F4771-F0E8-BB49-1CB7-6FEEA109DE6A}" = CCC Help Thai
"{698B2C9E-A1B6-37F7-C1E1-EEE252ADC1D0}" = CCC Help Czech
"{6EC7E0E1-5BCA-A74E-CA99-79E765BB271E}" = Catalyst Control Center Localization All
"{700EC2DC-84AC-1C3E-0106-CB11B5B4F7D3}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74D10916-2A98-A824-3CA2-9668D64A0231}" = CCC Help Greek
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9100F286-8053-6382-2DF1-8F50F9E17597}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0E1F04B-9B85-5EEB-86C4-435567588EC3}" = CCC Help Norwegian
"{A3DD31D0-9B99-7222-B038-7D7EF43ED72C}" = Catalyst Control Center InstallProxy
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A6ACFAF3-71E6-88DC-083B-C21F15D2C334}" = CCC Help Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B58AC487-F6E9-336E-204C-DD48F0057CDD}" = CCC Help English
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B860F5DA-9908-FF57-005C-3BBABDB60E7A}" = CCC Help Chinese Standard
"{C19CF633-FAD0-47EC-8276-10F3734D217B}" = Alcor Micro USB Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D0F2B581-5AE4-70B3-95D0-E761BC89E686}" = CCC Help Hungarian
"{D3EAAC35-98A9-8231-2648-0C3BB84606A6}" = CCC Help Polish
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E99A5F3B-50D0-F66F-6FDB-C0DC1B90973E}" = CCC Help Turkish
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EB8920E9-5534-2E03-BE4B-B050C9736676}" = Catalyst Control Center Graphics Previews Common
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" =  clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2F8656A-BDEC-0852-D9FB-8088B9357EA5}" = CCC Help Chinese Traditional
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"Adobe AIR" = Adobe AIR
"AmUStor" = Alcor Micro USB Card Reader
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Antivirus Premium
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"f42012" = f4 2012
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mobile Partner" = Mobile Partner
"Spotify" = Spotify
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-819108653-2580796249-2928164313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"DSite" = Update for Image Editor
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2013 04:02:00 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.05.2013 06:56:10 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ System Events ]
Error - 16.04.2013 00:04:52 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 00:09:37 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 00:09:43 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 00:14:37 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 00:23:19 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.04.2013 17:15:33 | Computer Name = **** | Source = DCOM | ID = 10016
Description = 
 
Error - 16.04.2013 17:15:41 | Computer Name = **** | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---

Alt 23.05.2013, 13:55   #7
markusg
/// Malware-holic
 
Delta Search Babylon - Standard

Delta Search Babylon



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.05.2013, 14:09   #8
katrin87
 
Delta Search Babylon - Standard

Delta Search Babylon



Hat keine threats gefunden :-) Ist mein PC nun wieder sauber?

Alt 23.05.2013, 14:21   #9
markusg
/// Malware-holic
 
Delta Search Babylon - Standard

Delta Search Babylon



log bitte posten. steht ja auch in der Anleitung.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.05.2013, 14:26   #10
katrin87
 
Delta Search Babylon - Standard

Delta Search Babylon



Log sagt:

15:06:01.0021 5704 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:06:01.0021 5704 UEFI system
15:06:01.0208 5704 ============================================================
15:06:01.0208 5704 Current date / time: 2013/05/23 15:06:01.0208
15:06:01.0208 5704 SystemInfo:
15:06:01.0208 5704
15:06:01.0208 5704 OS Version: 6.2.9200 ServicePack: 0.0
15:06:01.0208 5704 Product type: Workstation
15:06:01.0208 5704 ComputerName: KATRIN
15:06:01.0208 5704 UserName: Katrin
15:06:01.0208 5704 Windows directory: C:\Windows
15:06:01.0208 5704 System windows directory: C:\Windows
15:06:01.0208 5704 Running under WOW64
15:06:01.0208 5704 Processor architecture: Intel x64
15:06:01.0208 5704 Number of processors: 2
15:06:01.0208 5704 Page size: 0x1000
15:06:01.0208 5704 Boot type: Normal boot
15:06:01.0208 5704 ============================================================
15:06:02.0300 5704 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:06:02.0331 5704 ============================================================
15:06:02.0331 5704 \Device\Harddisk0\DR0:
15:06:02.0331 5704 GPT partitions:
15:06:02.0331 5704 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {FA076E81-C6A8-48C3-A376-874912BFA43F}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
15:06:02.0331 5704 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {45D4D8E9-2A63-4025-85F3-57408FEE6A3A}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
15:06:02.0331 5704 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EB95D7A0-88D3-43EC-B826-8BC6E3F41315}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
15:06:02.0331 5704 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FBF29170-E8C7-4413-961C-0AB7794FBE0A}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x385E7800
15:06:02.0331 5704 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1C28F99C-30D9-4AAA-AB47-6DC71C8D2161}, Name: Basic data partition, StartLBA 0x38786000, BlocksNum 0x1C00000
15:06:02.0331 5704 MBR partitions:
15:06:02.0331 5704 ============================================================
15:06:02.0347 5704 C: <-> \Device\Harddisk0\DR0\Partition4
15:06:02.0347 5704 ============================================================
15:06:02.0347 5704 Initialize success
15:06:02.0347 5704 ============================================================
15:07:52.0766 2900 ============================================================
15:07:52.0766 2900 Scan started
15:07:52.0766 2900 Mode: Manual; SigCheck; TDLFS;
15:07:52.0766 2900 ============================================================
15:07:53.0452 2900 ================ Scan system memory ========================
15:07:53.0452 2900 System memory - ok
15:07:53.0452 2900 ================ Scan services =============================
15:07:53.0624 2900 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
15:07:53.0764 2900 1394ohci - ok
15:07:53.0780 2900 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
15:07:53.0826 2900 3ware - ok
15:07:53.0873 2900 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:07:53.0920 2900 ACPI - ok
15:07:53.0967 2900 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
15:07:53.0998 2900 acpiex - ok
15:07:54.0029 2900 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
15:07:54.0076 2900 acpipagr - ok
15:07:54.0107 2900 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
15:07:54.0170 2900 AcpiPmi - ok
15:07:54.0170 2900 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
15:07:54.0232 2900 acpitime - ok
15:07:54.0295 2900 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:07:54.0326 2900 AdobeARMservice - ok
15:07:54.0357 2900 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:07:54.0419 2900 adp94xx - ok
15:07:54.0435 2900 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:07:54.0482 2900 adpahci - ok
15:07:54.0497 2900 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:07:54.0544 2900 adpu320 - ok
15:07:54.0607 2900 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:07:54.0669 2900 AeLookupSvc - ok
15:07:54.0716 2900 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
15:07:54.0809 2900 AFD - ok
15:07:54.0841 2900 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:07:54.0887 2900 agp440 - ok
15:07:54.0919 2900 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
15:07:55.0012 2900 ALG - ok
15:07:55.0043 2900 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
15:07:55.0106 2900 AllUserInstallAgent - ok
15:07:55.0137 2900 [ 873A771EB58CE14BBFFBB290ACF5D4E4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:07:55.0246 2900 AMD External Events Utility - ok
15:07:55.0293 2900 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
15:07:55.0355 2900 AmdK8 - ok
15:07:55.0636 2900 [ 5C4BB6AC06160C06DE04A3463DC8786B ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:07:56.0026 2900 amdkmdag - ok
15:07:56.0073 2900 [ E03813F54EBF5F3B5DF8AD010D883C23 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:07:56.0151 2900 amdkmdap - ok
15:07:56.0182 2900 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
15:07:56.0213 2900 AmdPPM - ok
15:07:56.0245 2900 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:07:56.0291 2900 amdsata - ok
15:07:56.0323 2900 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:07:56.0369 2900 amdsbs - ok
15:07:56.0385 2900 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:07:56.0432 2900 amdxata - ok
15:07:56.0463 2900 [ C7BE7FBB9B6BDE11E12A0F204384C1D6 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
15:07:56.0525 2900 AmUStor - ok
15:07:56.0588 2900 [ 05676A56207CA37F3E76FAB3CEB97BD7 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
15:07:56.0619 2900 AntiVirMailService - ok
15:07:56.0650 2900 [ 90C69DF5FB36F8B74109583652575BD3 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:07:56.0666 2900 AntiVirSchedulerService - ok
15:07:56.0697 2900 [ B6F85597831F63C27FD278F4E05C3020 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:07:56.0728 2900 AntiVirService - ok
15:07:56.0775 2900 [ 3370240F20C2AA5E17CD73F065D02FC1 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:07:56.0806 2900 AntiVirWebService - ok
15:07:56.0853 2900 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
15:07:56.0931 2900 AppID - ok
15:07:56.0962 2900 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:07:57.0025 2900 AppIDSvc - ok
15:07:57.0071 2900 [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo C:\Windows\System32\appinfo.dll
15:07:57.0134 2900 Appinfo - ok
15:07:57.0212 2900 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:07:57.0243 2900 Apple Mobile Device - ok
15:07:57.0259 2900 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
15:07:57.0290 2900 arc - ok
15:07:57.0321 2900 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:07:57.0352 2900 arcsas - ok
15:07:57.0368 2900 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:07:57.0415 2900 AsyncMac - ok
15:07:57.0430 2900 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
15:07:57.0461 2900 atapi - ok
15:07:57.0493 2900 [ 4885C14A6AB6969B5773A42DA0BA3DA4 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
15:07:57.0508 2900 AthBTPort - ok
15:07:57.0571 2900 [ 7CA5397A47843B0BD36898F32F2D403B ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
15:07:57.0586 2900 AtherosSvc - ok
15:07:57.0711 2900 [ 8A869761F8A024DD2EA77E155BFAABFF ] athr C:\Windows\system32\DRIVERS\athw8x.sys
15:07:57.0914 2900 athr - ok
15:07:57.0961 2900 [ 506907D2E7F3A5B67DBD39C00A788B7C ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
15:07:57.0976 2900 AtiHDAudioService - ok
15:07:58.0023 2900 [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
15:07:58.0101 2900 AudioEndpointBuilder - ok
15:07:58.0148 2900 [ 810F30FF8490ED5ED510621DF10DE320 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:07:58.0210 2900 Audiosrv - ok
15:07:58.0257 2900 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:07:58.0273 2900 avgntflt - ok
15:07:58.0304 2900 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:07:58.0319 2900 avipbb - ok
15:07:58.0351 2900 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:07:58.0366 2900 avkmgr - ok
15:07:58.0413 2900 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:07:58.0491 2900 AxInstSV - ok
15:07:58.0538 2900 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:07:58.0600 2900 b06bdrv - ok
15:07:58.0631 2900 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
15:07:58.0694 2900 BasicDisplay - ok
15:07:58.0709 2900 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
15:07:58.0756 2900 BasicRender - ok
15:07:58.0897 2900 [ 2FE2E0EBCDF1EF22A34B44CED1E59893 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl63a.sys
15:07:59.0178 2900 BCM43XX - ok
15:07:59.0240 2900 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
15:07:59.0287 2900 BDESVC - ok
15:07:59.0318 2900 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
15:07:59.0365 2900 Beep - ok
15:07:59.0427 2900 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
15:07:59.0490 2900 BFE - ok
15:07:59.0552 2900 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
15:07:59.0630 2900 BITS - ok
15:07:59.0692 2900 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:07:59.0724 2900 Bonjour Service - ok
15:07:59.0755 2900 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:07:59.0848 2900 bowser - ok
15:07:59.0895 2900 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
15:07:59.0942 2900 BrokerInfrastructure - ok
15:07:59.0973 2900 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
15:08:00.0036 2900 Browser - ok
15:08:00.0083 2900 [ 942F3F6286056D6BBB5B02ED2B7088BD ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
15:08:00.0114 2900 BTATH_A2DP - ok
15:08:00.0129 2900 [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
15:08:00.0160 2900 btath_avdt - ok
15:08:00.0192 2900 [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS C:\Windows\System32\drivers\btath_bus.sys
15:08:00.0223 2900 BTATH_BUS - ok
15:08:00.0238 2900 [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP C:\Windows\System32\drivers\btath_hcrp.sys
15:08:00.0270 2900 BTATH_HCRP - ok
15:08:00.0301 2900 [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:08:00.0316 2900 BTATH_LWFLT - ok
15:08:00.0332 2900 [ EC7BB341229E9E6B04349580F55218B2 ] BTATH_RCP C:\Windows\System32\drivers\btath_rcp.sys
15:08:00.0363 2900 BTATH_RCP - ok
15:08:00.0394 2900 [ CBF4EF7E9FE86CE0CAB0A6472DE34A1C ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
15:08:00.0472 2900 BtFilter - ok
15:08:00.0519 2900 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
15:08:00.0566 2900 BthAvrcpTg - ok
15:08:00.0613 2900 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
15:08:00.0660 2900 BthEnum - ok
15:08:00.0706 2900 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
15:08:00.0769 2900 BthHFEnum - ok
15:08:00.0816 2900 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
15:08:00.0878 2900 bthhfhid - ok
15:08:00.0909 2900 [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys
15:08:00.0987 2900 BthLEEnum - ok
15:08:01.0018 2900 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
15:08:01.0096 2900 BTHMODEM - ok
15:08:01.0128 2900 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:08:01.0174 2900 BthPan - ok
15:08:01.0237 2900 [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:08:01.0330 2900 BTHPORT - ok
15:08:01.0346 2900 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
15:08:01.0393 2900 bthserv - ok
15:08:01.0424 2900 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:08:01.0471 2900 BTHUSB - ok
15:08:01.0580 2900 [ CFA963D67CF8791B2145ED9E2B89ED95 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
15:08:01.0705 2900 CCDMonitorService - ok
15:08:01.0736 2900 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:08:01.0814 2900 cdfs - ok
15:08:01.0845 2900 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
15:08:01.0892 2900 cdrom - ok
15:08:01.0939 2900 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
15:08:01.0986 2900 CertPropSvc - ok
15:08:02.0017 2900 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
15:08:02.0095 2900 circlass - ok
15:08:02.0126 2900 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
15:08:02.0189 2900 CLFS - ok
15:08:02.0235 2900 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
15:08:02.0298 2900 CmBatt - ok
15:08:02.0345 2900 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
15:08:02.0423 2900 CNG - ok
15:08:02.0438 2900 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
15:08:02.0516 2900 CompositeBus - ok
15:08:02.0532 2900 COMSysApp - ok
15:08:02.0563 2900 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
15:08:02.0625 2900 condrv - ok
15:08:02.0657 2900 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:08:02.0703 2900 CryptSvc - ok
15:08:02.0719 2900 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
15:08:02.0766 2900 dam - ok
15:08:02.0813 2900 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
15:08:02.0891 2900 DcomLaunch - ok
15:08:02.0937 2900 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:08:03.0031 2900 defragsvc - ok
15:08:03.0078 2900 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
15:08:03.0156 2900 DeviceAssociationService - ok
15:08:03.0218 2900 [ 91E80E3783883DA59A065E16AC031C3B ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
15:08:03.0249 2900 DeviceFastLaneService - ok
15:08:03.0296 2900 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
15:08:03.0343 2900 DeviceInstall - ok
15:08:03.0390 2900 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
15:08:03.0421 2900 Dfsc - ok
15:08:03.0483 2900 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:08:03.0561 2900 Dhcp - ok
15:08:03.0577 2900 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
15:08:03.0639 2900 discache - ok
15:08:03.0655 2900 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
15:08:03.0702 2900 disk - ok
15:08:03.0717 2900 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
15:08:03.0795 2900 dmvsc - ok
15:08:03.0842 2900 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:08:03.0889 2900 Dnscache - ok
15:08:03.0920 2900 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
15:08:03.0983 2900 dot3svc - ok
15:08:03.0998 2900 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
15:08:04.0061 2900 DPS - ok
15:08:04.0108 2900 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:08:04.0170 2900 drmkaud - ok
15:08:04.0232 2900 [ 4E2C9C48316B2156B45B58687C7435AC ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:08:04.0263 2900 DsiWMIService - ok
15:08:04.0279 2900 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
15:08:04.0373 2900 DsmSvc - ok
15:08:04.0451 2900 [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:08:04.0560 2900 DXGKrnl - ok
15:08:04.0591 2900 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
15:08:04.0638 2900 Eaphost - ok
15:08:04.0747 2900 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:08:04.0965 2900 ebdrv - ok
15:08:05.0012 2900 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
15:08:05.0075 2900 EFS - ok
15:08:05.0106 2900 [ AD23FC5DB336CA89A6FC2DA1F70E421C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
15:08:05.0121 2900 EgisTec Ticket Service - ok
15:08:05.0168 2900 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
15:08:05.0199 2900 EhStorClass - ok
15:08:05.0215 2900 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
15:08:05.0262 2900 EhStorTcgDrv - ok
15:08:05.0340 2900 [ 3D897AAAAC4BC8D6F069DA3BB65D136D ] ePowerSvc C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
15:08:05.0371 2900 ePowerSvc - ok
15:08:05.0387 2900 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
15:08:05.0433 2900 ErrDev - ok
15:08:05.0465 2900 [ 733A4767D59459282B55B6C780239F47 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
15:08:05.0511 2900 ETD - ok
15:08:05.0543 2900 [ 4D9102900BAF1E64596731F18C229C73 ] ETDService C:\Program Files\Elantech\ETDService.exe
15:08:05.0558 2900 ETDService - ok
15:08:05.0605 2900 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
15:08:05.0683 2900 EventSystem - ok
15:08:05.0714 2900 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
15:08:05.0777 2900 exfat - ok
15:08:05.0808 2900 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:08:05.0855 2900 fastfat - ok
15:08:05.0901 2900 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
15:08:05.0964 2900 Fax - ok
15:08:05.0979 2900 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
15:08:06.0026 2900 fdc - ok
15:08:06.0073 2900 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
15:08:06.0151 2900 fdPHost - ok
15:08:06.0167 2900 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
15:08:06.0229 2900 FDResPub - ok
15:08:06.0276 2900 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
15:08:06.0323 2900 fhsvc - ok
15:08:06.0354 2900 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:08:06.0401 2900 FileInfo - ok
15:08:06.0416 2900 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:08:06.0479 2900 Filetrace - ok
15:08:06.0510 2900 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
15:08:06.0557 2900 flpydisk - ok
15:08:06.0588 2900 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:08:06.0650 2900 FltMgr - ok
15:08:06.0713 2900 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
15:08:06.0822 2900 FontCache - ok
15:08:06.0900 2900 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:08:06.0916 2900 FontCache3.0.0.0 - ok
15:08:06.0947 2900 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:08:06.0978 2900 FsDepends - ok
15:08:07.0025 2900 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:08:07.0056 2900 Fs_Rec - ok
15:08:07.0103 2900 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:08:07.0165 2900 fvevol - ok
15:08:07.0197 2900 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
15:08:07.0243 2900 FxPPM - ok
15:08:07.0259 2900 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:08:07.0290 2900 gagp30kx - ok
15:08:07.0337 2900 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:08:07.0368 2900 GEARAspiWDM - ok
15:08:07.0399 2900 [ BF8BE103547EDDAA278BC52D565491A5 ] GemCCID C:\Windows\system32\DRIVERS\GemCCID.sys
15:08:07.0446 2900 GemCCID - ok
15:08:07.0462 2900 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
15:08:07.0493 2900 gencounter - ok
15:08:07.0586 2900 [ BA9265336BE256E6138AE0A0CC09AE46 ] GoToMyPC C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
15:08:07.0664 2900 GoToMyPC - ok
15:08:07.0711 2900 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
15:08:07.0758 2900 GPIOClx0101 - ok
15:08:07.0820 2900 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
15:08:07.0930 2900 gpsvc - ok
15:08:08.0008 2900 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:08:08.0039 2900 gupdate - ok
15:08:08.0039 2900 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:08:08.0070 2900 gupdatem - ok
15:08:08.0101 2900 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:08:08.0132 2900 gusvc - ok
15:08:08.0179 2900 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:08:08.0226 2900 HdAudAddService - ok
15:08:08.0273 2900 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
15:08:08.0335 2900 HDAudBus - ok
15:08:08.0366 2900 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
15:08:08.0398 2900 HidBatt - ok
15:08:08.0445 2900 [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth C:\Windows\System32\drivers\hidbth.sys
15:08:08.0491 2900 HidBth - ok
15:08:08.0522 2900 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
15:08:08.0585 2900 hidi2c - ok
15:08:08.0616 2900 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
15:08:08.0678 2900 HidIr - ok
15:08:08.0725 2900 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
15:08:08.0756 2900 hidserv - ok
15:08:08.0803 2900 [ 9E11EE0F2E117B2D5A835B2B91752827 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
15:08:08.0850 2900 HidUsb - ok
15:08:08.0881 2900 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:08:08.0928 2900 hkmsvc - ok
15:08:08.0975 2900 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:08:09.0037 2900 HomeGroupListener - ok
15:08:09.0084 2900 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:08:09.0147 2900 HomeGroupProvider - ok
15:08:09.0178 2900 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:08:09.0209 2900 HpSAMD - ok
15:08:09.0271 2900 [ F4A91D985EB9D1D2717D538F3424603C ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:08:09.0349 2900 HTTP - ok
15:08:09.0396 2900 [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:08:09.0443 2900 hwdatacard - ok
15:08:09.0474 2900 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:08:09.0505 2900 hwpolicy - ok
15:08:09.0537 2900 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
15:08:09.0583 2900 hyperkbd - ok
15:08:09.0583 2900 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
15:08:09.0630 2900 HyperVideo - ok
15:08:09.0661 2900 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
15:08:09.0708 2900 i8042prt - ok
15:08:09.0739 2900 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:08:09.0802 2900 iaStorV - ok
15:08:09.0817 2900 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:08:09.0849 2900 iirsp - ok
15:08:09.0911 2900 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
15:08:10.0020 2900 IKEEXT - ok
15:08:10.0145 2900 [ 9CC645EB9697AA4F2D5A39835C80A0A2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:08:10.0348 2900 IntcAzAudAddService - ok
15:08:10.0363 2900 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
15:08:10.0395 2900 intelide - ok
15:08:10.0426 2900 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
15:08:10.0473 2900 intelppm - ok
15:08:10.0488 2900 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:08:10.0535 2900 IpFilterDriver - ok
15:08:10.0597 2900 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:08:10.0675 2900 iphlpsvc - ok
15:08:10.0675 2900 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
15:08:10.0738 2900 IPMIDRV - ok
15:08:10.0753 2900 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:08:10.0816 2900 IPNAT - ok
15:08:10.0878 2900 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:08:10.0909 2900 iPod Service - ok
15:08:10.0925 2900 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:08:11.0003 2900 IRENUM - ok
15:08:11.0019 2900 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:08:11.0081 2900 isapnp - ok
15:08:11.0128 2900 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
15:08:11.0175 2900 iScsiPrt - ok
15:08:11.0190 2900 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
15:08:11.0221 2900 kbdclass - ok
15:08:11.0237 2900 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
15:08:11.0284 2900 kbdhid - ok
15:08:11.0315 2900 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
15:08:11.0362 2900 kdnic - ok
15:08:11.0393 2900 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
15:08:11.0424 2900 KeyIso - ok
15:08:11.0456 2900 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:08:11.0502 2900 KSecDD - ok
15:08:11.0533 2900 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:08:11.0580 2900 KSecPkg - ok
15:08:11.0612 2900 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:08:11.0643 2900 ksthunk - ok
15:08:11.0689 2900 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:08:11.0736 2900 KtmRm - ok
15:08:11.0768 2900 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
15:08:11.0830 2900 LanmanServer - ok
15:08:11.0861 2900 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:08:11.0923 2900 LanmanWorkstation - ok
15:08:11.0955 2900 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:08:12.0017 2900 lltdio - ok
15:08:12.0064 2900 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:08:12.0126 2900 lltdsvc - ok
15:08:12.0142 2900 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:08:12.0204 2900 lmhosts - ok
15:08:12.0235 2900 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:08:12.0267 2900 LSI_SAS - ok
15:08:12.0314 2900 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:08:12.0345 2900 LSI_SAS2 - ok
15:08:12.0360 2900 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:08:12.0407 2900 LSI_SCSI - ok
15:08:12.0423 2900 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
15:08:12.0469 2900 LSI_SSS - ok
15:08:12.0516 2900 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll
15:08:12.0579 2900 LSM - ok
15:08:12.0594 2900 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
15:08:12.0657 2900 luafv - ok
15:08:12.0672 2900 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
15:08:12.0719 2900 megasas - ok
15:08:12.0735 2900 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:08:12.0797 2900 MegaSR - ok
15:08:12.0859 2900 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
15:08:12.0906 2900 MMCSS - ok
15:08:12.0922 2900 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
15:08:12.0984 2900 Modem - ok
15:08:13.0047 2900 [ B3918AF7EFFE7DF596AEA647CE939F1A ] monblanking C:\Windows\system32\DRIVERS\monblanking.sys
15:08:13.0062 2900 monblanking - ok
15:08:13.0109 2900 [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor C:\Windows\System32\drivers\monitor.sys
15:08:13.0172 2900 monitor - ok
15:08:13.0218 2900 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
15:08:13.0250 2900 mouclass - ok
15:08:13.0265 2900 [ C0ADEBED913295803B579ED288936CBB ] mouhid C:\Windows\System32\drivers\mouhid.sys
15:08:13.0343 2900 mouhid - ok
15:08:13.0359 2900 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:08:13.0406 2900 mountmgr - ok
15:08:13.0437 2900 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:08:13.0499 2900 mpsdrv - ok
15:08:13.0562 2900 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:08:13.0624 2900 MpsSvc - ok
15:08:13.0671 2900 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:08:13.0718 2900 MRxDAV - ok
15:08:13.0749 2900 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:08:13.0827 2900 mrxsmb - ok
15:08:13.0858 2900 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:08:13.0889 2900 mrxsmb10 - ok
15:08:13.0952 2900 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:08:13.0998 2900 mrxsmb20 - ok
15:08:14.0030 2900 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
15:08:14.0092 2900 MsBridge - ok
15:08:14.0123 2900 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
15:08:14.0154 2900 MSDTC - ok
15:08:14.0201 2900 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:08:14.0248 2900 Msfs - ok
15:08:14.0279 2900 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
15:08:14.0310 2900 msgpiowin32 - ok
15:08:14.0342 2900 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:08:14.0373 2900 mshidkmdf - ok
15:08:14.0388 2900 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
15:08:14.0420 2900 mshidumdf - ok
15:08:14.0451 2900 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:08:14.0482 2900 msisadrv - ok
15:08:14.0513 2900 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:08:14.0560 2900 MSiSCSI - ok
15:08:14.0560 2900 msiserver - ok
15:08:14.0591 2900 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:08:14.0654 2900 MSKSSRV - ok
15:08:14.0669 2900 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
15:08:14.0716 2900 MsLldp - ok
15:08:14.0732 2900 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:08:14.0778 2900 MSPCLOCK - ok
15:08:14.0794 2900 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:08:14.0841 2900 MSPQM - ok
15:08:14.0856 2900 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:08:14.0919 2900 MsRPC - ok
15:08:14.0950 2900 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
15:08:14.0981 2900 mssmbios - ok
15:08:15.0012 2900 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:08:15.0059 2900 MSTEE - ok
15:08:15.0075 2900 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
15:08:15.0106 2900 MTConfig - ok
15:08:15.0137 2900 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
15:08:15.0168 2900 Mup - ok
15:08:15.0184 2900 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
15:08:15.0215 2900 mvumis - ok
15:08:15.0231 2900 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:08:15.0262 2900 mwlPSDFilter - ok
15:08:15.0278 2900 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:08:15.0309 2900 mwlPSDNServ - ok
15:08:15.0324 2900 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:08:15.0340 2900 mwlPSDVDisk - ok
15:08:15.0387 2900 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
15:08:15.0449 2900 napagent - ok
15:08:15.0480 2900 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:08:15.0527 2900 NativeWifiP - ok
15:08:15.0574 2900 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
15:08:15.0605 2900 NcaSvc - ok
15:08:15.0636 2900 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
15:08:15.0699 2900 NcdAutoSetup - ok
15:08:15.0761 2900 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:08:15.0855 2900 NDIS - ok
15:08:15.0886 2900 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:08:15.0948 2900 NdisCap - ok
15:08:15.0964 2900 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
15:08:16.0026 2900 NdisImPlatform - ok
15:08:16.0058 2900 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:08:16.0104 2900 NdisTapi - ok
15:08:16.0136 2900 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:08:16.0182 2900 Ndisuio - ok
15:08:16.0198 2900 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:08:16.0245 2900 NdisWan - ok
15:08:16.0260 2900 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
15:08:16.0307 2900 NDISWANLEGACY - ok
15:08:16.0354 2900 [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:08:16.0401 2900 NDProxy - ok
15:08:16.0432 2900 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
15:08:16.0479 2900 Ndu - ok
15:08:16.0510 2900 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:08:16.0557 2900 NetBIOS - ok
15:08:16.0604 2900 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:08:16.0666 2900 NetBT - ok
15:08:16.0682 2900 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
15:08:16.0713 2900 Netlogon - ok
15:08:16.0760 2900 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
15:08:16.0838 2900 Netman - ok
15:08:16.0885 2900 [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm C:\Windows\System32\netprofmsvc.dll
15:08:16.0962 2900 netprofm - ok
15:08:17.0009 2900 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:08:17.0056 2900 NetTcpPortSharing - ok
15:08:17.0087 2900 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:08:17.0118 2900 nfrd960 - ok
15:08:17.0181 2900 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:08:17.0259 2900 NlaSvc - ok
15:08:17.0274 2900 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:08:17.0321 2900 Npfs - ok
15:08:17.0337 2900 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
15:08:17.0384 2900 npsvctrig - ok
15:08:17.0415 2900 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
15:08:17.0462 2900 nsi - ok
15:08:17.0493 2900 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:08:17.0540 2900 nsiproxy - ok
15:08:17.0633 2900 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:08:17.0774 2900 Ntfs - ok
15:08:17.0836 2900 [ 24802A206925A340DBA52ABF83C21315 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
15:08:17.0867 2900 NTI IScheduleSvc - ok
15:08:17.0899 2900 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\windows\system32\drivers\NTIDrvr.sys
15:08:17.0914 2900 NTIDrvr - ok
15:08:17.0930 2900 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
15:08:17.0976 2900 Null - ok
15:08:18.0008 2900 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:08:18.0055 2900 nvraid - ok
15:08:18.0070 2900 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:08:18.0101 2900 nvstor - ok
15:08:18.0117 2900 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:08:18.0164 2900 nv_agp - ok
15:08:18.0273 2900 [ E0506331F0454C347B28B2AE4BD14636 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
15:08:18.0367 2900 OfficeSvc - ok
15:08:18.0460 2900 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:08:18.0491 2900 ose - ok
15:08:18.0523 2900 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:08:18.0601 2900 p2pimsvc - ok
15:08:18.0632 2900 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
15:08:18.0694 2900 p2psvc - ok
15:08:18.0741 2900 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
15:08:18.0772 2900 Parport - ok
15:08:18.0819 2900 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:08:18.0850 2900 partmgr - ok
15:08:18.0913 2900 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:08:18.0975 2900 PcaSvc - ok
15:08:19.0006 2900 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
15:08:19.0053 2900 pci - ok
15:08:19.0068 2900 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
15:08:19.0115 2900 pciide - ok
15:08:19.0131 2900 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:08:19.0178 2900 pcmcia - ok
15:08:19.0209 2900 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
15:08:19.0240 2900 pcw - ok
15:08:19.0271 2900 [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc C:\Windows\system32\drivers\pdc.sys
15:08:19.0318 2900 pdc - ok
15:08:19.0365 2900 [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:08:19.0443 2900 PEAUTH - ok
15:08:19.0521 2900 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:08:19.0583 2900 PerfHost - ok
15:08:19.0661 2900 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
15:08:19.0771 2900 pla - ok
15:08:19.0817 2900 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:08:19.0849 2900 PlugPlay - ok
15:08:19.0880 2900 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:08:19.0927 2900 PNRPAutoReg - ok
15:08:19.0958 2900 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:08:20.0005 2900 PNRPsvc - ok
15:08:20.0036 2900 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:08:20.0114 2900 PolicyAgent - ok
15:08:20.0161 2900 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
15:08:20.0207 2900 Power - ok
15:08:20.0223 2900 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:08:20.0285 2900 PptpMiniport - ok
15:08:20.0410 2900 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
15:08:20.0551 2900 PrintNotify - ok
15:08:20.0598 2900 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
15:08:20.0629 2900 Processor - ok
15:08:20.0660 2900 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
15:08:20.0722 2900 ProfSvc - ok
15:08:20.0754 2900 [ AF038FA3D3748B7595FE7096AD803696 ] Ps2Kb2Hid C:\Windows\System32\drivers\aPs2Kb2Hid.sys
15:08:20.0785 2900 Ps2Kb2Hid - ok
15:08:20.0800 2900 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:08:20.0863 2900 Psched - ok
15:08:20.0910 2900 [ A5B22EACF1DA28E19CC9F80D37978657 ] QRDCIO C:\Windows\System32\drivers\QRDCIO.sys
15:08:20.0956 2900 QRDCIO - ok
15:08:20.0972 2900 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
15:08:21.0034 2900 QWAVE - ok
15:08:21.0081 2900 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:08:21.0112 2900 QWAVEdrv - ok
15:08:21.0144 2900 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:08:21.0190 2900 RasAcd - ok
15:08:21.0206 2900 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:08:21.0268 2900 RasAgileVpn - ok
15:08:21.0300 2900 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
15:08:21.0362 2900 RasAuto - ok
15:08:21.0393 2900 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:08:21.0455 2900 Rasl2tp - ok
15:08:21.0487 2900 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
15:08:21.0549 2900 RasMan - ok
15:08:21.0580 2900 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:08:21.0627 2900 RasPppoe - ok
15:08:21.0658 2900 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:08:21.0705 2900 RasSstp - ok
15:08:21.0736 2900 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:08:21.0799 2900 rdbss - ok
15:08:21.0830 2900 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
15:08:21.0861 2900 rdpbus - ok
15:08:21.0892 2900 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:08:21.0955 2900 RDPDR - ok
15:08:22.0017 2900 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:08:22.0048 2900 RdpVideoMiniport - ok
15:08:22.0079 2900 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:08:22.0126 2900 RDPWD - ok
15:08:22.0142 2900 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:08:22.0189 2900 rdyboost - ok
15:08:22.0220 2900 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:08:22.0298 2900 RemoteAccess - ok
15:08:22.0345 2900 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:08:22.0407 2900 RemoteRegistry - ok
15:08:22.0454 2900 [ CF59781FCB68F859EB6C835ED285211D ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe
15:08:22.0469 2900 RfButtonDriverService - ok
15:08:22.0516 2900 [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
15:08:22.0563 2900 RFCOMM - ok
15:08:22.0610 2900 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:08:22.0657 2900 RpcEptMapper - ok
15:08:22.0688 2900 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
15:08:22.0735 2900 RpcLocator - ok
15:08:22.0782 2900 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
15:08:22.0844 2900 RpcSs - ok
15:08:22.0875 2900 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:08:22.0922 2900 rspndr - ok
15:08:22.0953 2900 [ 34DA0D14F5C3F1883A331AFB975AB434 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
15:08:23.0015 2900 RTL8168 - ok
15:08:23.0031 2900 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
15:08:23.0062 2900 s3cap - ok
15:08:23.0109 2900 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
15:08:23.0140 2900 SamSs - ok
15:08:23.0172 2900 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:08:23.0203 2900 sbp2port - ok
15:08:23.0234 2900 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:08:23.0312 2900 SCardSvr - ok
15:08:23.0328 2900 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:08:23.0374 2900 scfilter - ok
15:08:23.0437 2900 [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule C:\Windows\system32\schedsvc.dll
15:08:23.0546 2900 Schedule - ok
15:08:23.0593 2900 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:08:23.0624 2900 SCPolicySvc - ok
15:08:23.0671 2900 [ 047315E75392CEA447ACC86257824C16 ] sdbus C:\Windows\System32\drivers\sdbus.sys
15:08:23.0718 2900 sdbus - ok
15:08:23.0749 2900 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:08:23.0827 2900 SDRSVC - ok
15:08:23.0874 2900 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
15:08:23.0905 2900 sdstor - ok
15:08:23.0936 2900 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:08:23.0983 2900 secdrv - ok
15:08:24.0014 2900 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
15:08:24.0061 2900 seclogon - ok
15:08:24.0092 2900 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
15:08:24.0154 2900 SENS - ok
15:08:24.0170 2900 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:08:24.0232 2900 SensrSvc - ok
15:08:24.0248 2900 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
15:08:24.0295 2900 SerCx - ok
15:08:24.0310 2900 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
15:08:24.0342 2900 Serenum - ok
15:08:24.0357 2900 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
15:08:24.0404 2900 Serial - ok
15:08:24.0420 2900 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
15:08:24.0451 2900 sermouse - ok
15:08:24.0498 2900 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
15:08:24.0576 2900 SessionEnv - ok
15:08:24.0591 2900 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
15:08:24.0622 2900 sfloppy - ok
15:08:24.0669 2900 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:08:24.0716 2900 SharedAccess - ok
15:08:24.0747 2900 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:08:24.0872 2900 ShellHWDetection - ok
15:08:24.0872 2900 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:08:24.0919 2900 SiSRaid2 - ok
15:08:24.0934 2900 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:08:24.0981 2900 SiSRaid4 - ok
15:08:25.0012 2900 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:08:25.0075 2900 SNMPTRAP - ok
15:08:25.0122 2900 [ 872E937681910E2456A054331C7D5A18 ] spaceport C:\Windows\system32\drivers\spaceport.sys
15:08:25.0168 2900 spaceport - ok
15:08:25.0184 2900 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
15:08:25.0231 2900 SpbCx - ok
15:08:25.0262 2900 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
15:08:25.0356 2900 Spooler - ok
15:08:25.0496 2900 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
15:08:25.0714 2900 sppsvc - ok
15:08:25.0746 2900 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:08:25.0808 2900 srv - ok
15:08:25.0855 2900 [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:08:25.0948 2900 srv2 - ok
15:08:25.0980 2900 [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:08:26.0011 2900 srvnet - ok
15:08:26.0058 2900 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:08:26.0104 2900 SSDPSRV - ok
15:08:26.0120 2900 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:08:26.0182 2900 SstpSvc - ok
15:08:26.0214 2900 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:08:26.0260 2900 stexstor - ok
15:08:26.0292 2900 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
15:08:26.0354 2900 stisvc - ok
15:08:26.0401 2900 [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci C:\Windows\system32\drivers\storahci.sys
15:08:26.0432 2900 storahci - ok
15:08:26.0463 2900 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
15:08:26.0494 2900 storflt - ok
15:08:26.0510 2900 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
15:08:26.0588 2900 StorSvc - ok
15:08:26.0619 2900 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:08:26.0635 2900 storvsc - ok
15:08:26.0666 2900 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
15:08:26.0728 2900 svsvc - ok
15:08:26.0744 2900 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
15:08:26.0791 2900 swenum - ok
15:08:26.0822 2900 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
15:08:26.0900 2900 swprv - ok
15:08:26.0963 2900 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
15:08:27.0072 2900 SysMain - ok
15:08:27.0119 2900 [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
15:08:27.0181 2900 SystemEventsBroker - ok
15:08:27.0212 2900 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
15:08:27.0259 2900 TabletInputService - ok
15:08:27.0290 2900 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
15:08:27.0337 2900 TapiSrv - ok
15:08:27.0415 2900 [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:08:27.0587 2900 Tcpip - ok
15:08:27.0649 2900 [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:08:27.0789 2900 TCPIP6 - ok
15:08:27.0821 2900 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:08:27.0883 2900 tcpipreg - ok
15:08:27.0914 2900 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:08:27.0961 2900 tdx - ok
15:08:27.0992 2900 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
15:08:28.0023 2900 terminpt - ok
15:08:28.0070 2900 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
15:08:28.0133 2900 TermService - ok
15:08:28.0148 2900 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
15:08:28.0211 2900 Themes - ok
15:08:28.0257 2900 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
15:08:28.0304 2900 THREADORDER - ok
15:08:28.0351 2900 [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
15:08:28.0398 2900 TimeBroker - ok
15:08:28.0445 2900 [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM C:\Windows\system32\drivers\tpm.sys
15:08:28.0476 2900 TPM - ok
15:08:28.0507 2900 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
15:08:28.0554 2900 TrkWks - ok
15:08:28.0616 2900 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:08:28.0663 2900 TrustedInstaller - ok
15:08:28.0710 2900 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:08:28.0757 2900 TsUsbFlt - ok
15:08:28.0772 2900 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
15:08:28.0803 2900 TsUsbGD - ok
15:08:28.0835 2900 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:08:28.0897 2900 tunnel - ok
15:08:28.0913 2900 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:08:28.0944 2900 uagp35 - ok
15:08:28.0959 2900 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
15:08:29.0006 2900 UASPStor - ok
15:08:29.0006 2900 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\windows\system32\drivers\UBHelper.sys
15:08:29.0037 2900 UBHelper - ok
15:08:29.0069 2900 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
15:08:29.0115 2900 UCX01000 - ok
15:08:29.0147 2900 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:08:29.0225 2900 udfs - ok
15:08:29.0256 2900 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:08:29.0318 2900 UI0Detect - ok
15:08:29.0349 2900 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:08:29.0396 2900 uliagpkx - ok
15:08:29.0412 2900 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
15:08:29.0459 2900 umbus - ok
15:08:29.0474 2900 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
15:08:29.0505 2900 UmPass - ok
15:08:29.0552 2900 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
15:08:29.0599 2900 UmRdpService - ok
15:08:29.0646 2900 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
15:08:29.0708 2900 upnphost - ok
15:08:29.0739 2900 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys
15:08:29.0786 2900 USBAAPL64 - ok
15:08:29.0818 2900 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
15:08:29.0880 2900 usbccgp - ok
15:08:29.0895 2900 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
15:08:29.0973 2900 usbcir - ok
15:08:30.0020 2900 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
15:08:30.0051 2900 usbehci - ok
15:08:30.0083 2900 [ 4875DC63E548812C75D4FDEF84970C89 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
15:08:30.0098 2900 usbfilter - ok
15:08:30.0161 2900 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\Windows\System32\drivers\usbhub.sys
15:08:30.0223 2900 usbhub - ok
15:08:30.0254 2900 [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
15:08:30.0317 2900 USBHUB3 - ok
15:08:30.0332 2900 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
15:08:30.0379 2900 usbohci - ok
15:08:30.0410 2900 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
15:08:30.0473 2900 usbprint - ok
15:08:30.0504 2900 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
15:08:30.0535 2900 USBSTOR - ok
15:08:30.0566 2900 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
15:08:30.0597 2900 usbuhci - ok
15:08:30.0629 2900 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:08:30.0691 2900 usbvideo - ok
15:08:30.0754 2900 [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
15:08:30.0816 2900 USBXHCI - ok
15:08:30.0831 2900 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
15:08:30.0863 2900 VaultSvc - ok
15:08:30.0909 2900 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:08:30.0941 2900 vdrvroot - ok
15:08:31.0003 2900 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
15:08:31.0081 2900 vds - ok
15:08:31.0097 2900 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
15:08:31.0144 2900 VerifierExt - ok
15:08:31.0175 2900 [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
15:08:31.0237 2900 vhdmp - ok
15:08:31.0253 2900 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
15:08:31.0300 2900 viaide - ok
15:08:31.0315 2900 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:08:31.0346 2900 vmbus - ok
15:08:31.0362 2900 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
15:08:31.0393 2900 VMBusHID - ok
15:08:31.0440 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
15:08:31.0487 2900 vmicheartbeat - ok
15:08:31.0502 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
15:08:31.0549 2900 vmickvpexchange - ok
15:08:31.0565 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
15:08:31.0612 2900 vmicrdv - ok
15:08:31.0627 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
15:08:31.0658 2900 vmicshutdown - ok
15:08:31.0674 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
15:08:31.0721 2900 vmictimesync - ok
15:08:31.0736 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
15:08:31.0783 2900 vmicvss - ok
15:08:31.0814 2900 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:08:31.0846 2900 volmgr - ok
15:08:31.0877 2900 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:08:31.0939 2900 volmgrx - ok
15:08:31.0955 2900 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:08:32.0002 2900 volsnap - ok
15:08:32.0033 2900 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
15:08:32.0064 2900 vpci - ok
15:08:32.0111 2900 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:08:32.0142 2900 vsmraid - ok
15:08:32.0220 2900 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
15:08:32.0314 2900 VSS - ok
15:08:32.0345 2900 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
15:08:32.0392 2900 VSTXRAID - ok
15:08:32.0407 2900 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:08:32.0454 2900 vwifibus - ok
15:08:32.0470 2900 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:08:32.0516 2900 vwififlt - ok
15:08:32.0548 2900 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:08:32.0579 2900 vwifimp - ok
15:08:32.0610 2900 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
15:08:32.0672 2900 W32Time - ok
15:08:32.0688 2900 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
15:08:32.0735 2900 WacomPen - ok
15:08:32.0782 2900 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:08:32.0828 2900 Wanarp - ok
15:08:32.0844 2900 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:08:32.0875 2900 Wanarpv6 - ok
15:08:32.0938 2900 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
15:08:33.0062 2900 wbengine - ok
15:08:33.0094 2900 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:08:33.0140 2900 WbioSrvc - ok
15:08:33.0156 2900 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
15:08:33.0203 2900 Wcmsvc - ok
15:08:33.0250 2900 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:08:33.0312 2900 wcncsvc - ok
15:08:33.0343 2900 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:08:33.0406 2900 WcsPlugInService - ok
15:08:33.0421 2900 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
15:08:33.0452 2900 Wd - ok
15:08:33.0499 2900 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
15:08:33.0562 2900 WdBoot - ok
15:08:33.0624 2900 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:08:33.0686 2900 Wdf01000 - ok
15:08:33.0702 2900 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
15:08:33.0749 2900 WdFilter - ok
15:08:33.0780 2900 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:08:33.0858 2900 WdiServiceHost - ok
15:08:33.0858 2900 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:08:33.0920 2900 WdiSystemHost - ok
15:08:33.0952 2900 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
15:08:34.0014 2900 WebClient - ok
15:08:34.0045 2900 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:08:34.0108 2900 Wecsvc - ok
15:08:34.0139 2900 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:08:34.0264 2900 wercplsupport - ok
15:08:34.0295 2900 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\Windows\System32\WerSvc.dll
15:08:34.0388 2900 WerSvc - ok
15:08:34.0420 2900 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
15:08:34.0451 2900 WFPLWFS - ok
15:08:34.0482 2900 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
15:08:34.0513 2900 WiaRpc - ok
15:08:34.0545 2900 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:08:34.0576 2900 WIMMount - ok
15:08:34.0623 2900 WinDefend - ok
15:08:34.0700 2900 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
15:08:34.0778 2900 WinHttpAutoProxySvc - ok
15:08:34.0841 2900 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:08:34.0888 2900 Winmgmt - ok
15:08:34.0981 2900 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
15:08:35.0137 2900 WinRM - ok
15:08:35.0184 2900 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:08:35.0262 2900 WinUsb - ok
15:08:35.0324 2900 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
15:08:35.0418 2900 WlanSvc - ok
15:08:35.0512 2900 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
15:08:35.0621 2900 wlidsvc - ok
15:08:35.0668 2900 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
15:08:35.0699 2900 WmiAcpi - ok
15:08:35.0730 2900 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:08:35.0777 2900 wmiApSrv - ok
15:08:35.0808 2900 WMPNetworkSvc - ok
15:08:35.0839 2900 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
15:08:35.0902 2900 wpcfltr - ok
15:08:35.0949 2900 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:08:35.0995 2900 WPCSvc - ok
15:08:36.0042 2900 [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:08:36.0105 2900 WPDBusEnum - ok
15:08:36.0136 2900 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
15:08:36.0182 2900 WpdUpFltr - ok
15:08:36.0214 2900 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:08:36.0245 2900 ws2ifsl - ok
15:08:36.0292 2900 [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc C:\Windows\System32\wscsvc.dll
15:08:36.0339 2900 wscsvc - ok
15:08:36.0385 2900 [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
15:08:36.0432 2900 WSDPrintDevice - ok
15:08:36.0448 2900 [ FA07DF46070F0826139709EF4D31FB71 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
15:08:36.0495 2900 WSDScan - ok
15:08:36.0510 2900 WSearch - ok
15:08:36.0619 2900 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
15:08:36.0807 2900 WSService - ok
15:08:36.0916 2900 [ 79F95469604B77296346DE7DB463EA2A ] wuauserv C:\Windows\system32\wuaueng.dll
15:08:37.0087 2900 wuauserv - ok
15:08:37.0119 2900 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:08:37.0165 2900 WudfPf - ok
15:08:37.0197 2900 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
15:08:37.0228 2900 WUDFRd - ok
15:08:37.0275 2900 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:08:37.0306 2900 wudfsvc - ok
15:08:37.0321 2900 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
15:08:37.0368 2900 WUDFWpdFs - ok
15:08:37.0384 2900 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
15:08:37.0415 2900 WUDFWpdMtp - ok
15:08:37.0462 2900 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:08:37.0540 2900 WwanSvc - ok
15:08:37.0587 2900 ================ Scan global ===============================
15:08:37.0618 2900 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
15:08:37.0665 2900 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
15:08:37.0711 2900 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
15:08:37.0727 2900 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
15:08:37.0743 2900 [Global] - ok
15:08:37.0743 2900 ================ Scan MBR ==================================
15:08:37.0774 2900 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
15:08:37.0883 2900 \Device\Harddisk0\DR0 - ok
15:08:37.0883 2900 ================ Scan VBR ==================================
15:08:37.0930 2900 [ 949F4EC49DEC12730FA5EDE3267FE7F0 ] \Device\Harddisk0\DR0\Partition1
15:08:37.0930 2900 \Device\Harddisk0\DR0\Partition1 - ok
15:08:37.0945 2900 [ 544444B693E784A190EA47F6630CFE37 ] \Device\Harddisk0\DR0\Partition2
15:08:37.0945 2900 \Device\Harddisk0\DR0\Partition2 - ok
15:08:37.0961 2900 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
15:08:37.0961 2900 \Device\Harddisk0\DR0\Partition3 - ok
15:08:37.0992 2900 [ 172B2F924116EA43188397B2E0CD0B7B ] \Device\Harddisk0\DR0\Partition4
15:08:37.0992 2900 \Device\Harddisk0\DR0\Partition4 - ok
15:08:38.0023 2900 [ DEED9003224E47F066750F2FAB071879 ] \Device\Harddisk0\DR0\Partition5
15:08:38.0039 2900 \Device\Harddisk0\DR0\Partition5 - ok
15:08:38.0039 2900 ============================================================
15:08:38.0039 2900 Scan finished
15:08:38.0039 2900 ============================================================
15:08:38.0070 4064 Detected object count: 0
15:08:38.0070 4064 Actual detected object count: 0
15:09:03.0924 5760 Deinitialize success

Alt 23.05.2013, 14:27   #11
markusg
/// Malware-holic
 
Delta Search Babylon - Standard

Delta Search Babylon



Sehr gut.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.05.2013, 10:19   #12
katrin87
 
Delta Search Babylon - Standard

Delta Search Babylon



Hallo, hab nun Malwarebytes durchgeführt, Log:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.05.27.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
**** :: **** [Administrator]

27.05.2013 09:39:58
mbam-log-2013-05-27 (09-39-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 449715
Laufzeit: 1 Stunde(n), 28 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\****\AppData\Local\Temp\is357113909\49822882_Setup.EXE (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 27.05.2013, 18:28   #13
markusg
/// Malware-holic
 
Delta Search Babylon - Standard

Delta Search Babylon



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.05.2013, 09:18   #14
katrin87
 
Delta Search Babylon - Standard

Delta Search Babylon



7-Zip 9.30 (x64 edition) Igor Pavlov 22.02.2013 4,33MB 9.30.00.0 notwendig
Acer Backup Manager NTI Corporation 31.08.2012 178MB 4.0.0.0059 notwendig
Acer Device Fast-lane Acer Incorporated 31.08.2012 2,43MB 1.00.3007 notwendig
Acer Device Fast-lane Acer Incorporated 31.08.2012 1.00.3007 notwendig
Acer Power Management Acer Incorporated 23.10.2012 17,2MB 7.00.3006 notwendig
Acer Power Management Acer Incorporated 23.10.2012 7.00.3006 notwendig
Acer Recovery Management Acer Incorporated 31.08.2012 9,84MB 6.00.3011 notwendig
AcerCloud Acer Incorporated 23.10.2012 2.01.3115 notwendig
AcerCloud Acer Incorporated 23.10.2012 2.01.3115 notwendig
AcerCloud Docs Acer Incorporated 23.10.2012 38,5MB 1.00.3201 notwendig
AcerCloud Docs Acer Incorporated 23.10.2012 1.00.3201 notwendig
Adobe AIR Adobe Systems Incorporated 02.05.2013 3.7.0.1530 notwendig
Adobe Download Assistant Adobe Systems Incorporated 02.05.2013 1.2.5 notwendig
Adobe Reader XI (11.0.02) - Deutsch Adobe Systems Incorporated 21.02.2013 133MB 11.0.02 notwendig
Alcor Micro USB Card Reader Alcor Micro Corp. 23.10.2012 2,97MB 3.4.42.61513 notwendig
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 23.10.2012 26,3MB 8.0.881.0 unbekannt
Apple Application Support Apple Inc. 27.04.2013 62,7MB 2.3.3 notwendig
Apple Mobile Device Support Apple Inc. 27.04.2013 27,5MB 6.1.0.13 notwendig
Apple Software Update Apple Inc. 27.04.2013 2,38MB 2.1.3.127 notwendig
AudibleManager Audible, Inc. 06.04.2013 18414980.4759644.48.2004352386 notwendig
Avira Antivirus Premium Avira 08.05.2013 144MB 13.0.0.3640 notwendig
Bonjour Apple Inc. 27.04.2013 2,00MB 3.0.0.10 unbekannt
Canon MG5200 series MP Drivers 07.04.2013 notwendig
CCleaner Piriform 24.05.2013 4.02 notwendig
Citavi Swiss Academic Software 21.02.2013 71,0MB 3.4.0.2 notwendig
clear.fi Media Acer Incorporated 23.10.2012 2.01.3108 notwendig
clear.fi Media Acer Incorporated 23.10.2012 2.01.3108 notwendig
clear.fi Photo Acer Incorporated 23.10.2012 2.01.3108 notwendig
clear.fi Photo Acer Incorporated 23.10.2012 2.01.3108 notwendig
CutePDF Writer 3.0 CutePDF.com 21.02.2013 3.0 notwendig
Dropbox Dropbox, Inc. 21.05.2013 2.0.16 notwendig
ETDWare PS/2-X64 11.6.8.001_WHQL ELAN Microelectronic Corp. 23.10.2012 11.6.8.001 notwendig
f4 2012 audiotranskription.de 10.04.2013 unnötig
GMX Softwareaktualisierung 1&1 Mail & Media GmbH 16.04.2013 3.0.0.53 unnötig
Google Calendar Sync 20.04.2013 notwendig
Google Chrome Google Inc. 28.05.2013 27.0.1453.94 notwendig
Google Toolbar for Internet Explorer Google Inc. 21.02.2013 7.4.3607.2246 notwendig
GoToMyPC Citrix Online 22.04.2013 32,5MB 8.0.943 notwendig
Identity Card Acer Incorporated 31.08.2012 1,83MB 2.00.3004 notwendig
iMindMap 6 ThinkBuzan 21.05.2013 214MB 6.0.641 notwendig
iTunes Apple Inc. 27.04.2013 187MB 11.0.2.26 notwendig
Launch Manager Acer Inc. 23.10.2012 7.0.4 notwendig
Live Updater Acer Incorporated 31.08.2012 3,41MB 2.00.3004 notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 27.05.2013 19,3MB 1.75.0.1300 notwendig
Microsoft Office 365 Home Premium - de-de Microsoft Corporation 15.04.2013 15.0.4481.1510 notwendig
Microsoft S/MIME Microsoft Corporation 21.05.2013 2,20MB 14.2.247.1 unbekannt
Microsoft Silverlight Microsoft Corporation 21.05.2013 22,6MB 5.0.61118.0 unbekannt
Microsoft SkyDrive Microsoft Corporation 20.03.2013 26,5MB 17.0.2006.0314 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.10.2012 4,84MB 8.0.59193 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 23.10.2012 13,1MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.10.2012 8,85MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23.10.2012 10,1MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 23.10.2012 12,1MB 10.0.30319 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.04.2013 11,1MB 10.0.40219 unbekannt
Mobile Partner Huawei Technologies Co.,Ltd 26.02.2013 11.300.05.00.382 notwendig
MyWinLocker Suite Egis Technology Inc. 31.08.2012 6,32MB 4.0.14.24 unbekannt
Qualcomm Atheros Bluetooth Suite (64) Ihr Firmenname 23.10.2012 111MB 8.0.0.206 notwendig
Qualcomm Atheros WiFi Driver Installation Qualcomm Atheros 20.02.2013 11.31 notwendig
Realtek Ethernet Controller Driver Realtek 23.10.2012 8.3.730.2012 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 23.10.2012 6.0.1.6657 notwendig
Recovery Management Acer Incorporated 31.08.2012 9,84MB 6.00.3011 notwendig
Shared C Run-time for x64 McAfee 31.08.2012 2,78MB 10.0.0 unbekannt
Spotify Spotify AB 23.10.2012 0.8.4.99.ga249b5f1 notwendig
Update for Image Editor 21.05.2013 unbekannt
Visual Studio 2005 Tools for Office Second Edition Runtime Microsoft Corporation 23.10.2012 notwendig
Visual Studio Tools for the Office system 3.0 Runtime Microsoft Corporation 23.10.2012 notwendig
Windows-Treiberpaket - Citrix Systems monblanking Citrix Driver (06/27/2012 6.3.0.48) Citrix Systems 22.04.2013 06/27/2012 6.3.0.48 notwendig

Alt 28.05.2013, 09:50   #15
markusg
/// Malware-holic
 
Delta Search Babylon - Standard

Delta Search Babylon



adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:

f4
GMX
Google Toolbar : finger bitte weg von Toolbars, sind nur ein unnützes Risiko und können den Browser verlangsamen.

Öffne bitte CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Delta Search Babylon
adobe, adobe reader xi, appdata, avg, avira antivir, defender, desktop, downloader, escan, eset, explorer, falsch, firefox, folge, internet explorer, log, problem, programm, screen, seite, system, temp, total, variant, win, win32/adware.addlyrics.b, öffnen



Ähnliche Themen: Delta Search Babylon


  1. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (9)
  2. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  3. Tastatur generiert Anschläge; Malwarebytes findet PUP.Optional.Delta.A, -MixiDJToolbar.A, -BProtector.A, -Babylon.A u.a.
    Log-Analyse und Auswertung - 08.01.2014 (15)
  4. BitGuard, Babylon, Delta Search und andere Ad-, Spy- und Scareware @ MARCO-VAIO
    Log-Analyse und Auswertung - 05.01.2014 (13)
  5. Delta Toolbar, Babylon, FilesFrogUpdater durch Free-Tool installier. Infektion zu befürchten?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (18)
  6. XP Neuinstallation nach Infektion mit Babylon und Delta Search
    Log-Analyse und Auswertung - 12.08.2013 (3)
  7. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  8. Babylon Search
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (11)
  9. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  10. Babylon search entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (2)
  11. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)
  12. Babylon Search im Firefox und IE
    Plagegeister aller Art und deren Bekämpfung - 10.02.2013 (37)
  13. Babylon Search
    Log-Analyse und Auswertung - 28.11.2012 (12)
  14. Babylon Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (8)
  15. Babylon Search im Firefox
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (44)
  16. Babylon search in Firefox11
    Log-Analyse und Auswertung - 29.03.2012 (7)
  17. Malwareverdacht und Babylon Search
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (30)

Zum Thema Delta Search Babylon - Hallo liebes Team von Trojaner-Board, ich bin bei der Internetrecherche nach meinem Problem direkt auf eurer Seite bzw. bei diesem Post gelandet http://www.trojaner-board.de/132461-delta-search.html und wende mich daher hilfesuchend an euch. - Delta Search Babylon...
Archiv
Du betrachtest: Delta Search Babylon auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.