| |
| |||||||
Log-Analyse und Auswertung: Verlinkungen zu ClickcompareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
26.05.2013, 18:52
| #1 |
 |  Verlinkungen zu Clickcompare Guten Abend, ich habe seit einiger Zeit das Problem, dass manche Wörter auf Webseiten unterstrichen sind und zu der Seite clickcompare weiterleiten. Durch die Google Suche bin ich auf das Trojaner Board aufmerksam geworden, weil es die einzige Seite war, die Lösungen wusste. Ich habe bisher nichts unternommen, weil mein Virenscanner (Avira Free Antivirus) nichts zu meckern hatte, mich das aber irgendwann gestört hat. Ich bin nicht sehr bewandert, was solche Dinge angeht, aber ich habe versucht die Seite "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" durchzugehen. Bei GMER gab es Probleme. Die Fehlermeldung habe ich angehangen. Mein Virenscanner lies sich danach auch nicht mehr einschalten. :-( Schon einmal vielen Dank für die Hilfe! VG Lima Code:
ATTFilter OTL logfile created on: 26.05.2013 19:03:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lima\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,86 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 64,59% Memory free 11,73 Gb Paging File | 9,23 Gb Available in Paging File | 78,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 420,56 Gb Total Space | 254,66 Gb Free Space | 60,55% Space Free | Partition Type: NTFS Drive D: | 25,47 Gb Total Space | 21,03 Gb Free Space | 82,59% Space Free | Partition Type: NTFS Computer Name: LIMA-PC | User Name: Lima | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.26 19:00:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lima\Downloads\OTL.exe PRC - [2013.05.26 18:57:15 | 000,050,477 | ---- | M] () -- C:\Users\Lima\Downloads\Defogger.exe PRC - [2013.05.08 06:45:36 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe PRC - [2013.04.22 09:40:54 | 005,687,152 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe PRC - [2013.04.22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe PRC - [2013.03.20 13:20:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.20 13:19:43 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lima\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.01.31 16:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe PRC - [2013.01.18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe PRC - [2013.01.17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2013.01.10 09:22:13 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012.11.01 17:05:52 | 000,536,216 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe PRC - [2012.10.17 11:29:54 | 000,684,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.10.17 11:29:40 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.10.06 04:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.08.07 04:04:19 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2012.06.13 16:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe PRC - [2012.04.16 09:17:10 | 000,362,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.04.16 09:17:06 | 000,276,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.04.16 09:17:02 | 000,127,320 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.04.16 09:16:54 | 000,164,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.27 13:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.23 05:24:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.20 16:08:36 | 000,066,608 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe PRC - [2012.02.17 03:35:18 | 001,876,992 | ---- | M] (LENOVO) -- C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe PRC - [2012.02.05 20:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe PRC - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.12.13 11:23:04 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.12.09 15:45:00 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE PRC - [2011.12.08 11:12:40 | 000,291,272 | ---- | M] () -- C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe PRC - [2011.01.28 23:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe ========== Modules (No Company Name) ========== MOD - [2013.05.26 18:57:15 | 000,050,477 | ---- | M] () -- C:\Users\Lima\Downloads\Defogger.exe MOD - [2013.05.16 06:30:12 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll MOD - [2013.05.16 06:30:12 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll MOD - [2013.05.16 06:16:19 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll MOD - [2013.05.16 06:16:07 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll MOD - [2013.05.16 06:16:02 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll MOD - [2013.05.16 06:16:00 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll MOD - [2013.05.16 06:15:56 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll MOD - [2013.05.16 06:15:53 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013.01.10 22:19:50 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll MOD - [2013.01.10 22:19:31 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.01.10 09:24:24 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 09:24:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.10 09:24:08 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.10 09:24:06 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.10 09:24:00 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2013.01.10 09:22:13 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.11.01 19:00:38 | 002,025,624 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wfvie13.dll MOD - [2012.11.01 17:05:52 | 000,536,216 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe MOD - [2012.11.01 14:47:14 | 008,748,696 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wgui13.dll MOD - [2012.11.01 14:47:00 | 002,950,296 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wcore13.dll MOD - [2012.11.01 14:46:50 | 000,308,376 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rscorewinapi48.dll MOD - [2012.11.01 14:46:48 | 004,070,040 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wauff13.dll MOD - [2012.11.01 14:46:36 | 001,710,232 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wreli13.dll MOD - [2012.11.01 14:46:34 | 001,596,568 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wsteu13.dll MOD - [2012.11.01 14:46:34 | 000,320,664 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsguiwinapi48.dll MOD - [2012.11.01 14:46:20 | 000,135,832 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsodbc48.dll MOD - [2012.11.01 14:46:16 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsdcom48.dll MOD - [2012.10.17 11:30:24 | 000,062,968 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll MOD - [2012.10.06 04:14:14 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.08.07 04:04:19 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2011.12.08 11:12:40 | 000,291,272 | ---- | M] () -- C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe MOD - [2011.06.28 08:28:38 | 000,042,496 | ---- | M] () -- C:\PROGRA~2\Lenovo\LENOVO~2\QTKB.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.02.06 13:55:34 | 000,123,952 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Windows\SysNative\BootShieldSvc.exe -- (BootShieldSvc) SRV:64bit: - [2010.12.17 10:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV - [2013.04.22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup) SRV - [2013.04.22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService) SRV - [2013.03.20 13:20:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.20 13:19:43 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.10.17 11:29:40 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.04.16 09:17:10 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.04.16 09:17:06 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.04.16 09:17:02 | 000,127,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.04.16 09:16:54 | 000,164,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.03.07 02:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.25 00:23:24 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.02.23 05:24:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.20 16:08:36 | 000,066,608 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe -- (LenovoSmartConnectService) SRV - [2012.02.05 20:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv) SRV - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.12.13 11:23:04 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent) SRV - [2011.12.13 11:06:38 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.20 13:20:27 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.20 13:20:27 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.20 13:20:27 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.01.03 13:50:48 | 000,078,336 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2012.12.10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2012.12.07 18:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2012.10.17 11:13:38 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.10.17 11:11:38 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.07 13:18:56 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.08.07 04:10:08 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2012.08.07 04:10:08 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2012.05.31 17:06:50 | 002,811,904 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.04.16 17:18:18 | 000,031,536 | ---- | M] (Lenovo Corporation") [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BootShield.sys -- (BootShield) DRV:64bit: - [2012.02.27 13:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.27 13:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.27 13:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.23 05:24:00 | 000,030,016 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.02.17 19:28:56 | 014,692,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.02.16 09:28:38 | 000,061,744 | ---- | M] (Lenovo Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BootShieldfltr.sys -- (BootShieldfltr) DRV:64bit: - [2012.02.06 12:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv) DRV:64bit: - [2012.02.01 10:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.01.13 00:03:36 | 000,008,192 | ---- | M] (TODO: <Company name>) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LAD.sys -- (LAD) DRV:64bit: - [2012.01.05 08:26:18 | 000,085,080 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2011.12.15 00:25:40 | 000,958,800 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2011.12.13 11:15:22 | 000,290,464 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.12.13 11:14:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.12.13 11:14:20 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.12.13 11:14:04 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.12.13 11:13:50 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.12.13 11:13:34 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.12.13 11:13:18 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011.12.13 11:13:04 | 000,259,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.12.06 13:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.12.05 10:05:26 | 001,600,128 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.11.10 14:40:26 | 000,401,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.11.09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.10 09:56:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.10.10 09:56:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.28 23:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=hp&installDate=19/05/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.4.0 FF - prefs.js..extensions.enabledAddons: foxyproxy-basic@eric.h.jung:3.1.4 FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.11 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&installDate=19/05/2013&q=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "proxy.th-wildau.de" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "proxy.th-wildau.de" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.th-wildau.de" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "proxy.th-wildau.de" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 00:29:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.01 00:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Extensions [2013.05.21 21:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions [2013.05.19 11:34:53 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2013.05.10 12:01:46 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\foxyproxy-basic@eric.h.jung [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.04.17 17:36:05 | 000,005,429 | ---- | M] () (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.05.09 11:35:30 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.19 11:34:26 | 000,002,433 | ---- | M] () -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\searchplugins\Web Search.xml [2012.12.01 00:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.01 00:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.12.01 00:29:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.10.06 04:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.06 05:22:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (PriceGong - Price Comparison) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll (PriceGong) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Programme\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CAPOSD] C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe (LENOVO) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [Intelligent Touchpad] C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe () O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital) O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKLM..\RunOnce: [awde7zip23650] File not found O4 - Startup: C:\Users\Lima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lima\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02894572-44C7-4E89-8C98-263869B65AD4}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{10851bfb-bc4a-11e2-9f4f-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{10851bfb-bc4a-11e2-9f4f-74e543cc020d}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{a4086250-3be8-11e2-a649-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{a4086250-3be8-11e2-a649-74e543cc020d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{bf674641-b6d2-11e2-ae66-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bf674641-b6d2-11e2-ae66-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD Drive Unlock.exe" autoplay=true O33 - MountPoints2\{e4bf3ff7-bfde-11e2-a765-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{e4bf3ff7-bfde-11e2-a765-74e543cc020d}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{f25d2647-6628-11e2-b84f-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{f25d2647-6628-11e2-b84f-74e543cc020d}\Shell\AutoRun\command - "" = E:\start.exe /auto O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.26 18:56:17 | 000,000,000 | ---D | C] -- C:\Users\Lima\Local Settings [2013.05.26 18:56:15 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013.05.26 18:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FilesFrog Update Checker [2013.05.19 12:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.05.19 11:57:48 | 000,000,000 | ---D | C] -- C:\Users\Lima\Documents\HTC One S [2013.05.19 11:46:58 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\MyPhoneExplorer [2013.05.19 11:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong [2013.05.19 11:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PriceGong [2013.05.19 11:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2013.05.19 11:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer [2013.05.18 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\Outlook [2013.05.18 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\HTC [2013.05.18 21:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC [2013.05.18 21:43:33 | 000,000,000 | ---D | C] -- C:\Users\Lima\Documents\HTC [2013.05.18 21:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola [2013.05.18 21:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2013.05.18 21:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2013.05.18 21:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2013.05.18 21:41:55 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Local\Downloaded Installations [2013.05.18 21:36:27 | 000,000,000 | ---D | C] -- C:\Temp [2013.05.16 19:31:27 | 000,000,000 | ---D | C] -- C:\Users\Lima\Documents\Neuer Ordner [2013.05.14 06:12:37 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Local\Research In Motion [2013.05.14 06:12:36 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\Research In Motion [2013.05.14 06:11:08 | 000,044,544 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys [2013.05.14 06:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry [2013.05.14 06:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion [2013.05.14 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM [2013.05.14 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion [2013.05.14 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion [2013.05.08 06:46:00 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 18:46:22 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Local\Western_Digital_Technolog [2013.05.05 18:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital [2013.05.05 18:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Western Digital [2013.05.05 18:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.05.05 18:04:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads [2013.05.05 18:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Western Digital [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.26 18:58:39 | 000,000,000 | ---- | M] () -- C:\Users\Lima\defogger_reenable [2013.05.26 18:56:15 | 000,001,180 | ---- | M] () -- C:\Users\Lima\Desktop\Check for Updates.lnk [2013.05.26 18:32:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.26 18:32:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.26 18:31:27 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.26 18:31:27 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.26 18:31:27 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.26 18:31:27 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.26 18:31:27 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.26 18:25:32 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat [2013.05.26 18:25:18 | 000,372,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.26 18:25:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.24 15:52:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.24 15:52:21 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.19 11:53:57 | 001,641,654 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.19 11:32:58 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2013.05.14 06:11:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf [2013.05.14 06:11:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf [2013.05.14 06:10:58 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk [2013.05.08 06:45:44 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 18:02:55 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\WD Security.lnk [2013.05.05 18:02:36 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk [2013.05.04 17:20:06 | 000,000,121 | ---- | M] () -- C:\Users\Lima\Desktop\Neue Internetverknüpfung.url [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.26 18:58:39 | 000,000,000 | ---- | C] () -- C:\Users\Lima\defogger_reenable [2013.05.26 18:56:15 | 000,001,180 | ---- | C] () -- C:\Users\Lima\Desktop\Check for Updates.lnk [2013.05.24 15:52:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.24 15:52:21 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.20 19:59:36 | 000,001,171 | ---- | C] () -- C:\Users\Lima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.19 11:32:58 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2013.05.14 06:11:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf [2013.05.14 06:11:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf [2013.05.14 06:10:58 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk [2013.05.05 18:36:55 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat [2013.05.05 18:02:55 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\WD Security.lnk [2013.05.05 18:02:36 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk [2013.05.04 17:19:54 | 000,000,121 | ---- | C] () -- C:\Users\Lima\Desktop\Neue Internetverknüpfung.url [2013.04.13 18:17:26 | 000,000,063 | ---- | C] () -- C:\Windows\wiso.ini [2013.01.09 18:21:38 | 000,000,133 | ---- | C] () -- C:\Users\Lima\AppData\Roaming\AbsoluteReminder.xml [2012.12.12 15:42:58 | 000,004,608 | ---- | C] () -- C:\Users\Lima\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.05 12:01:29 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2012.11.30 18:32:08 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.08.07 04:04:27 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll [2012.08.07 04:04:27 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll [2012.08.07 04:04:26 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll [2012.08.07 04:04:26 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll [2012.08.07 04:04:16 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll [2012.08.07 04:02:18 | 001,641,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.07 03:46:30 | 000,001,950 | ---- | C] () -- C:\Windows\vm332Rmv.ini [2012.08.07 03:46:30 | 000,001,950 | ---- | C] () -- C:\Windows\SysWow64\vm332Rmv.ini [2012.03.12 04:00:49 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.03.12 04:00:43 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.03.12 04:00:37 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.12 04:00:32 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.03.07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.08 11:59:30 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Amazon [2013.02.22 22:53:45 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Babylon [2013.04.10 11:43:36 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Canon [2013.05.26 18:26:25 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Dropbox [2012.12.19 09:26:24 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\e-academy Inc [2013.05.26 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\HTC [2012.11.30 18:33:40 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Leadertech [2013.05.26 17:35:04 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\MyPhoneExplorer [2013.05.18 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Outlook [2013.05.14 06:13:10 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Research In Motion [2012.12.01 22:18:33 | 000,000,000 | ---D | M] -- C:\Users\Lima\AppData\Roaming\Western Digital ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.05.2013 19:03:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lima\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,86 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 64,59% Memory free
11,73 Gb Paging File | 9,23 Gb Available in Paging File | 78,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,56 Gb Total Space | 254,66 Gb Free Space | 60,55% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 21,03 Gb Free Space | 82,59% Space Free | Partition Type: NTFS
Computer Name: LIMA-PC | User Name: Lima | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E25C303-3F46-4861-89D6-F3FC554F4A8D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0E33E162-F32C-46C8-8C16-97A975C6B163}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{1773DF9D-DC9F-4065-B10D-7B7830297E67}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{497DCA40-FE8A-4751-BB8B-D3A6B381272C}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A6AA537-1257-48F8-904D-AF1677FE32D8}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{57ED3142-7568-4BFD-9F7B-07D92363EAF7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{64BCC032-A3C1-4342-A9CC-1085A936B42F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{658B8B1E-39F1-4EEA-A267-A0AFB9C27B0D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F588A40-E95D-4575-8357-04F8F88C2631}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70B2E7C6-4BF2-4848-A392-522569FC550E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{771994CF-D450-47DA-A9C4-6BA542BDD3CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B7EAFAB-B95F-4D4E-8043-7DEA449B6DA2}" = lport=137 | protocol=17 | dir=in | app=system |
"{86440D3B-6E86-4841-9401-EFA59581DC47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BE989E3-6179-4E88-AA9F-59AFB7471D52}" = rport=138 | protocol=17 | dir=out | app=system |
"{8C8089CA-CEDD-400E-AA39-754CC6EF6124}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8DCC8DC9-D127-40E7-B6E8-D23247DE656C}" = lport=445 | protocol=6 | dir=in | app=system |
"{96867D2F-13C3-40F8-B1C0-5F52495A18ED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E32BFD6-C744-4D6E-99C6-3BCA16D3738C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3BF08E5-9CE8-4047-B4DC-6648BDF653D1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A684099A-8343-4943-974B-3CBC7548CCF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC964D3A-2B95-43B0-811C-D57B8DA0761D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0C66970-4AEF-4055-B96B-AA7D1CB93CF6}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{B220E529-4E9B-4190-BE9C-CADA4E613AB7}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA69C307-A650-4344-BF80-35B93FBA25EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4D81935-13B0-421D-97D8-3DEBC64EABE1}" = lport=138 | protocol=17 | dir=in | app=system |
"{D44290D8-7B96-46AC-A2E2-1A5422A734B9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D89D4BCD-88DD-4745-9341-424A2A39061F}" = lport=139 | protocol=6 | dir=in | app=system |
"{F340092D-C0D6-47EC-8FBF-016365384717}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{F548BF32-D195-4B94-83E4-3CD182FCE365}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD99A8AA-A122-45A3-A728-3EA8686CBD41}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{091C2D43-0EA1-4286-B6B7-E5A775BF9D0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D8B5CA6-82ED-4C9B-AC9F-548F4BBBC8EC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{18F43A58-D120-4E70-B799-ACBE27BAA37F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1CC60F45-C9FB-4D45-B2D4-E0913AD69174}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2239A0AF-4286-405D-BB83-4283768F7DEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25C96FD3-65F8-4DEE-B9E8-5B970B5A9C00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48FF034E-ACC4-4F79-93AB-1D79A70D6641}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50ECD31A-CD16-4F05-BD8D-0B0A2597BE3C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52399B1D-F48E-4516-B809-008751AFED9F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{65304ADC-0475-4C14-ABE5-AFCC31A5293B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66A7C4F7-696C-4762-9D90-B3B1464E3635}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66D03B45-E1D4-4526-B8D0-4061C7590246}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{69B2F912-3BA3-4466-AA9D-54C8D1E14BBE}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{69DAC5FE-81C3-41EA-B72D-570929F3472B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BD7A343-1303-4919-9A7C-CD058327FF7F}" = protocol=17 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
"{6DC38FF4-D28E-4F0F-88C0-DBE3961B1E81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{75F3D00B-4823-4397-BF37-EB20325249EF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7DDEF40C-E3EB-4A9C-BC31-614601C845ED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8873E082-F6CE-435F-9260-BEBF30B3862C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9296D1A2-7035-446C-A074-4C2A0246085B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{956924ED-5DD3-4D83-9FAB-8ECD7F4788AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9639C388-CD66-42A8-A4AF-4F0299A79E90}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A21E4F2F-584B-42C2-AF8E-5B4A879A25FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A970E38D-1059-410F-A048-D49D7768CFF5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A98F016D-0016-4677-8554-640B1B4A91DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AEC01BAE-3EF9-41B5-ACB9-19484514C472}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B0F50AF4-B96E-4FC6-BAD9-A7D24DD2F7F1}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{B82965C3-F95D-47B4-94E9-26D0A5E13F24}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BEABFB44-1EC4-496C-8813-2E4A88AB60C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DF918321-FA91-4ABF-BF27-706A69E85000}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E102B04B-BF6F-4465-9066-DD5A7D4B8336}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E292904D-25C2-44D9-A719-5369F31CE94D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E46BEDE8-7EA6-4E19-930E-6D7B6EEF4874}" = protocol=6 | dir=out | app=system |
"{F6D3B39E-035F-43A5-9000-99620C6CDBD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F73FE742-BD68-49C2-9C48-F296A27DBC30}" = protocol=6 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{08C57763-E83E-4ACC-A5F8-9AF96E0D5225}C:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A848053E-90F9-4512-9C2E-993F64F30842}C:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{83E68458-AF28-4CA4-8AFC-595A10307290}" = LenovoDrv_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DD178D9D-89DD-4F15-9E56-57C85D1EDF36}" = WD SmartWare
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"5E61CDC4058A17FE9BE3046B1846F3118CD618B1" = Windows Driver Package - Lenovo Corporation (LAD) System (01/13/2012 1.0.0.2)
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{07C70C1E-E746-482A-82F9-943F024708CF}" = Alcor Micro USB Card Reader
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{124310E8-7C49-4C33-B4F2-3CF43F3830B7}" = WD Quick View
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program
"{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}" = Lenovo Smart Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{439A51F7-84B1-4603-BEC8-647EB2AC307F}" = WD Drive Utilities
"{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}" = BootShield
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{6737F045-A91A-4177-9C8C-59460FC1C84D}" = t@x 2013 Professional
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8172B41A-9BB5-4A64-BF28-1FB5FE43C3FF}" = WD Security
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{bfb9000e-e7d4-490f-a873-ec2c9cab3b3d}" = WD SmartWare Installer
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AmUStor" = Alcor Micro USB Card Reader
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DPP" = Canon Utilities Digital Photo Professional 3.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"FilesFrog Update Checker" = FilesFrog Update Checker
"GeldProfi_is1" = GeldProfi 2.11.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 16.0 (x86 de)" = Mozilla Firefox 16.0 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PriceGong" = PriceGong 2.6.11
"SugarSync" = SugarSync Manager
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
Code is:0x422.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
The Code is:0x424.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed
with 0, The Code is:0x422.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success
failed with 1, The Code is:0x424.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
Code is:0x422.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
The Code is:0x424.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed
with 0, The Code is:0x422.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success
failed with 1, The Code is:0x424.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed
with 0, The Code is:0x422.).
Error - 26.05.2013 12:25:32 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success
failed with 1, The Code is:0x424.).
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 26.05.2013 12:27:26 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp
Line:
371 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 26.05.2013 12:27:26 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 26.05.2013 12:27:26 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1655 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 26.05.2013 12:27:34 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 26.05.2013 12:27:34 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1655 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 26.05.2013 12:27:34 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 26.05.2013 12:27:34 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 26.05.2013 12:30:30 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 26.05.2013 12:30:30 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 26.05.2013 12:30:30 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ OSession Events ]
Error - 01.04.2013 08:20:03 | Computer Name = Lima-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 219
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 23.05.2013 14:23:13 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom mfewfpk
Error - 24.05.2013 00:18:19 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom mfewfpk
Error - 24.05.2013 07:59:40 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom mfewfpk
Error - 24.05.2013 15:26:34 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Error - 25.05.2013 10:07:58 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Error - 26.05.2013 04:52:14 | Computer Name = Lima-PC | Source = DCOM | ID = 10010
Description =
Error - 26.05.2013 04:53:37 | Computer Name = Lima-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 26.05.2013 11:53:42 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom mfewfpk
Error - 26.05.2013 11:55:36 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Blackberry Device Manager" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 26.05.2013 12:25:24 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
26.05.2013, 19:27
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verlinkungen zu Clickcompare Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
26.05.2013, 19:52
| #3 |
| | Verlinkungen zu Clickcompare Ich hatte natürlich beim Versuch den Virenscanner wieder anzubekommen einen neuen Suchlauf gestartet. Unter Ereignisse habe ich nichts gefunden, aber in der Quarantäne.
__________________Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\Lima\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R4GVXEI\yontoosetup[1].exe
Status: Infiziert
Quarantäne-Objekt: 561bbaa6.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.22
Virendefinitionsdatei: 7.11.68.150
Meldung: ADWARE/Yontoo.Gen
Datum/Uhrzeit: 02.04.2013, 21:13
Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\Lima\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6H1MVJHS\yontoosetup[1].exe
Status: Infiziert
Quarantäne-Objekt: 595344d8.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.04
Virendefinitionsdatei: 7.11.62.76
Meldung: ADWARE/Yontoo.Gen
Datum/Uhrzeit: 22.02.2013, 21:54
Code:
ATTFilter
Typ: Datei
Quelle: C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
Status: Infiziert
Quarantäne-Objekt: 58f84514.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.02
Virendefinitionsdatei: 7.11.61.98
Meldung: TR/Dropper.MSIL.Gen
Datum/Uhrzeit: 16.02.2013, 01:46
|
|
26.05.2013, 19:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verlinkungen zu Clickcompare Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Wie man Programme richtig installiert Backup mit DriveSnapshot Das TB unterstützen |
|
26.05.2013, 20:36
| #5 |
| | Verlinkungen zu Clickcompare Da kam Folgendes bei raus: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-26 21:14:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 465,76GB
Running: gmer_2.1.19163(1).exe; Driver: C:\Users\Lima\AppData\Local\Temp\kxldapod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033ef000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800033ef02f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Users\Lima\AppData\Roaming\Dropbox\bin\Dropbox.exe[6312] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Users\Lima\AppData\Roaming\Dropbox\bin\Dropbox.exe[6312] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
.text C:\Users\Lima\Downloads\Defogger.exe[1212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075711465 2 bytes [71, 75]
.text C:\Users\Lima\Downloads\Defogger.exe[1212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757114bb 2 bytes [71, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1776:1780] 0000000000edd227
Thread C:\Windows\SysWOW64\ntdll.dll [1776:2292] 0000000071d3e2db
Thread C:\Windows\SysWOW64\ntdll.dll [1776:2488] 00000000709a8df0
Thread C:\Windows\SysWOW64\ntdll.dll [1776:2492] 00000000709a8df0
Thread C:\Windows\SysWOW64\ntdll.dll [1776:2496] 00000000709a8df0
Thread C:\Windows\SysWOW64\ntdll.dll [1776:2500] 00000000709a4e70
Thread C:\Windows\SysWOW64\ntdll.dll [4900:4948] 00000000013e3fe1
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\54533251-82be-4824-96c1-47b60b740d00\bc5038f7-23e0-4960-96da-33abaf5935ec@DCSettingIndex 70
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543cc020d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543cc020d (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16576
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 6296686592, free: 3345543168
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16576
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 6296686592, free: 3361865728
Downloaded database version: v2013.05.26.05
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
05/26/2013 21:22:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\BootShield.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\BootShieldfltr.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\AcpiVpc.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\irstrtdv.sys
\SystemRoot\system32\DRIVERS\LAD.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\vm332avs.sys
\SystemRoot\System32\Drivers\STREAM.SYS
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\RMCAST.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Users\Lima\AppData\Local\Temp\kxldapod.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\usp10.dll
\Windows\System32\difxapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\sechost.dll
\Windows\System32\nsi.dll
\Windows\System32\advapi32.dll
\Windows\System32\ole32.dll
\Windows\System32\msctf.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\user32.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\gdi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800de53060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005d43050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800de51060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa8005ced050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 1, partition: 2
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800de53060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800de53b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800de54040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa800de53060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005d43050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 1, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 1, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File kernel read failed: C:\Windows\system32\drivers\fltMgr.sys
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800de51060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800de52b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800de52040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa800de51060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005ced050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B43DDA4A
Partition information:
Partition 0 type is Other (0x84)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 16773120
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 8589934592 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-16757216-16777216)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B43DDA4E
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 409600
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 411648 Numsec = 881987584
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 882399232 Numsec = 53411840
Partition 3 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 935811072 Numsec = 40550400
Disk Size: 500105547264 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
Nach Anleitung hatte ich ja den Defogger gedownloaded. Muss ich mit dem noch weiter irgendwas machen, da das Fenster weiterhin offen ist? |
|
26.05.2013, 22:05
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verlinkungen zu Clickcompare Bitte die Anleitungen sorgfältiger lesen und umsetzen, du hast das falsche Log von MBAR gepostet Und defogger ist jetzt noch lange nicht relevant, erst wenn hier komplett durch sind
__________________ --> Verlinkungen zu Clickcompare |
|
27.05.2013, 05:09
| #7 |
| | Verlinkungen zu Clickcompare Gten Morgen, Entschuldigung, war keine Absicht. War froh, überhaupt eine log Datei gefunden zu haben. :-/ Das müsste jetzt die richtige sein. Danke für die Geduld. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.05.26.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Lima :: LIMA-PC [administrator]
26.05.2013 21:22:15
mbar-log-2013-05-26 (21-22-15).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 272955
Time elapsed: 10 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
27.05.2013, 09:08
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verlinkungen zu Clickcompare aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Wie man Programme richtig installiert Backup mit DriveSnapshot Das TB unterstützen |
|
27.05.2013, 16:30
| #9 |
| | Verlinkungen zu ClickcompareCode:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-27 16:59:51
-----------------------------
16:59:51.304 OS Version: Windows x64 6.1.7601 Service Pack 1
16:59:51.314 Number of processors: 4 586 0x3A09
16:59:51.314 ComputerName: LIMA-PC UserName: Lima
16:59:52.044 Initialize success
17:01:18.852 AVAST engine defs: 13052700
17:01:35.067 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:01:35.077 Disk 0 Vendor: Intel___ 1.0. Size: 8192MB BusType: 8
17:01:35.077 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
17:01:35.087 Disk 1 Vendor: Intel___ 1.0. Size: 476937MB BusType: 8
17:01:35.117 Disk 1 MBR read successfully
17:01:35.117 Disk 1 MBR scan
17:01:35.137 Disk 1 Windows 7 default MBR code
17:01:35.137 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
17:01:35.147 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 430658 MB offset 411648
17:01:35.157 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 26080 MB offset 882399232
17:01:35.167 Disk 1 Partition 4 00 12 Compaq diag NTFS 19800 MB offset 935811072
17:01:35.197 Disk 1 scanning C:\Windows\system32\drivers
17:01:45.851 Service scanning
17:02:05.760 Modules scanning
17:02:05.780 Disk 1 trace - called modules:
17:02:05.800 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:02:05.810 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800de70060]
17:02:05.820 3 CLASSPNP.SYS[fffff8800102243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005ddc050]
17:02:06.600 AVAST engine scan C:\Windows
17:02:08.210 AVAST engine scan C:\Windows\system32
17:06:18.476 AVAST engine scan C:\Windows\system32\drivers
17:06:28.920 AVAST engine scan C:\Users\Lima
17:19:27.405 AVAST engine scan C:\ProgramData
17:21:45.046 Scan finished successfully
17:22:17.413 Disk 1 MBR has been saved successfully to "C:\Users\Lima\Documents\Trojaner Board\MBR.dat"
17:22:17.423 The log file has been saved successfully to "C:\Users\Lima\Documents\Trojaner Board\aswMBR.txt"
Code:
ATTFilter 17:24:35.0168 6968 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:24:35.0418 6968 ============================================================
17:24:35.0418 6968 Current date / time: 2013/05/27 17:24:35.0418
17:24:35.0418 6968 SystemInfo:
17:24:35.0418 6968
17:24:35.0418 6968 OS Version: 6.1.7601 ServicePack: 1.0
17:24:35.0418 6968 Product type: Workstation
17:24:35.0418 6968 ComputerName: LIMA-PC
17:24:35.0418 6968 UserName: Lima
17:24:35.0418 6968 Windows directory: C:\Windows
17:24:35.0418 6968 System windows directory: C:\Windows
17:24:35.0418 6968 Running under WOW64
17:24:35.0418 6968 Processor architecture: Intel x64
17:24:35.0418 6968 Number of processors: 4
17:24:35.0418 6968 Page size: 0x1000
17:24:35.0418 6968 Boot type: Normal boot
17:24:35.0418 6968 ============================================================
17:24:35.0930 6968 Drive \Device\Harddisk0\DR0 - Size: 0x200000000 (8.00 Gb), SectorSize: 0x200, Cylinders: 0x414, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:24:35.0930 6968 Drive \Device\Harddisk1\DR1 - Size: 0x74709D0E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:24:35.0940 6968 ============================================================
17:24:35.0940 6968 \Device\Harddisk0\DR0:
17:24:35.0940 6968 MBR partitions:
17:24:35.0940 6968 \Device\Harddisk1\DR1:
17:24:35.0940 6968 MBR partitions:
17:24:35.0940 6968 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
17:24:35.0940 6968 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34921000
17:24:35.0940 6968 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x34985800, BlocksNum 0x32F0000
17:24:35.0940 6968 ============================================================
17:24:35.0940 6968 C: <-> \Device\Harddisk1\DR1\Partition2
17:24:35.0980 6968 D: <-> \Device\Harddisk1\DR1\Partition3
17:24:35.0980 6968 ============================================================
17:24:35.0980 6968 Initialize success
17:24:35.0980 6968 ============================================================
17:25:12.0745 5664 ============================================================
17:25:12.0745 5664 Scan started
17:25:12.0745 5664 Mode: Manual; SigCheck; TDLFS;
17:25:12.0745 5664 ============================================================
17:25:13.0315 5664 ================ Scan system memory ========================
17:25:13.0315 5664 System memory - ok
17:25:13.0325 5664 ================ Scan services =============================
17:25:13.0385 5664 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:25:13.0495 5664 1394ohci - ok
17:25:13.0505 5664 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:25:13.0535 5664 ACPI - ok
17:25:13.0545 5664 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:25:13.0585 5664 AcpiPmi - ok
17:25:13.0595 5664 [ 5E813B11629007309E4FC0F0FD2B7C30 ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys
17:25:13.0615 5664 ACPIVPC - ok
17:25:13.0625 5664 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
17:25:13.0645 5664 acsock - ok
17:25:13.0655 5664 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:25:13.0685 5664 AdobeARMservice - ok
17:25:13.0695 5664 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:25:13.0725 5664 adp94xx - ok
17:25:13.0735 5664 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:25:13.0765 5664 adpahci - ok
17:25:13.0775 5664 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:25:13.0795 5664 adpu320 - ok
17:25:13.0805 5664 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:25:13.0955 5664 AeLookupSvc - ok
17:25:13.0965 5664 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:25:13.0995 5664 AFD - ok
17:25:14.0005 5664 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:25:14.0025 5664 agp440 - ok
17:25:14.0035 5664 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:25:14.0085 5664 ALG - ok
17:25:14.0085 5664 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:25:14.0105 5664 aliide - ok
17:25:14.0115 5664 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:25:14.0135 5664 amdide - ok
17:25:14.0145 5664 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:25:14.0165 5664 AmdK8 - ok
17:25:14.0175 5664 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:25:14.0195 5664 AmdPPM - ok
17:25:14.0205 5664 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:25:14.0225 5664 amdsata - ok
17:25:14.0235 5664 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:25:14.0255 5664 amdsbs - ok
17:25:14.0265 5664 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:25:14.0285 5664 amdxata - ok
17:25:14.0295 5664 [ C5D5B9BAF5A940953FE8393BF937AD60 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
17:25:14.0315 5664 AmUStor - ok
17:25:14.0325 5664 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:25:14.0355 5664 AntiVirSchedulerService - ok
17:25:14.0365 5664 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:25:14.0385 5664 AntiVirService - ok
17:25:14.0385 5664 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:25:14.0535 5664 AppID - ok
17:25:14.0535 5664 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:25:14.0605 5664 AppIDSvc - ok
17:25:14.0615 5664 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
17:25:14.0645 5664 Appinfo - ok
17:25:14.0645 5664 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:25:14.0675 5664 Apple Mobile Device - ok
17:25:14.0685 5664 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:25:14.0705 5664 arc - ok
17:25:14.0715 5664 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:25:14.0735 5664 arcsas - ok
17:25:14.0755 5664 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:25:14.0785 5664 aspnet_state - ok
17:25:14.0785 5664 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:25:14.0845 5664 AsyncMac - ok
17:25:14.0855 5664 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:25:14.0875 5664 atapi - ok
17:25:14.0885 5664 [ EF3B9AD9D03047EBA1369732B2F55AFE ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
17:25:14.0905 5664 AthBTPort - ok
17:25:14.0915 5664 [ 8BE63D6CE5C6994888C231CB5F8464FF ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
17:25:14.0985 5664 AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
17:25:14.0985 5664 AtherosSvc - detected UnsignedFile.Multi.Generic (1)
17:25:15.0055 5664 [ FA196131665C0517EF5516EE64C2CB4D ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:25:15.0145 5664 athr - ok
17:25:15.0165 5664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:25:15.0235 5664 AudioEndpointBuilder - ok
17:25:15.0245 5664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:25:15.0315 5664 AudioSrv - ok
17:25:15.0325 5664 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:25:15.0335 5664 avgntflt - ok
17:25:15.0345 5664 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:25:15.0365 5664 avipbb - ok
17:25:15.0375 5664 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:25:15.0395 5664 avkmgr - ok
17:25:15.0395 5664 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:25:15.0445 5664 AxInstSV - ok
17:25:15.0455 5664 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:25:15.0485 5664 b06bdrv - ok
17:25:15.0495 5664 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:25:15.0525 5664 b57nd60a - ok
17:25:15.0535 5664 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:25:15.0565 5664 BDESVC - ok
17:25:15.0575 5664 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:25:15.0625 5664 Beep - ok
17:25:15.0675 5664 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:25:15.0765 5664 BFE - ok
17:25:15.0785 5664 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:25:15.0865 5664 BITS - ok
17:25:15.0875 5664 [ 686045905787B68D829CE647A6DFAD2B ] Blackberry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
17:25:15.0895 5664 Blackberry Device Manager ( UnsignedFile.Multi.Generic ) - warning
17:25:15.0895 5664 Blackberry Device Manager - detected UnsignedFile.Multi.Generic (1)
17:25:15.0905 5664 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:25:15.0925 5664 blbdrive - ok
17:25:15.0935 5664 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:25:15.0975 5664 Bonjour Service - ok
17:25:15.0985 5664 [ 5D51AA4276D28C1FC9F8737BBE3B97DE ] BootShield C:\Windows\system32\drivers\BootShield.sys
17:25:16.0005 5664 BootShield - ok
17:25:16.0005 5664 [ 1C1E87D9812AE5AFA3BA0F037090BDC6 ] BootShieldfltr C:\Windows\system32\drivers\BootShieldfltr.sys
17:25:16.0025 5664 BootShieldfltr - ok
17:25:16.0035 5664 [ FCD33D5DD163FC38FB329591F6667774 ] BootShieldSvc C:\Windows\System32\BootShieldSvc.exe
17:25:16.0055 5664 BootShieldSvc - ok
17:25:16.0065 5664 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:25:16.0085 5664 bowser - ok
17:25:16.0085 5664 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:25:16.0115 5664 BrFiltLo - ok
17:25:16.0125 5664 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:25:16.0145 5664 BrFiltUp - ok
17:25:16.0155 5664 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:25:16.0184 5664 Browser - ok
17:25:16.0194 5664 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:25:16.0224 5664 Brserid - ok
17:25:16.0234 5664 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:25:16.0264 5664 BrSerWdm - ok
17:25:16.0264 5664 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:25:16.0294 5664 BrUsbMdm - ok
17:25:16.0304 5664 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:25:16.0324 5664 BrUsbSer - ok
17:25:16.0334 5664 [ 72EA2FCD6456BFC6936EDA474EA08E48 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
17:25:16.0364 5664 BTATH_A2DP - ok
17:25:16.0374 5664 [ FFA0D38141FB7B93AFF465B82596D1EC ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
17:25:16.0394 5664 btath_avdt - ok
17:25:16.0394 5664 [ A65A9B2C3A9985D8122B2B6D3D2F4C1B ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
17:25:16.0414 5664 BTATH_BUS - ok
17:25:16.0424 5664 [ E95F7E9F4C8A88610F4142E60CF196BE ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:25:16.0474 5664 BTATH_HCRP - ok
17:25:16.0474 5664 [ 1A5C05524C0C503C87F930F154B7145D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:25:16.0494 5664 BTATH_LWFLT - ok
17:25:16.0514 5664 [ C2FD5B24F648DAC8143C51514307B0EC ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
17:25:16.0534 5664 BTATH_RCP - ok
17:25:16.0554 5664 [ 01155B6604D05F844D0655C69587FC2B ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
17:25:16.0584 5664 BtFilter - ok
17:25:16.0594 5664 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:25:16.0614 5664 BthEnum - ok
17:25:16.0624 5664 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:25:16.0644 5664 BTHMODEM - ok
17:25:16.0654 5664 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:25:16.0694 5664 BthPan - ok
17:25:16.0714 5664 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:25:16.0744 5664 BTHPORT - ok
17:25:16.0754 5664 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:25:16.0814 5664 bthserv - ok
17:25:16.0824 5664 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:25:16.0844 5664 BTHUSB - ok
17:25:16.0854 5664 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:25:16.0924 5664 cdfs - ok
17:25:16.0924 5664 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:25:16.0955 5664 cdrom - ok
17:25:16.0955 5664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:25:17.0025 5664 CertPropSvc - ok
17:25:17.0025 5664 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:25:17.0055 5664 circlass - ok
17:25:17.0065 5664 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:25:17.0095 5664 CLFS - ok
17:25:17.0115 5664 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:25:17.0145 5664 clr_optimization_v2.0.50727_32 - ok
17:25:17.0175 5664 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:25:17.0195 5664 clr_optimization_v2.0.50727_64 - ok
17:25:17.0215 5664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:25:17.0265 5664 clr_optimization_v4.0.30319_32 - ok
17:25:17.0275 5664 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:25:17.0295 5664 clr_optimization_v4.0.30319_64 - ok
17:25:17.0305 5664 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
17:25:17.0315 5664 clwvd - ok
17:25:17.0325 5664 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:25:17.0345 5664 CmBatt - ok
17:25:17.0345 5664 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:25:17.0365 5664 cmdide - ok
17:25:17.0385 5664 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:25:17.0425 5664 CNG - ok
17:25:17.0465 5664 [ BFF966AD3941BAF23F9563EDD0D7575D ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
17:25:17.0525 5664 CnxtHdAudService - ok
17:25:17.0535 5664 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:25:17.0555 5664 Compbatt - ok
17:25:17.0555 5664 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:25:17.0585 5664 CompositeBus - ok
17:25:17.0595 5664 COMSysApp - ok
17:25:17.0625 5664 [ BEBCA166BCB82427CB1D029404BCBBC3 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
17:25:17.0675 5664 cphs - ok
17:25:17.0675 5664 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:25:17.0695 5664 crcdisk - ok
17:25:17.0705 5664 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:25:17.0735 5664 CryptSvc - ok
17:25:17.0745 5664 [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
17:25:17.0765 5664 CxAudMsg - ok
17:25:17.0785 5664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:25:17.0855 5664 DcomLaunch - ok
17:25:17.0865 5664 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:25:17.0955 5664 defragsvc - ok
17:25:17.0965 5664 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:25:18.0025 5664 DfsC - ok
17:25:18.0035 5664 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:25:18.0095 5664 Dhcp - ok
17:25:18.0105 5664 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:25:18.0165 5664 discache - ok
17:25:18.0175 5664 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:25:18.0185 5664 Disk - ok
17:25:18.0195 5664 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:25:18.0225 5664 Dnscache - ok
17:25:18.0235 5664 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:25:18.0315 5664 dot3svc - ok
17:25:18.0315 5664 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:25:18.0385 5664 DPS - ok
17:25:18.0395 5664 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:25:18.0415 5664 drmkaud - ok
17:25:18.0435 5664 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:25:18.0485 5664 DXGKrnl - ok
17:25:18.0495 5664 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:25:18.0565 5664 EapHost - ok
17:25:18.0715 5664 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:25:18.0805 5664 ebdrv - ok
17:25:18.0805 5664 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:25:18.0835 5664 EFS - ok
17:25:18.0855 5664 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:25:18.0915 5664 ehRecvr - ok
17:25:18.0915 5664 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:25:18.0955 5664 ehSched - ok
17:25:18.0965 5664 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:25:18.0995 5664 elxstor - ok
17:25:19.0005 5664 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:25:19.0025 5664 ErrDev - ok
17:25:19.0045 5664 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:25:19.0125 5664 EventSystem - ok
17:25:19.0135 5664 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:25:19.0205 5664 exfat - ok
17:25:19.0215 5664 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:25:19.0275 5664 fastfat - ok
17:25:19.0295 5664 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:25:19.0345 5664 Fax - ok
17:25:19.0355 5664 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:25:19.0375 5664 fdc - ok
17:25:19.0385 5664 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:25:19.0445 5664 fdPHost - ok
17:25:19.0455 5664 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:25:19.0515 5664 FDResPub - ok
17:25:19.0525 5664 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:25:19.0545 5664 FileInfo - ok
17:25:19.0545 5664 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:25:19.0605 5664 Filetrace - ok
17:25:19.0615 5664 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:25:19.0635 5664 flpydisk - ok
17:25:19.0645 5664 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:25:19.0675 5664 FltMgr - ok
17:25:19.0695 5664 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
17:25:19.0745 5664 FontCache - ok
17:25:19.0755 5664 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:25:19.0775 5664 FontCache3.0.0.0 - ok
17:25:19.0785 5664 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:25:19.0805 5664 FsDepends - ok
17:25:19.0815 5664 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:25:19.0825 5664 fssfltr - ok
17:25:19.0905 5664 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:25:20.0006 5664 fsssvc - ok
17:25:20.0016 5664 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:25:20.0036 5664 Fs_Rec - ok
17:25:20.0046 5664 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:25:20.0076 5664 fvevol - ok
17:25:20.0076 5664 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:25:20.0096 5664 gagp30kx - ok
17:25:20.0106 5664 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:25:20.0126 5664 GEARAspiWDM - ok
17:25:20.0146 5664 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:25:20.0216 5664 gpsvc - ok
17:25:20.0226 5664 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:25:20.0246 5664 hcw85cir - ok
17:25:20.0256 5664 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:25:20.0286 5664 HdAudAddService - ok
17:25:20.0296 5664 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:25:20.0326 5664 HDAudBus - ok
17:25:20.0336 5664 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:25:20.0356 5664 HidBatt - ok
17:25:20.0366 5664 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:25:20.0396 5664 HidBth - ok
17:25:20.0396 5664 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:25:20.0426 5664 HidIr - ok
17:25:20.0436 5664 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:25:20.0486 5664 hidserv - ok
17:25:20.0496 5664 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:25:20.0516 5664 HidUsb - ok
17:25:20.0526 5664 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:25:20.0586 5664 hkmsvc - ok
17:25:20.0596 5664 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:25:20.0616 5664 HomeGroupListener - ok
17:25:20.0626 5664 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:25:20.0656 5664 HomeGroupProvider - ok
17:25:20.0656 5664 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:25:20.0676 5664 HpSAMD - ok
17:25:20.0686 5664 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:25:20.0756 5664 HTCAND64 - ok
17:25:20.0756 5664 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
17:25:20.0776 5664 htcnprot - ok
17:25:20.0786 5664 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:25:20.0866 5664 HTTP - ok
17:25:20.0866 5664 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:25:20.0886 5664 hwpolicy - ok
17:25:20.0896 5664 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:25:20.0916 5664 i8042prt - ok
17:25:20.0936 5664 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\drivers\iaStor.sys
17:25:20.0966 5664 iaStor - ok
17:25:20.0976 5664 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:25:20.0986 5664 IAStorDataMgrSvc - ok
17:25:21.0006 5664 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:25:21.0036 5664 iaStorV - ok
17:25:21.0056 5664 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:25:21.0136 5664 idsvc - ok
17:25:21.0377 5664 [ 7054941241807E91663A83A38BCE3F0D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:25:21.0737 5664 igfx - ok
17:25:21.0757 5664 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:25:21.0777 5664 iirsp - ok
17:25:21.0797 5664 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:25:21.0867 5664 IKEEXT - ok
17:25:21.0887 5664 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:25:21.0907 5664 IntcDAud - ok
17:25:21.0927 5664 [ 0043EC20C06FD9FE339B5D37474B731E ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:25:21.0978 5664 Intel(R) Capability Licensing Service Interface - ok
17:25:21.0988 5664 [ 50CA8F1A4B0AEC4EE583594F0A8EB719 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
17:25:22.0018 5664 Intel(R) ME Service - ok
17:25:22.0018 5664 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:25:22.0038 5664 intelide - ok
17:25:22.0048 5664 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:25:22.0068 5664 intelppm - ok
17:25:22.0078 5664 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:25:22.0148 5664 IPBusEnum - ok
17:25:22.0158 5664 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:25:22.0218 5664 IpFilterDriver - ok
17:25:22.0238 5664 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:25:22.0268 5664 iphlpsvc - ok
17:25:22.0278 5664 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:25:22.0298 5664 IPMIDRV - ok
17:25:22.0308 5664 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:25:22.0368 5664 IPNAT - ok
17:25:22.0378 5664 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:25:22.0418 5664 iPod Service - ok
17:25:22.0418 5664 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:25:22.0448 5664 IRENUM - ok
17:25:22.0458 5664 [ 6DC22BDAA595BE00F19696E72F2F3312 ] irstrtdv C:\Windows\system32\DRIVERS\irstrtdv.sys
17:25:22.0478 5664 irstrtdv - ok
17:25:22.0478 5664 [ 205FD80EF4B9832F9763B9A187957260 ] irstrtsv C:\Windows\SysWOW64\irstrtsv.exe
17:25:22.0518 5664 irstrtsv - ok
17:25:22.0518 5664 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:25:22.0538 5664 isapnp - ok
17:25:22.0548 5664 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:25:22.0568 5664 iScsiPrt - ok
17:25:22.0578 5664 [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
17:25:22.0598 5664 iusb3hcs - ok
17:25:22.0608 5664 [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
17:25:22.0628 5664 iusb3hub - ok
17:25:22.0648 5664 [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
17:25:22.0688 5664 iusb3xhc - ok
17:25:22.0698 5664 [ EF27B3B58E393E9F10FB6A6643BD8185 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:25:22.0728 5664 jhi_service - ok
17:25:22.0738 5664 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:25:22.0758 5664 kbdclass - ok
17:25:22.0768 5664 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:25:22.0788 5664 kbdhid - ok
17:25:22.0798 5664 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:25:22.0818 5664 KeyIso - ok
17:25:22.0828 5664 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:25:22.0848 5664 KSecDD - ok
17:25:22.0858 5664 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:25:22.0878 5664 KSecPkg - ok
17:25:22.0878 5664 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:25:22.0948 5664 ksthunk - ok
17:25:22.0958 5664 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:25:23.0078 5664 KtmRm - ok
17:25:23.0078 5664 [ 7C621B3EE93130A96D7D19A02755CF3D ] LAD C:\Windows\system32\DRIVERS\LAD.sys
17:25:23.0098 5664 LAD - ok
17:25:23.0108 5664 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:25:23.0178 5664 LanmanServer - ok
17:25:23.0188 5664 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:25:23.0258 5664 LanmanWorkstation - ok
17:25:23.0268 5664 [ 5F10F9351627D7E63B3E55828096E4F6 ] LenovoSmartConnectService C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
17:25:23.0298 5664 LenovoSmartConnectService - ok
17:25:23.0308 5664 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\Windows\system32\DRIVERS\LhdX64.sys
17:25:23.0318 5664 LHDmgr - ok
17:25:23.0328 5664 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:25:23.0388 5664 lltdio - ok
17:25:23.0398 5664 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:25:23.0468 5664 lltdsvc - ok
17:25:23.0468 5664 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:25:23.0528 5664 lmhosts - ok
17:25:23.0538 5664 [ 2526FECED1625752EF4F8ABB367CAA7E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:25:23.0578 5664 LMS - ok
17:25:23.0588 5664 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:25:23.0608 5664 LSI_FC - ok
17:25:23.0618 5664 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:25:23.0638 5664 LSI_SAS - ok
17:25:23.0638 5664 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:25:23.0668 5664 LSI_SAS2 - ok
17:25:23.0668 5664 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:25:23.0698 5664 LSI_SCSI - ok
17:25:23.0698 5664 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:25:23.0808 5664 luafv - ok
17:25:23.0808 5664 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:25:23.0838 5664 Mcx2Svc - ok
17:25:23.0838 5664 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:25:23.0858 5664 megasas - ok
17:25:23.0868 5664 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:25:23.0898 5664 MegaSR - ok
17:25:23.0898 5664 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:25:23.0918 5664 MEIx64 - ok
17:25:23.0928 5664 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:25:23.0988 5664 MMCSS - ok
17:25:23.0998 5664 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:25:24.0058 5664 Modem - ok
17:25:24.0068 5664 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:25:24.0088 5664 monitor - ok
17:25:24.0098 5664 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:25:24.0118 5664 mouclass - ok
17:25:24.0118 5664 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:25:24.0148 5664 mouhid - ok
17:25:24.0148 5664 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:25:24.0168 5664 mountmgr - ok
17:25:24.0178 5664 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:25:24.0198 5664 mpio - ok
17:25:24.0208 5664 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:25:24.0268 5664 mpsdrv - ok
17:25:24.0288 5664 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:25:24.0388 5664 MpsSvc - ok
17:25:24.0398 5664 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:25:24.0428 5664 MRxDAV - ok
17:25:24.0438 5664 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:25:24.0468 5664 mrxsmb - ok
17:25:24.0478 5664 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:25:24.0508 5664 mrxsmb10 - ok
17:25:24.0518 5664 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:25:24.0538 5664 mrxsmb20 - ok
17:25:24.0548 5664 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:25:24.0568 5664 msahci - ok
17:25:24.0578 5664 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:25:24.0598 5664 msdsm - ok
17:25:24.0608 5664 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:25:24.0638 5664 MSDTC - ok
17:25:24.0648 5664 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:25:24.0708 5664 Msfs - ok
17:25:24.0718 5664 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:25:24.0788 5664 mshidkmdf - ok
17:25:24.0788 5664 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:25:24.0808 5664 msisadrv - ok
17:25:24.0818 5664 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:25:24.0878 5664 MSiSCSI - ok
17:25:24.0888 5664 msiserver - ok
17:25:24.0888 5664 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:25:24.0948 5664 MSKSSRV - ok
17:25:24.0958 5664 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:25:25.0018 5664 MSPCLOCK - ok
17:25:25.0018 5664 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:25:25.0078 5664 MSPQM - ok
17:25:25.0088 5664 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:25:25.0118 5664 MsRPC - ok
17:25:25.0128 5664 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:25:25.0148 5664 mssmbios - ok
17:25:25.0158 5664 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:25:25.0238 5664 MSTEE - ok
17:25:25.0248 5664 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:25:25.0268 5664 MTConfig - ok
17:25:25.0278 5664 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:25:25.0298 5664 Mup - ok
17:25:25.0318 5664 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:25:25.0388 5664 napagent - ok
17:25:25.0398 5664 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:25:25.0438 5664 NativeWifiP - ok
17:25:25.0458 5664 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:25:25.0498 5664 NDIS - ok
17:25:25.0508 5664 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:25:25.0578 5664 NdisCap - ok
17:25:25.0588 5664 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:25:25.0658 5664 NdisTapi - ok
17:25:25.0658 5664 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:25:25.0718 5664 Ndisuio - ok
17:25:25.0728 5664 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:25:25.0788 5664 NdisWan - ok
17:25:25.0798 5664 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:25:25.0858 5664 NDProxy - ok
17:25:25.0868 5664 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:25:25.0928 5664 NetBIOS - ok
17:25:25.0938 5664 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:25:25.0999 5664 NetBT - ok
17:25:26.0019 5664 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:25:26.0039 5664 Netlogon - ok
17:25:26.0059 5664 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:25:26.0139 5664 Netman - ok
17:25:26.0149 5664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:25:26.0219 5664 NetMsmqActivator - ok
17:25:26.0229 5664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:25:26.0249 5664 NetPipeActivator - ok
17:25:26.0259 5664 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:25:26.0343 5664 netprofm - ok
17:25:26.0343 5664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:25:26.0363 5664 NetTcpActivator - ok
17:25:26.0373 5664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:25:26.0383 5664 NetTcpPortSharing - ok
17:25:26.0393 5664 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:25:26.0413 5664 nfrd960 - ok
17:25:26.0423 5664 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:25:26.0453 5664 NlaSvc - ok
17:25:26.0463 5664 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:25:26.0523 5664 Npfs - ok
17:25:26.0523 5664 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:25:26.0593 5664 nsi - ok
17:25:26.0603 5664 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:25:26.0663 5664 nsiproxy - ok
17:25:26.0693 5664 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:25:26.0763 5664 Ntfs - ok
17:25:26.0773 5664 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:25:26.0833 5664 Null - ok
17:25:27.0103 5664 [ A68C95F8E17A4CFCB99F2139D73F552B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:25:27.0553 5664 nvlddmkm - ok
17:25:27.0563 5664 [ 7B4BD86B22DFE63FC08E5F4E24B54438 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
17:25:27.0583 5664 nvpciflt - ok
17:25:27.0593 5664 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:25:27.0613 5664 nvraid - ok
17:25:27.0623 5664 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:25:27.0643 5664 nvstor - ok
17:25:27.0673 5664 [ BD1CEC4D0CACABCFD93A07B2CC46C9EB ] nvsvc C:\Windows\system32\nvvsvc.exe
17:25:27.0713 5664 nvsvc - ok
17:25:27.0823 5664 [ 82205275BDB35B0AC8750FA8D0A21A5B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:25:27.0973 5664 nvUpdatusService - ok
17:25:27.0983 5664 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:25:28.0004 5664 nv_agp - ok
17:25:28.0024 5664 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:25:28.0074 5664 odserv - ok
17:25:28.0074 5664 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:25:28.0104 5664 ohci1394 - ok
17:25:28.0114 5664 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:25:28.0144 5664 ose - ok
17:25:28.0154 5664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:25:28.0184 5664 p2pimsvc - ok
17:25:28.0194 5664 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:25:28.0234 5664 p2psvc - ok
17:25:28.0244 5664 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:25:28.0264 5664 Parport - ok
17:25:28.0264 5664 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:25:28.0284 5664 partmgr - ok
17:25:28.0294 5664 [ 3CAE2BBC86FCF7F94C9696994AF30386 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
17:25:28.0304 5664 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
17:25:28.0304 5664 PassThru Service - detected UnsignedFile.Multi.Generic (1)
17:25:28.0314 5664 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:25:28.0354 5664 PcaSvc - ok
17:25:28.0364 5664 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:25:28.0384 5664 pci - ok
17:25:28.0394 5664 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:25:28.0404 5664 pciide - ok
17:25:28.0414 5664 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:25:28.0444 5664 pcmcia - ok
17:25:28.0444 5664 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:25:28.0464 5664 pcw - ok
17:25:28.0484 5664 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:25:28.0554 5664 PEAUTH - ok
17:25:28.0564 5664 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:25:28.0594 5664 PerfHost - ok
17:25:28.0674 5664 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:25:28.0774 5664 pla - ok
17:25:28.0794 5664 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:25:28.0824 5664 PlugPlay - ok
17:25:28.0824 5664 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:25:28.0854 5664 PNRPAutoReg - ok
17:25:28.0864 5664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:25:28.0894 5664 PNRPsvc - ok
17:25:28.0904 5664 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:25:28.0974 5664 PolicyAgent - ok
17:25:28.0984 5664 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:25:29.0044 5664 Power - ok
17:25:29.0054 5664 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:25:29.0114 5664 PptpMiniport - ok
17:25:29.0114 5664 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:25:29.0134 5664 Processor - ok
17:25:29.0144 5664 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:25:29.0174 5664 ProfSvc - ok
17:25:29.0184 5664 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:25:29.0204 5664 ProtectedStorage - ok
17:25:29.0214 5664 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:25:29.0264 5664 Psched - ok
17:25:29.0374 5664 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:25:29.0434 5664 ql2300 - ok
17:25:29.0444 5664 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:25:29.0464 5664 ql40xx - ok
17:25:29.0474 5664 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:25:29.0514 5664 QWAVE - ok
17:25:29.0514 5664 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:25:29.0554 5664 QWAVEdrv - ok
17:25:29.0554 5664 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:25:29.0614 5664 RasAcd - ok
17:25:29.0624 5664 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:25:29.0684 5664 RasAgileVpn - ok
17:25:29.0694 5664 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:25:29.0754 5664 RasAuto - ok
17:25:29.0764 5664 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:25:29.0834 5664 Rasl2tp - ok
17:25:29.0844 5664 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:25:29.0914 5664 RasMan - ok
17:25:29.0914 5664 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:25:29.0984 5664 RasPppoe - ok
17:25:29.0984 5664 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:25:30.0045 5664 RasSstp - ok
17:25:30.0055 5664 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:25:30.0125 5664 rdbss - ok
17:25:30.0125 5664 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:25:30.0155 5664 rdpbus - ok
17:25:30.0165 5664 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:25:30.0215 5664 RDPCDD - ok
17:25:30.0225 5664 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:25:30.0295 5664 RDPENCDD - ok
17:25:30.0295 5664 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:25:30.0355 5664 RDPREFMP - ok
17:25:30.0365 5664 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:25:30.0415 5664 RDPWD - ok
17:25:30.0435 5664 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:25:30.0455 5664 rdyboost - ok
17:25:30.0465 5664 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:25:30.0525 5664 RemoteAccess - ok
17:25:30.0535 5664 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:25:30.0595 5664 RemoteRegistry - ok
17:25:30.0605 5664 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:25:30.0635 5664 RFCOMM - ok
17:25:30.0645 5664 [ 6D850FAD4CC9498D1F382B77BA4035CC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:25:30.0665 5664 RimUsb - ok
17:25:30.0675 5664 [ 344604E6913BD6E4EAEC34AF2E0943D7 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
17:25:30.0705 5664 RimVSerPort - ok
17:25:30.0715 5664 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
17:25:30.0775 5664 RMCAST - ok
17:25:30.0775 5664 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
17:25:30.0835 5664 ROOTMODEM - ok
17:25:30.0845 5664 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:25:30.0915 5664 RpcEptMapper - ok
17:25:30.0915 5664 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:25:30.0945 5664 RpcLocator - ok
17:25:30.0965 5664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:25:31.0035 5664 RpcSs - ok
17:25:31.0035 5664 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:25:31.0095 5664 rspndr - ok
17:25:31.0115 5664 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:25:31.0145 5664 RTL8167 - ok
17:25:31.0155 5664 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:25:31.0175 5664 SamSs - ok
17:25:31.0185 5664 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:25:31.0205 5664 sbp2port - ok
17:25:31.0215 5664 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:25:31.0275 5664 SCardSvr - ok
17:25:31.0285 5664 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:25:31.0347 5664 scfilter - ok
17:25:31.0367 5664 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:25:31.0447 5664 Schedule - ok
17:25:31.0457 5664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:25:31.0517 5664 SCPolicySvc - ok
17:25:31.0527 5664 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:25:31.0547 5664 SDRSVC - ok
17:25:31.0557 5664 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:25:31.0617 5664 secdrv - ok
17:25:31.0617 5664 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:25:31.0687 5664 seclogon - ok
17:25:31.0687 5664 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:25:31.0747 5664 SENS - ok
17:25:31.0757 5664 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:25:31.0777 5664 SensrSvc - ok
17:25:31.0787 5664 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
17:25:31.0827 5664 Serenum - ok
17:25:31.0837 5664 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
17:25:31.0857 5664 Serial - ok
17:25:31.0867 5664 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:25:31.0887 5664 sermouse - ok
17:25:31.0907 5664 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:25:31.0967 5664 SessionEnv - ok
17:25:31.0977 5664 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:25:31.0997 5664 sffdisk - ok
17:25:32.0007 5664 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:25:32.0037 5664 sffp_mmc - ok
17:25:32.0037 5664 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:25:32.0067 5664 sffp_sd - ok
17:25:32.0067 5664 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:25:32.0097 5664 sfloppy - ok
17:25:32.0107 5664 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:25:32.0177 5664 SharedAccess - ok
17:25:32.0187 5664 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:25:32.0257 5664 ShellHWDetection - ok
17:25:32.0267 5664 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:25:32.0287 5664 SiSRaid2 - ok
17:25:32.0297 5664 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:25:32.0307 5664 SiSRaid4 - ok
17:25:32.0327 5664 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:25:32.0337 5664 SkypeUpdate - ok
17:25:32.0347 5664 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:25:32.0407 5664 Smb - ok
17:25:32.0417 5664 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:25:32.0447 5664 SNMPTRAP - ok
17:25:32.0457 5664 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:25:32.0477 5664 spldr - ok
17:25:32.0497 5664 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:25:32.0527 5664 Spooler - ok
17:25:32.0607 5664 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:25:32.0737 5664 sppsvc - ok
17:25:32.0747 5664 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:25:32.0807 5664 sppuinotify - ok
17:25:32.0817 5664 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:25:32.0847 5664 srv - ok
17:25:32.0867 5664 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:25:32.0897 5664 srv2 - ok
17:25:32.0897 5664 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:25:32.0927 5664 srvnet - ok
17:25:32.0937 5664 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:25:32.0997 5664 SSDPSRV - ok
17:25:33.0007 5664 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:25:33.0067 5664 SstpSvc - ok
17:25:33.0077 5664 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:25:33.0097 5664 stexstor - ok
17:25:33.0107 5664 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:25:33.0157 5664 stisvc - ok
17:25:33.0157 5664 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:25:33.0177 5664 swenum - ok
17:25:33.0197 5664 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:25:33.0267 5664 swprv - ok
17:25:33.0277 5664 [ 2F494CF2EC5DF71465A052CF9A494C06 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:25:33.0307 5664 SynTP - ok
17:25:33.0377 5664 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:25:33.0457 5664 SysMain - ok
17:25:33.0467 5664 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:25:33.0497 5664 TabletInputService - ok
17:25:33.0507 5664 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:25:33.0567 5664 TapiSrv - ok
17:25:33.0577 5664 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:25:33.0647 5664 TBS - ok
17:25:33.0687 5664 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:25:33.0757 5664 Tcpip - ok
17:25:33.0787 5664 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:25:33.0857 5664 TCPIP6 - ok
17:25:33.0867 5664 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:25:33.0887 5664 tcpipreg - ok
17:25:33.0897 5664 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:25:33.0917 5664 TDPIPE - ok
17:25:33.0917 5664 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:25:33.0937 5664 TDTCP - ok
17:25:33.0947 5664 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:25:34.0007 5664 tdx - ok
17:25:34.0017 5664 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:25:34.0028 5664 TermDD - ok
17:25:34.0048 5664 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:25:34.0118 5664 TermService - ok
17:25:34.0128 5664 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:25:34.0148 5664 Themes - ok
17:25:34.0158 5664 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:25:34.0218 5664 THREADORDER - ok
17:25:34.0218 5664 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
17:25:34.0248 5664 TPM - ok
17:25:34.0258 5664 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:25:34.0388 5664 TrkWks - ok
17:25:34.0398 5664 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:25:34.0448 5664 TrustedInstaller - ok
17:25:34.0468 5664 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:25:34.0518 5664 tssecsrv - ok
17:25:34.0528 5664 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:25:34.0548 5664 TsUsbFlt - ok
17:25:34.0558 5664 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:25:34.0578 5664 TsUsbGD - ok
17:25:34.0588 5664 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:25:34.0648 5664 tunnel - ok
17:25:34.0648 5664 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:25:34.0668 5664 uagp35 - ok
17:25:34.0678 5664 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:25:34.0808 5664 udfs - ok
17:25:34.0818 5664 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:25:34.0848 5664 UI0Detect - ok
17:25:34.0848 5664 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:25:34.0868 5664 uliagpkx - ok
17:25:34.0878 5664 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:25:34.0898 5664 umbus - ok
17:25:34.0908 5664 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:25:34.0928 5664 UmPass - ok
17:25:34.0938 5664 [ 5A5D20BD5BA50B8F671CDA78585729D5 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:25:34.0968 5664 UNS - ok
17:25:34.0978 5664 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:25:35.0049 5664 upnphost - ok
17:25:35.0059 5664 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:25:35.0079 5664 USBAAPL64 - ok
17:25:35.0089 5664 [ 2B26FCB7C634C49313FD72120FB9946E ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:25:35.0109 5664 usbccgp - ok
17:25:35.0119 5664 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:25:35.0149 5664 usbcir - ok
17:25:35.0159 5664 [ AA68C758B3F225618A5FD1ED40C383C4 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:25:35.0179 5664 usbehci - ok
17:25:35.0189 5664 [ 66E1EF753543785D7E2C44719B2C5DAD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:25:35.0219 5664 usbhub - ok
17:25:35.0229 5664 [ B26ACA4784AD1295C25A7501FD4AB79E ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:25:35.0249 5664 usbohci - ok
17:25:35.0249 5664 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:25:35.0279 5664 usbprint - ok
17:25:35.0289 5664 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:25:35.0309 5664 usbscan - ok
17:25:35.0319 5664 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:25:35.0339 5664 USBSTOR - ok
17:25:35.0349 5664 [ 35944CFF264134FFD2E7EED0F8B81A56 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:25:35.0369 5664 usbuhci - ok
17:25:35.0379 5664 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:25:35.0399 5664 usbvideo - ok
17:25:35.0409 5664 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:25:35.0469 5664 UxSms - ok
17:25:35.0479 5664 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:25:35.0499 5664 VaultSvc - ok
17:25:35.0509 5664 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:25:35.0529 5664 vdrvroot - ok
17:25:35.0539 5664 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:25:35.0609 5664 vds - ok
17:25:35.0619 5664 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:25:35.0649 5664 vga - ok
17:25:35.0659 5664 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:25:35.0719 5664 VgaSave - ok
17:25:35.0729 5664 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:25:35.0749 5664 vhdmp - ok
17:25:35.0759 5664 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:25:35.0779 5664 viaide - ok
17:25:35.0799 5664 [ 9A57B880B0F7AD01155B06741E073FBE ] vm332avs C:\Windows\system32\Drivers\vm332avs.sys
17:25:35.0849 5664 vm332avs - ok
17:25:35.0859 5664 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:25:35.0869 5664 volmgr - ok
17:25:35.0889 5664 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:25:35.0909 5664 volmgrx - ok
17:25:35.0919 5664 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:25:35.0949 5664 volsnap - ok
17:25:35.0969 5664 [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
17:25:35.0989 5664 vpnagent - ok
17:25:35.0999 5664 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
17:25:36.0019 5664 vpnva - ok
17:25:36.0029 5664 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:25:36.0049 5664 vsmraid - ok
17:25:36.0109 5664 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:25:36.0209 5664 VSS - ok
17:25:36.0209 5664 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:25:36.0239 5664 vwifibus - ok
17:25:36.0249 5664 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:25:36.0279 5664 vwififlt - ok
17:25:36.0289 5664 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:25:36.0361 5664 W32Time - ok
17:25:36.0371 5664 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:25:36.0391 5664 WacomPen - ok
17:25:36.0391 5664 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:25:36.0461 5664 WANARP - ok
17:25:36.0461 5664 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:25:36.0521 5664 Wanarpv6 - ok
17:25:36.0571 5664 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:25:36.0651 5664 WatAdminSvc - ok
17:25:36.0701 5664 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:25:36.0821 5664 wbengine - ok
17:25:36.0831 5664 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:25:36.0861 5664 WbioSrvc - ok
17:25:36.0871 5664 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:25:36.0911 5664 wcncsvc - ok
17:25:36.0921 5664 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:25:36.0941 5664 WcsPlugInService - ok
17:25:36.0951 5664 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:25:36.0961 5664 Wd - ok
17:25:36.0991 5664 [ 1A3F1BC1E48804867CA30469442DA00E ] WDBackup C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
17:25:37.0031 5664 WDBackup - ok
17:25:37.0041 5664 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
17:25:37.0061 5664 WDC_SAM - ok
17:25:37.0071 5664 [ C5213CB145C80C10369752D8EE412914 ] WDDriveService C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
17:25:37.0091 5664 WDDriveService - ok
17:25:37.0111 5664 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:25:37.0161 5664 Wdf01000 - ok
17:25:37.0171 5664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:25:37.0221 5664 WdiServiceHost - ok
17:25:37.0231 5664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:25:37.0261 5664 WdiSystemHost - ok
17:25:37.0281 5664 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:25:37.0311 5664 WebClient - ok
17:25:37.0321 5664 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:25:37.0391 5664 Wecsvc - ok
17:25:37.0401 5664 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:25:37.0461 5664 wercplsupport - ok
17:25:37.0471 5664 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:25:37.0541 5664 WerSvc - ok
17:25:37.0541 5664 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:25:37.0601 5664 WfpLwf - ok
17:25:37.0611 5664 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:25:37.0631 5664 WIMMount - ok
17:25:37.0671 5664 WinDefend - ok
17:25:37.0691 5664 WinHttpAutoProxySvc - ok
17:25:37.0711 5664 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:25:37.0801 5664 Winmgmt - ok
17:25:37.0851 5664 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:25:37.0951 5664 WinRM - ok
17:25:37.0961 5664 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:25:37.0981 5664 WinUsb - ok
17:25:38.0011 5664 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:25:38.0052 5664 Wlansvc - ok
17:25:38.0062 5664 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:25:38.0082 5664 wlcrasvc - ok
17:25:38.0132 5664 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:25:38.0212 5664 wlidsvc - ok
17:25:38.0222 5664 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:25:38.0242 5664 WmiAcpi - ok
17:25:38.0252 5664 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:25:38.0292 5664 wmiApSrv - ok
17:25:38.0292 5664 WMPNetworkSvc - ok
17:25:38.0302 5664 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:25:38.0322 5664 WPCSvc - ok
17:25:38.0332 5664 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:25:38.0362 5664 WPDBusEnum - ok
17:25:38.0362 5664 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:25:38.0422 5664 ws2ifsl - ok
17:25:38.0432 5664 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:25:38.0462 5664 wscsvc - ok
17:25:38.0472 5664 WSearch - ok
17:25:38.0482 5664 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
17:25:38.0502 5664 wsvd - ok
17:25:38.0592 5664 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:25:38.0722 5664 wuauserv - ok
17:25:38.0732 5664 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:25:38.0772 5664 WudfPf - ok
17:25:38.0782 5664 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:25:38.0812 5664 WUDFRd - ok
17:25:38.0812 5664 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:25:38.0842 5664 wudfsvc - ok
17:25:38.0852 5664 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
17:25:38.0882 5664 WwanSvc - ok
17:25:38.0892 5664 [ D83C2FF7EA53E66B8EA7901D710494EA ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
17:25:38.0912 5664 ZAtheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
17:25:38.0912 5664 ZAtheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
17:25:38.0932 5664 ================ Scan global ===============================
17:25:38.0942 5664 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:25:38.0952 5664 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:25:38.0962 5664 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:25:38.0972 5664 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:25:38.0992 5664 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:25:38.0992 5664 [Global] - ok
17:25:38.0992 5664 ================ Scan MBR ==================================
17:25:39.0012 5664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:25:39.0032 5664 \Device\Harddisk0\DR0 - ok
17:25:39.0042 5664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:25:39.0203 5664 \Device\Harddisk1\DR1 - ok
17:25:39.0203 5664 ================ Scan VBR ==================================
17:25:39.0213 5664 [ DB9E53D58726B74E5AF7A473E972016A ] \Device\Harddisk1\DR1\Partition1
17:25:39.0213 5664 \Device\Harddisk1\DR1\Partition1 - ok
17:25:39.0213 5664 [ A41595DC76592C01E2646A5093CD60EC ] \Device\Harddisk1\DR1\Partition2
17:25:39.0213 5664 \Device\Harddisk1\DR1\Partition2 - ok
17:25:39.0223 5664 [ 66BC80E31F8F9FC0E63F6EFB8DD9DC6E ] \Device\Harddisk1\DR1\Partition3
17:25:39.0223 5664 \Device\Harddisk1\DR1\Partition3 - ok
17:25:39.0223 5664 ============================================================
17:25:39.0223 5664 Scan finished
17:25:39.0223 5664 ============================================================
17:25:39.0243 6164 Detected object count: 4
17:25:39.0243 6164 Actual detected object count: 4
17:26:10.0695 6164 AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:10.0695 6164 AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:10.0695 6164 Blackberry Device Manager ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:10.0695 6164 Blackberry Device Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:10.0695 6164 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:10.0695 6164 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:10.0705 6164 ZAtheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:10.0705 6164 ZAtheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.05.2013, 20:28
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verlinkungen zu Clickcompare JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Wie man Programme richtig installiert Backup mit DriveSnapshot Das TB unterstützen |
|
28.05.2013, 16:11
| #11 |
| | Verlinkungen zu ClickcompareCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Lima on 28.05.2013 at 16:59:25,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3103035385-246402250-3156884710-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somoto
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\pricegongie.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricefactorie.pricegongbho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricefactorie.pricegongbho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricegongie.pricegongctrl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricegongie.pricegongctrl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminentsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminentsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Lima\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Lima\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\filesfrog update checker"
Successfully deleted: [Folder] "C:\Program Files (x86)\pricegong"
Successfully deleted: [Folder] "C:\Users\Lima\AppData\Roaming\microsoft\windows\start menu\programs\filesfrog update checker"
Successfully deleted: [Empty Folder] C:\Users\Lima\appdata\local\{43F5485A-35B0-4A25-A925-AD83E502CF35}
Successfully deleted: [Empty Folder] C:\Users\Lima\appdata\local\{61BB7060-9DB6-47F9-B7AB-F19E28A64430}
~~~ FireFox
Successfully deleted: [File] C:\Users\Lima\AppData\Roaming\mozilla\firefox\profiles\ykrilzh2.default\user.js
Successfully deleted: [File] C:\Users\Lima\AppData\Roaming\mozilla\firefox\profiles\ykrilzh2.default\searchplugins\web search.xml
Successfully deleted: [Folder] C:\Users\Lima\AppData\Roaming\mozilla\firefox\profiles\ykrilzh2.default\jetpack
Successfully deleted: [Folder] C:\Users\Lima\AppData\Roaming\mozilla\firefox\profiles\ykrilzh2.default\extensions\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}
Successfully deleted the following from C:\Users\Lima\AppData\Roaming\mozilla\firefox\profiles\ykrilzh2.default\prefs.js
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=60aa5e5d000000000000047d7bff51fe");
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&installDate=19/05/2013&
Emptied folder: C:\Users\Lima\AppData\Roaming\mozilla\firefox\profiles\ykrilzh2.default\minidumps [167 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.05.2013 at 17:06:29,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 28/05/2013 um 17:12:38 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lima - LIMA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lima\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
Datei Gelöscht : C:\Users\Lima\Desktop\Check for Updates.lnk
Datei Gelöscht : C:\Users\Lima\Desktop\HDVidCodec.lnk
Ordner Gelöscht : C:\Program Files (x86)\HDvidCodec.com
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Ordner Gelöscht : C:\Users\Lima\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\Lima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Ordner Gelöscht : C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\5d68f88b169e915
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5d68f88b169e915
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKU\S-1-5-21-3103035385-246402250-3156884710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Lima\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [4208 octets] - [28/05/2013 17:12:38]
########## EOF - C:\AdwCleaner[S1].txt - [4268 octets] ##########
Code:
ATTFilter OTL logfile created on: 28.05.2013 17:27:26 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lima\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,86 Gb Total Physical Memory | 3,84 Gb Available Physical Memory | 65,52% Memory free 11,73 Gb Paging File | 9,32 Gb Available in Paging File | 79,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 420,56 Gb Total Space | 256,77 Gb Free Space | 61,05% Space Free | Partition Type: NTFS Drive D: | 25,47 Gb Total Space | 21,03 Gb Free Space | 82,59% Space Free | Partition Type: NTFS Computer Name: LIMA-PC | User Name: Lima | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Lima\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.) PRC - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Lima\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe () PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) PRC - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe (Lenovo) PRC - C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe (LENOVO) PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) PRC - C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe () PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wfvie13.dll () MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe () MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wgui13.dll () MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wcore13.dll () MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rscorewinapi48.dll () MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wauff13.dll () MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wreli13.dll () MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wsteu13.dll () MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsguiwinapi48.dll () MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsodbc48.dll () MOD - C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsdcom48.dll () MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll () MOD - C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe () MOD - C:\PROGRA~2\Lenovo\LENOVO~2\QTKB.dll () ========== Services (SafeList) ========== SRV:64bit: - (BootShieldSvc) -- C:\Windows\SysNative\BootShieldSvc.exe (Lenovo) SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.) SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Blackberry Device Manager) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (LenovoSmartConnectService) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe (Lenovo) SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (BootShield) -- C:\Windows\SysNative\drivers\BootShield.sys (Lenovo Corporation") DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BootShieldfltr) -- C:\Windows\SysNative\drivers\BootShieldfltr.sys (Lenovo Corporation) DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (LAD) -- C:\Windows\SysNative\drivers\LAD.sys (TODO: <Company name>) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=hp&installDate=19/05/2013 IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=7e41dad6-4c65-4470-9b58-5cf702fd92b1&searchtype=ds&q={searchTerms}&installDate=19/05/2013 IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data] IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: foxyproxy-basic%40eric.h.jung:3.1.4 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "proxy.th-wildau.de" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "proxy.th-wildau.de" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.th-wildau.de" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "proxy.th-wildau.de" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.01 00:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Extensions [2013.05.28 17:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions [2013.05.10 12:01:46 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\foxyproxy-basic@eric.h.jung [2013.04.17 17:36:05 | 000,005,429 | ---- | M] () (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.05.09 11:35:30 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Lima\AppData\Roaming\Mozilla\Firefox\Profiles\ykrilzh2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.01 00:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.28 06:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.28 06:14:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.12.01 00:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.12.01 00:29:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3103035385-246402250-3156884710-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Programme\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CAPOSD] C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe (LENOVO) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [Intelligent Touchpad] C:\Programme\Lenovo\Intelligent Touchpad\TouchZone.exe () O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital) O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3103035385-246402250-3156884710-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3103035385-246402250-3156884710-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Lima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lima\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02894572-44C7-4E89-8C98-263869B65AD4}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{10851bfb-bc4a-11e2-9f4f-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{10851bfb-bc4a-11e2-9f4f-74e543cc020d}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{a4086250-3be8-11e2-a649-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{a4086250-3be8-11e2-a649-74e543cc020d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{bf674641-b6d2-11e2-ae66-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bf674641-b6d2-11e2-ae66-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\WD Drive Unlock.exe" autoplay=true O33 - MountPoints2\{e4bf3ff7-bfde-11e2-a765-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{e4bf3ff7-bfde-11e2-a765-74e543cc020d}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{f25d2647-6628-11e2-b84f-74e543cc020d}\Shell - "" = AutoRun O33 - MountPoints2\{f25d2647-6628-11e2-b84f-74e543cc020d}\Shell\AutoRun\command - "" = E:\start.exe /auto O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.28 16:59:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.28 16:58:32 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.28 06:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.28 06:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.05.26 21:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.05.26 21:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.26 19:10:57 | 000,000,000 | ---D | C] -- C:\Users\Lima\Documents\Trojaner Board [2013.05.26 18:56:17 | 000,000,000 | ---D | C] -- C:\Users\Lima\Local Settings [2013.05.24 15:52:22 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.24 15:52:22 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.24 15:52:22 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.24 15:52:22 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.24 15:52:22 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.24 15:52:22 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.24 15:52:22 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.24 15:52:22 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.24 15:52:22 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.24 15:52:22 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.24 15:52:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.24 15:52:22 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.24 15:52:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.24 15:52:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.24 15:52:22 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.24 15:52:22 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.24 15:52:22 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.24 15:52:22 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.24 15:52:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.24 15:52:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.24 15:52:22 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.24 15:52:22 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.24 15:52:22 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.24 15:52:22 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.24 15:52:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.24 15:52:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.24 15:52:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.24 15:52:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.24 15:52:22 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.24 15:52:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.24 15:52:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.24 15:52:22 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.24 15:52:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.24 15:52:21 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.24 15:52:21 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.24 15:52:21 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.24 15:52:21 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.24 15:52:21 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.24 15:52:21 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.24 15:52:21 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.24 15:52:21 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.24 15:52:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.24 15:52:21 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.24 15:52:21 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.24 15:52:21 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.24 15:52:21 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.24 15:52:21 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.24 15:52:21 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.24 15:52:21 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.24 15:52:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.24 15:52:21 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.24 15:52:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.24 15:52:21 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.24 15:52:21 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.24 15:52:21 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.24 15:52:21 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.24 15:52:21 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.24 15:52:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.24 15:52:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.24 15:52:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.24 15:52:21 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.24 15:52:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.24 15:52:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.24 15:52:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.24 15:52:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.24 15:52:21 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.24 15:52:21 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.24 15:52:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.24 15:51:20 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.05.24 15:51:20 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.05.24 15:51:20 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.05.24 15:51:20 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.05.24 15:51:20 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.05.24 15:51:20 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.05.24 15:51:20 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.05.24 15:51:20 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.05.24 15:51:20 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.05.24 15:51:20 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.05.24 15:51:20 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.05.24 15:51:20 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.05.24 15:51:20 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.05.24 15:51:20 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.05.24 15:51:20 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.05.24 15:51:20 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.05.24 15:51:20 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.05.24 15:51:20 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.05.24 15:51:20 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.05.24 15:51:20 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.05.24 15:51:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.05.24 15:51:20 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.05.24 15:51:20 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.05.24 15:51:20 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.24 15:51:20 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.24 15:51:20 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.24 15:51:20 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.24 15:51:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.24 15:51:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.24 15:51:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.24 15:51:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.24 15:51:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.24 15:51:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.24 15:51:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.24 15:51:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.24 15:51:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.24 15:51:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.24 15:51:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.24 15:51:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.24 15:51:20 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.24 15:51:20 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.19 12:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.05.19 11:57:48 | 000,000,000 | ---D | C] -- C:\Users\Lima\Documents\HTC One S [2013.05.19 11:46:58 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\MyPhoneExplorer [2013.05.19 11:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2013.05.19 11:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer [2013.05.18 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\Outlook [2013.05.18 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\HTC [2013.05.18 21:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC [2013.05.18 21:43:33 | 000,000,000 | ---D | C] -- C:\Users\Lima\Documents\HTC [2013.05.18 21:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola [2013.05.18 21:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2013.05.18 21:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2013.05.18 21:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2013.05.18 21:41:55 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Local\Downloaded Installations [2013.05.18 21:36:27 | 000,000,000 | ---D | C] -- C:\Temp [2013.05.16 19:31:27 | 000,000,000 | ---D | C] -- C:\Users\Lima\Documents\Neuer Ordner [2013.05.15 23:59:09 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 23:59:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 23:59:03 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 23:59:03 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 23:59:03 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 23:59:03 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 23:58:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.14 06:12:37 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Local\Research In Motion [2013.05.14 06:12:36 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Roaming\Research In Motion [2013.05.14 06:11:08 | 000,044,544 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys [2013.05.14 06:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry [2013.05.14 06:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion [2013.05.14 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM [2013.05.14 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion [2013.05.14 06:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion [2013.05.08 06:46:00 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 18:46:22 | 000,000,000 | ---D | C] -- C:\Users\Lima\AppData\Local\Western_Digital_Technolog [2013.05.05 18:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital [2013.05.05 18:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Western Digital [2013.05.05 18:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.05.05 18:04:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads [2013.05.05 18:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Western Digital [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.28 17:21:42 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 17:21:42 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 17:19:29 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.28 17:19:29 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.28 17:19:29 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.28 17:19:29 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.28 17:19:29 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.28 17:14:38 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat [2013.05.28 17:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.26 18:58:39 | 000,000,000 | ---- | M] () -- C:\Users\Lima\defogger_reenable [2013.05.26 18:25:18 | 000,372,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.24 15:52:22 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.24 15:52:22 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.24 15:52:22 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.24 15:52:22 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.24 15:52:22 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.24 15:52:22 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.24 15:52:22 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.24 15:52:22 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.24 15:52:22 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.24 15:52:22 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.24 15:52:22 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.24 15:52:22 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.24 15:52:22 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.24 15:52:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.24 15:52:22 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.24 15:52:22 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.24 15:52:22 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.24 15:52:22 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.24 15:52:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.24 15:52:22 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.24 15:52:22 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.24 15:52:22 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.24 15:52:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.24 15:52:22 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.24 15:52:22 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.24 15:52:22 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.24 15:52:22 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.24 15:52:22 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.24 15:52:22 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.24 15:52:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.24 15:52:22 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.24 15:52:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.24 15:52:22 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.24 15:52:22 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.24 15:52:21 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.24 15:52:21 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.24 15:52:21 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.24 15:52:21 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.24 15:52:21 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.24 15:52:21 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.24 15:52:21 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.24 15:52:21 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.24 15:52:21 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.24 15:52:21 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.24 15:52:21 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.24 15:52:21 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.24 15:52:21 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.24 15:52:21 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.24 15:52:21 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.24 15:52:21 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.24 15:52:21 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.24 15:52:21 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.24 15:52:21 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.24 15:52:21 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.24 15:52:21 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.24 15:52:21 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.24 15:52:21 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.24 15:52:21 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.24 15:52:21 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.24 15:52:21 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.24 15:52:21 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.24 15:52:21 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.24 15:52:21 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.24 15:52:21 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.24 15:52:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.24 15:52:21 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.24 15:52:21 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.24 15:52:21 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.24 15:52:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.24 15:52:21 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.24 15:51:20 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.05.24 15:51:20 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.05.24 15:51:20 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.05.24 15:51:20 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.05.24 15:51:20 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.05.24 15:51:20 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.05.24 15:51:20 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.05.24 15:51:20 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.05.24 15:51:20 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.05.24 15:51:20 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.05.24 15:51:20 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.05.24 15:51:20 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.05.24 15:51:20 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.05.24 15:51:20 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.05.24 15:51:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.05.24 15:51:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.05.24 15:51:20 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.05.24 15:51:20 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.05.24 15:51:20 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.05.24 15:51:20 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.05.24 15:51:20 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.05.24 15:51:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.05.24 15:51:20 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.05.24 15:51:20 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.24 15:51:20 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.05.24 15:51:20 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.24 15:51:20 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.05.24 15:51:20 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.24 15:51:20 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.05.24 15:51:20 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.24 15:51:20 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.05.24 15:51:20 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.24 15:51:20 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.05.24 15:51:20 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.24 15:51:20 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.05.24 15:51:20 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.24 15:51:20 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.05.24 15:51:20 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.24 15:51:20 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.05.24 15:51:20 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.24 15:51:20 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.05.19 11:53:57 | 001,641,654 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.19 11:32:58 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2013.05.14 06:11:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf [2013.05.14 06:11:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf [2013.05.14 06:10:58 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk [2013.05.08 06:45:44 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 18:02:55 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\WD Security.lnk [2013.05.05 18:02:36 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk [2013.05.04 17:20:06 | 000,000,121 | ---- | M] () -- C:\Users\Lima\Desktop\Neue Internetverknüpfung.url [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.26 18:58:39 | 000,000,000 | ---- | C] () -- C:\Users\Lima\defogger_reenable [2013.05.24 15:52:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.24 15:52:21 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.20 19:59:36 | 000,001,171 | ---- | C] () -- C:\Users\Lima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.19 11:32:58 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2013.05.14 06:11:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf [2013.05.14 06:11:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf [2013.05.14 06:10:58 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk [2013.05.05 18:36:55 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat [2013.05.05 18:02:55 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\WD Security.lnk [2013.05.05 18:02:36 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk [2013.05.04 17:19:54 | 000,000,121 | ---- | C] () -- C:\Users\Lima\Desktop\Neue Internetverknüpfung.url [2013.04.13 18:17:26 | 000,000,063 | ---- | C] () -- C:\Windows\wiso.ini [2013.01.09 18:21:38 | 000,000,133 | ---- | C] () -- C:\Users\Lima\AppData\Roaming\AbsoluteReminder.xml [2012.12.12 15:42:58 | 000,004,608 | ---- | C] () -- C:\Users\Lima\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.05 12:01:29 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2012.11.30 18:32:08 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.08.07 04:04:27 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll [2012.08.07 04:04:27 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll [2012.08.07 04:04:26 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll [2012.08.07 04:04:26 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll [2012.08.07 04:04:16 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll [2012.08.07 04:02:18 | 001,641,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.07 03:46:30 | 000,001,950 | ---- | C] () -- C:\Windows\vm332Rmv.ini [2012.08.07 03:46:30 | 000,001,950 | ---- | C] () -- C:\Windows\SysWow64\vm332Rmv.ini [2012.03.12 04:00:49 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.03.12 04:00:43 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.03.12 04:00:37 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.12 04:00:32 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.03.07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Geändert von Li-Ma (28.05.2013 um 16:24 Uhr) |
|
28.05.2013, 16:41
| #12 |
| | Verlinkungen zu ClickcompareCode:
ATTFilter OTL Extras logfile created on: 28.05.2013 17:27:26 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lima\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,86 Gb Total Physical Memory | 3,84 Gb Available Physical Memory | 65,52% Memory free
11,73 Gb Paging File | 9,32 Gb Available in Paging File | 79,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,56 Gb Total Space | 256,77 Gb Free Space | 61,05% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 21,03 Gb Free Space | 82,59% Space Free | Partition Type: NTFS
Computer Name: LIMA-PC | User Name: Lima | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3103035385-246402250-3156884710-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E25C303-3F46-4861-89D6-F3FC554F4A8D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0E33E162-F32C-46C8-8C16-97A975C6B163}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{1773DF9D-DC9F-4065-B10D-7B7830297E67}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{497DCA40-FE8A-4751-BB8B-D3A6B381272C}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A6AA537-1257-48F8-904D-AF1677FE32D8}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{57ED3142-7568-4BFD-9F7B-07D92363EAF7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{64BCC032-A3C1-4342-A9CC-1085A936B42F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{658B8B1E-39F1-4EEA-A267-A0AFB9C27B0D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F588A40-E95D-4575-8357-04F8F88C2631}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70B2E7C6-4BF2-4848-A392-522569FC550E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{771994CF-D450-47DA-A9C4-6BA542BDD3CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B7EAFAB-B95F-4D4E-8043-7DEA449B6DA2}" = lport=137 | protocol=17 | dir=in | app=system |
"{86440D3B-6E86-4841-9401-EFA59581DC47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BE989E3-6179-4E88-AA9F-59AFB7471D52}" = rport=138 | protocol=17 | dir=out | app=system |
"{8C8089CA-CEDD-400E-AA39-754CC6EF6124}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8DCC8DC9-D127-40E7-B6E8-D23247DE656C}" = lport=445 | protocol=6 | dir=in | app=system |
"{96867D2F-13C3-40F8-B1C0-5F52495A18ED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E32BFD6-C744-4D6E-99C6-3BCA16D3738C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3BF08E5-9CE8-4047-B4DC-6648BDF653D1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A684099A-8343-4943-974B-3CBC7548CCF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC964D3A-2B95-43B0-811C-D57B8DA0761D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0C66970-4AEF-4055-B96B-AA7D1CB93CF6}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{B220E529-4E9B-4190-BE9C-CADA4E613AB7}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA69C307-A650-4344-BF80-35B93FBA25EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4D81935-13B0-421D-97D8-3DEBC64EABE1}" = lport=138 | protocol=17 | dir=in | app=system |
"{D44290D8-7B96-46AC-A2E2-1A5422A734B9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D89D4BCD-88DD-4745-9341-424A2A39061F}" = lport=139 | protocol=6 | dir=in | app=system |
"{F340092D-C0D6-47EC-8FBF-016365384717}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{F548BF32-D195-4B94-83E4-3CD182FCE365}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD99A8AA-A122-45A3-A728-3EA8686CBD41}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{091C2D43-0EA1-4286-B6B7-E5A775BF9D0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D8B5CA6-82ED-4C9B-AC9F-548F4BBBC8EC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{18F43A58-D120-4E70-B799-ACBE27BAA37F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1CC60F45-C9FB-4D45-B2D4-E0913AD69174}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2239A0AF-4286-405D-BB83-4283768F7DEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25C96FD3-65F8-4DEE-B9E8-5B970B5A9C00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48FF034E-ACC4-4F79-93AB-1D79A70D6641}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50ECD31A-CD16-4F05-BD8D-0B0A2597BE3C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52399B1D-F48E-4516-B809-008751AFED9F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{65304ADC-0475-4C14-ABE5-AFCC31A5293B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66A7C4F7-696C-4762-9D90-B3B1464E3635}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66D03B45-E1D4-4526-B8D0-4061C7590246}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{69B2F912-3BA3-4466-AA9D-54C8D1E14BBE}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{69DAC5FE-81C3-41EA-B72D-570929F3472B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BD7A343-1303-4919-9A7C-CD058327FF7F}" = protocol=17 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
"{6DC38FF4-D28E-4F0F-88C0-DBE3961B1E81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{75F3D00B-4823-4397-BF37-EB20325249EF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7DDEF40C-E3EB-4A9C-BC31-614601C845ED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8873E082-F6CE-435F-9260-BEBF30B3862C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9296D1A2-7035-446C-A074-4C2A0246085B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{956924ED-5DD3-4D83-9FAB-8ECD7F4788AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9639C388-CD66-42A8-A4AF-4F0299A79E90}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A21E4F2F-584B-42C2-AF8E-5B4A879A25FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A970E38D-1059-410F-A048-D49D7768CFF5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A98F016D-0016-4677-8554-640B1B4A91DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AEC01BAE-3EF9-41B5-ACB9-19484514C472}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B0F50AF4-B96E-4FC6-BAD9-A7D24DD2F7F1}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{B82965C3-F95D-47B4-94E9-26D0A5E13F24}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BEABFB44-1EC4-496C-8813-2E4A88AB60C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DF918321-FA91-4ABF-BF27-706A69E85000}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E102B04B-BF6F-4465-9066-DD5A7D4B8336}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E292904D-25C2-44D9-A719-5369F31CE94D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E46BEDE8-7EA6-4E19-930E-6D7B6EEF4874}" = protocol=6 | dir=out | app=system |
"{F6D3B39E-035F-43A5-9000-99620C6CDBD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F73FE742-BD68-49C2-9C48-F296A27DBC30}" = protocol=6 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{08C57763-E83E-4ACC-A5F8-9AF96E0D5225}C:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A848053E-90F9-4512-9C2E-993F64F30842}C:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lima\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{83E68458-AF28-4CA4-8AFC-595A10307290}" = LenovoDrv_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DD178D9D-89DD-4F15-9E56-57C85D1EDF36}" = WD SmartWare
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"5E61CDC4058A17FE9BE3046B1846F3118CD618B1" = Windows Driver Package - Lenovo Corporation (LAD) System (01/13/2012 1.0.0.2)
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{07C70C1E-E746-482A-82F9-943F024708CF}" = Alcor Micro USB Card Reader
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{124310E8-7C49-4C33-B4F2-3CF43F3830B7}" = WD Quick View
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program
"{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}" = Lenovo Smart Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{439A51F7-84B1-4603-BEC8-647EB2AC307F}" = WD Drive Utilities
"{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}" = BootShield
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{6737F045-A91A-4177-9C8C-59460FC1C84D}" = t@x 2013 Professional
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8172B41A-9BB5-4A64-BF28-1FB5FE43C3FF}" = WD Security
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{bfb9000e-e7d4-490f-a873-ec2c9cab3b3d}" = WD SmartWare Installer
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AmUStor" = Alcor Micro USB Card Reader
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DPP" = Canon Utilities Digital Photo Professional 3.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"GeldProfi_is1" = GeldProfi 2.11.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}" = Lenovo CAPOSD
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"SugarSync" = SugarSync Manager
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3103035385-246402250-3156884710-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.05.2013 11:14:38 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
The Code is:0x424.).
Error - 28.05.2013 11:14:38 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed
with 0, The Code is:0x422.).
Error - 28.05.2013 11:14:38 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success
failed with 1, The Code is:0x424.).
Error - 28.05.2013 11:14:38 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
Code is:0x422.).
Error - 28.05.2013 11:14:38 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
The Code is:0x424.).
Error - 28.05.2013 11:14:38 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed
with 0, The Code is:0x422.).
Error - 28.05.2013 11:14:38 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success
failed with 1, The Code is:0x424.).
Error - 28.05.2013 11:14:38 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---Get FLAG_AUTO_SVC_CHANGED Open key suc failed
with 0, The Code is:0x422.).
Error - 28.05.2013 11:14:38 | Computer Name = Lima-PC | Source = BootShieldSvc | ID = 131328
Description = An error has occurred (---query FLAG_AUTO_SVC_CHANGED key success
failed with 1, The Code is:0x424.).
Error - 28.05.2013 11:16:05 | Computer Name = Lima-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 28.05.2013 11:16:35 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp
Line:
371 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31588316 (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 28.05.2013 11:16:35 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 28.05.2013 11:16:35 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1655 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 28.05.2013 11:16:43 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 28.05.2013 11:16:43 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1655 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588316
(0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 28.05.2013 11:16:43 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 28.05.2013 11:16:43 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 28.05.2013 11:19:38 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 28.05.2013 11:19:38 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 28.05.2013 11:19:38 | Computer Name = Lima-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ OSession Events ]
Error - 01.04.2013 08:20:03 | Computer Name = Lima-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 219
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 28.05.2013 11:14:29 | Computer Name = Lima-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
28.05.2013, 23:10
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verlinkungen zu Clickcompare Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Wie man Programme richtig installiert Backup mit DriveSnapshot Das TB unterstützen |
|
29.05.2013, 20:15
| #14 |
| | Verlinkungen zu ClickcompareCode:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.29.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Lima :: LIMA-PC [Administrator] 29.05.2013 20:20:25 mbam-log-2013-05-29 (20-20-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 407101 Laufzeit: 53 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8788f9fcad210046ac46e5393d333915
# engine=13949
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-29 08:41:48
# local_time=2013-05-29 10:41:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 8834 235283398 1607 0
# compatibility_mode=5893 16776574 100 94 15377472 121489958 0 0
# scanned=207076
# found=3
# cleaned=0
# scan_time=4627
sh=BC8FB44A53B3553C204CF28C5801191F7DEA6B70 ft=1 fh=136805f5bcbd4233 vn="multiple threats" ac=I fn="C:\Users\Lima\AppData\Local\Temp\nso126C.tmp\FTTDSetup.exe"
sh=0119F03697EE4B3572FEDB606FC13DAAAAB02D32 ft=1 fh=30d7ca3a2c5ce4ef vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\Lima\Downloads\codecc_pack_firefox_source.exe"
sh=97DE410CA61D4251AFF13C02B6A6362C8C447639 ft=1 fh=fdd990f8020c5088 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\Lima\Downloads\hdplugin_firefox.exe"
|
|
30.05.2013, 09:03
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verlinkungen zu Clickcompare Nur irrelevante Reste. Du möchtest mal deinen Download-Ordner aufräumen. Das andere wird mit TFC beseitigt: TFC - Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Wie man Programme richtig installiert Backup mit DriveSnapshot Das TB unterstützen |
|
| Themen zu Verlinkungen zu Clickcompare |
| antivirus, avira, bho, bonjour, desktop, error, failed, firefox, flash player, google, helper, home, iexplore.exe, install.exe, logfile, nvpciflt.sys, problem, realtek, registry, scan, security, siteadvisor, software, somoto, svchost.exe, trojaner, trojaner board, unterstrichen, windows, wörter |
