| |
| |||||||
Log-Analyse und Auswertung: Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.06.2013, 11:16
| #1 |
 |  Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! hallo zusammen, habe ebenfalls seit kurzer zeit das problem mit der wssetup.exe beim rechnerstart. ich schicke als anhang OTL.TXT (EXTRAS.TXT wurde nicht erstellt) sowie GMER.TXT als gepacktes archiv. und hier noch zur info einen kaspersky-bericht: Code:
ATTFilter Typ: Schwachstelle (4)
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=53681 Inaktiv 07.06.2013 14:48:23 C:\Program Files (x86)\Google\Chrome\Application\ old_chrome.exe
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=53008 Inaktiv 07.06.2013 14:45:34 C:\Program Files\Java\jre7\bin\ java.exe
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=48347 Inaktiv 07.06.2013 14:44:45 C:\Program Files\e-on software\Vue 11\Application\ python27.dll
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=49856 Virenfreies Objekt in der Quarantäne 07.06.2013 13:46:13 C:\Program Files (x86)\IrfanView\ i_view32.exe
Typ: Phishing-Link (1)
Schädlicher Link Inaktiv 06.06.2013 20:22:23 hxxp://gogostats.info/ installed?a=f&aff=fried
Typ: legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (1)
not-a-virus:WebToolbar.MSIL.Agent.a Nicht gefunden 22.05.2013 12:16:12 C:\Program Files (x86)\Iminent\ Iminent.exe
gruss Holly |
|
10.06.2013, 11:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.06.2013, 11:25
| #3 | |
| | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! Sorry !!!!
__________________Leider im falschen Subforum gepostet. Sollte in "Plagegeister aller Art und deren Bekämpfung" rein. Vielleicht kann der Admin den Thread verschieben Danke !!! Gruss Holly Zitat:
Keine weiteren Logs vorhanden !! Wurde aufgefordert die Log-Dateien als Anhang zu schicken da als Code zu groß. Gruss Holly |
|
10.06.2013, 11:41
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! Bitte lass die sinnfreien Fullquotes. Und dieses Subforum ist schon ok für dein Thema. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.06.2013, 14:43
| #5 |
| | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! hallo cosinus, hier die Combofix.txt: Code:
ATTFilter ComboFix 13-06-08.02 - Holly Thomas 10.06.2013 14:44:08.3.8 - x64
ausgeführt von:: c:\users\Holly Thomas\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1&1
c:\users\Holly Thomas\AppData\Roaming\1&1
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-10 bis 2013-06-10 ))))))))))))))))))))))))))))))
.
.
2013-06-10 12:50 . 2013-06-10 12:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-10 12:50 . 2013-06-10 12:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-07 12:24 . 2013-06-07 12:25 -------- d-----w- C:\Python33
2013-06-07 12:18 . 2013-06-07 12:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-07 12:18 . 2013-06-07 12:17 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-07 12:17 . 2013-06-07 12:17 -------- d-----w- c:\program files (x86)\Java
2013-06-06 18:36 . 2013-06-06 18:36 -------- d-----w- c:\users\Holly Thomas\AppData\Roaming\DivX
2013-06-06 18:24 . 2013-06-06 18:24 -------- d-----w- c:\program files\DivX
2013-06-06 18:24 . 2013-06-06 18:24 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2013-06-06 18:21 . 2013-06-06 18:21 -------- d-----w- c:\users\Holly Thomas\AppData\Roaming\DealPly
2013-06-06 18:21 . 2013-06-06 18:21 -------- d-----w- c:\users\Holly Thomas\AppData\Roaming\DSite
2013-06-06 18:21 . 2013-06-07 18:05 -------- d-----w- c:\programdata\Tarma Installer
2013-06-05 18:07 . 2013-06-05 18:07 -------- d-----w- c:\program files (x86)\AKVIS
2013-06-05 18:01 . 2013-06-06 18:24 -------- d-----w- c:\users\Holly Thomas\AppData\Local\Downloaded Installations
2013-06-03 18:49 . 2013-06-03 18:49 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-03 18:49 . 2013-06-03 18:49 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-03 18:49 . 2013-05-21 13:31 1447728 ----a-w- c:\windows\system32\dmwu.exe
2013-06-03 18:49 . 2013-05-21 13:30 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-03 18:49 . 2013-06-06 07:20 -------- d-----w- c:\windows\SysWow64\WNLT
2013-06-02 18:23 . 2013-06-02 18:32 -------- d-----w- c:\users\Holly Thomas\AppData\Roaming\Task Coach
2013-06-01 10:19 . 2013-06-10 12:37 -------- d-----w- c:\users\Holly Thomas\AppData\Roaming\XYplorer
2013-06-01 10:19 . 2013-06-01 10:19 -------- d-----w- c:\program files (x86)\XYplorer
2013-05-27 16:31 . 2013-05-28 11:10 -------- d-----w- c:\users\Holly Thomas\AppData\Roaming\1-abc
2013-05-27 16:31 . 2013-05-27 16:31 -------- d-----w- c:\program files (x86)\1-abc
2013-05-27 12:20 . 2013-05-28 14:11 -------- d-----w- c:\users\Holly Thomas\AppData\Local\WEKA DVD Interface
2013-05-24 14:00 . 2013-05-11 22:27 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-22 09:40 . 2012-07-11 15:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-05-22 09:39 . 2013-05-22 09:39 -------- d-----w- c:\windows\ELAMBKUP
2013-05-22 09:39 . 2013-06-10 12:52 -------- d-----w- c:\programdata\Kaspersky Lab
2013-05-22 09:39 . 2013-05-22 09:39 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-05-22 09:39 . 2013-05-22 10:07 90208 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-05-22 09:39 . 2013-05-22 10:07 620128 ----a-w- c:\windows\system32\drivers\klif.sys
2013-05-18 09:59 . 2013-05-18 10:00 -------- d-----w- c:\users\Holly Thomas\AppData\Roaming\Steganos VPN
2013-05-18 09:57 . 2013-05-18 09:59 -------- d-----w- c:\program files (x86)\Steganos Online Shield
2013-05-18 09:57 . 2013-05-18 09:57 -------- d-----w- c:\program files (x86)\Common Files\Steganos
2013-05-18 09:55 . 2013-05-20 12:00 -------- d-----w- c:\users\Holly Thomas\AppData\Roaming\Steganos
2013-05-15 22:03 . 2013-05-15 22:03 2653696 ----a-w- c:\windows\SysWow64\python33.dll
2013-05-15 22:03 . 2013-05-15 22:03 94208 ----a-w- c:\windows\pyw.exe
2013-05-15 22:03 . 2013-05-15 22:03 93696 ----a-w- c:\windows\py.exe
2013-05-15 18:20 . 2013-05-16 10:11 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-05-15 17:49 . 2013-05-15 18:31 -------- d-----w- c:\users\Holly Thomas\AppData\Roaming\MS-Buchhalter
2013-05-15 17:49 . 2013-05-15 17:49 -------- d-----w- c:\programdata\MS-Buchhalter
2013-05-15 17:49 . 2013-05-15 17:49 -------- d-----w- c:\program files (x86)\MS-Buchhalter
2013-05-15 17:07 . 2013-05-15 17:11 -------- d-----w- c:\users\Holly Thomas\hob_jportal
2013-05-15 12:49 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 10:58 . 2013-05-15 10:58 -------- d-----w- c:\users\Holly Thomas\AppData\Local\ProSaldo
2013-05-15 10:56 . 2013-05-15 10:56 -------- d-----w- c:\program files (x86)\ProSaldo
2013-05-14 17:11 . 2013-02-16 23:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-07 12:17 . 2012-01-25 20:13 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-07 12:17 . 2011-07-18 21:13 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-22 10:07 . 2012-08-13 14:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-05-22 10:07 . 2012-07-25 12:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-05-22 10:07 . 2012-06-08 09:38 55056 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-05-22 10:07 . 2012-05-25 17:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-05-16 17:34 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 14:55 . 2011-07-18 20:31 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 14:12 . 2012-09-29 13:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 14:12 . 2011-12-01 21:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-13 05:49 . 2013-05-15 12:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:49 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:49 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:49 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:49 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 07:28 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-19 06:04 . 2013-04-10 07:33 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 07:33 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 07:33 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 07:33 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 07:33 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 07:33 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-18 16:34 . 2013-03-01 18:03 119808 ----a-w- c:\windows\system32\GFilterSvc.exe
2013-03-18 13:16 . 2013-03-18 13:16 72 ----a-w- c:\windows\Vue 7.5 xStream.reg
2013-03-18 13:16 . 2013-03-18 13:16 70 ----a-w- c:\windows\Vue 7 xStream.reg
2013-03-18 13:16 . 2013-03-18 13:16 70 ----a-w- c:\windows\Vue 6 xStream.reg
2013-03-15 05:53 . 2013-04-02 17:12 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-03-15 05:53 . 2013-04-02 17:12 9414456 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-15 05:53 . 2013-04-02 17:12 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-03-15 05:53 . 2013-04-02 17:12 7573816 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-15 05:53 . 2013-04-02 17:12 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-03-15 05:53 . 2013-04-02 17:12 420128 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2013-03-15 05:53 . 2013-04-02 17:12 364832 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2013-03-15 05:53 . 2013-04-02 17:12 30496 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2013-03-15 05:53 . 2013-04-02 17:12 2913056 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-15 05:53 . 2013-04-02 17:12 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-03-15 05:53 . 2013-04-02 17:12 26956576 ----a-w- c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2013-04-02 17:12 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2013-04-02 17:12 25256736 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-15 05:53 . 2013-04-02 17:12 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-02 17:12 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-03-15 05:53 . 2013-04-02 17:12 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-02 17:12 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll
2013-03-15 05:53 . 2013-04-02 17:12 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2013-04-02 17:12 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-03-15 05:53 . 2013-04-02 17:12 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2013-04-02 17:12 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll
2013-03-15 05:53 . 2013-04-02 17:12 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:53 . 2013-04-02 17:12 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2013-04-02 17:12 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-03-15 05:53 . 2013-04-02 16:35 205184 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-03-15 05:53 . 2012-03-13 04:12 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2012-03-13 04:12 250504 ----a-w- c:\windows\system32\nvinitx.dll
2013-03-15 05:53 . 2012-03-13 04:12 2864144 ----a-w- c:\windows\system32\nvapi64.dll
2013-03-15 04:16 . 2012-03-13 04:13 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-03-13 04:13 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-03-13 04:13 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-03-13 04:13 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-03-15 04:16 . 2012-03-13 04:13 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-03-13 04:13 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2012-03-13 04:13 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-15 04:16 . 2012-03-13 04:13 1016096 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-03-14 20:07 . 2013-03-14 20:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-03-13 23:05 . 2013-03-27 17:53 529392 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-03-13 23:05 . 2013-03-27 17:53 279024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-03-13 23:05 . 2013-03-27 17:53 165872 ----a-w- c:\windows\system32\igfxtray.exe
2013-03-13 23:05 . 2013-03-27 17:53 441840 ----a-w- c:\windows\system32\igfxpers.exe
2013-03-13 23:05 . 2013-03-27 17:53 250864 ----a-w- c:\windows\system32\igfxext.exe
2013-03-13 23:05 . 2013-03-27 17:53 7558640 ----a-w- c:\windows\system32\GfxUIEx.exe
2013-03-13 23:05 . 2013-03-27 17:53 745968 ----a-w- c:\windows\system32\GfxUIHotKeyMenu.exe
2013-03-13 23:05 . 2013-03-27 17:53 407536 ----a-w- c:\windows\system32\hkcmd.exe
2013-03-13 23:05 . 2013-03-27 17:53 534000 ----a-w- c:\windows\system32\DPTopologyApp.exe
2013-03-13 23:05 . 2013-03-27 17:53 397808 ----a-w- c:\windows\system32\CustomModeApp.exe
2013-03-13 23:05 . 2013-03-27 17:53 185840 ----a-w- c:\windows\system32\difx64.exe
2013-03-13 16:24 . 2012-03-13 04:13 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2001-08-14 01:10 . 2013-01-27 17:06 131072 ----a-w- c:\program files (x86)\Uninstal.EXE
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"Software4u-System Observer"="c:\program files (x86)\Software4u\Registry CleanUP 5\Software4u.SCObserver.exe" [2011-02-09 95744]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
"1&1_1&1 Office-Drive Manager"="c:\program files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE" [2012-09-24 993392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-04 291648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-07 1239360]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2013-01-25 884784]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2010-04-27 138072]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-05-22 356376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AddonsHelper;AddonsHelper;c:\users\Holly Thomas\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe;c:\users\Holly Thomas\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
R2 Soda PDF 5 Helper Service;Soda PDF 5 Helper Service;c:\program files (x86)\Soda PDF 5\HelperService.exe;c:\program files (x86)\Soda PDF 5\HelperService.exe [x]
R2 Soda PDF 5 Service;Soda PDF 5 Service;c:\program files (x86)\Soda PDF 5\ConversionService.exe;c:\program files (x86)\Soda PDF 5\ConversionService.exe [x]
R2 SystemStoreService;System Store Service;c:\program files (x86)\SelfUpdater\SystemStore.exe -displayname System Store Service -servicename SystemStoreService;c:\program files (x86)\SelfUpdater\SystemStore.exe -displayname System Store Service -servicename SystemStoreService [x]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 ampa;ampa;c:\windows\system32\ampa.sys;c:\windows\SYSNATIVE\ampa.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R3 ddmdrv;ddmdrv;c:\windows\system32\ddmdrv.sys;c:\windows\SYSNATIVE\ddmdrv.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 ui11drdr;ui11drdr;c:\windows\system32\DRIVERS\ui11drdr.sys;c:\windows\SYSNATIVE\DRIVERS\ui11drdr.sys [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 DAZContentManagementService;DAZ Content Management Service;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe ;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
S2 GFilterSvc;G-Filter Service;c:\windows\System32\GFilterSvc.exe;c:\windows\SYSNATIVE\GFilterSvc.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe;c:\program files (x86)\PHotkey\GFNEXSrv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe;c:\windows\SYSNATIVE\nlssrv32.exe [x]
S2 O&O CleverCache;O&O CleverCache ;c:\program files\OO Software\CleverCache\ooccag.exe;c:\program files\OO Software\CleverCache\ooccag.exe [x]
S2 Online Shield Starter Service;Online Shield Starter Service;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe;c:\program files (x86)\Steganos Online Shield\OnlineShieldService.exe [x]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys;c:\program files (x86)\PHotkey\PEGAGFN.sys [x]
S2 print64;Filtertreiber Windows der;c:\windows\system32\NlsDatb0816.exe;c:\windows\SYSNATIVE\NlsDatb0816.exe [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Holly Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe;c:\users\Holly Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe;c:\program files (x86)\Join Air\AssistantServices.exe [x]
S2 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 07:57 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29 14:12]
.
2013-06-10 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Holly Thomas\AppData\Local\SwvUpdater\Updater.exe [2013-01-22 16:06]
.
2013-06-10 c:\windows\Tasks\DSite.job
- c:\users\HOLLYT~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-06-06 18:21]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25 16:15]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25 16:15]
.
2013-06-07 c:\windows\Tasks\One-Click Optimizer.job
- c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2013-02-17 10:20]
.
2013-06-10 c:\windows\Tasks\PC Fresh.job
- c:\program files (x86)\PC Fresh\PC Fresh.exe [2012-10-13 08:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2009-12-09 4314440]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Ocs_SM"="c:\users\Holly Thomas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-01-16 106496]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2013-02-14 2000224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-05 13269064]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-01-18 1276488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-13 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-13 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-13 441840]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-11-16 11585408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An Bluetooth senden - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\
FF - prefs.js: browser.startup.homepage - hxxps://news.google.de/nwshp?hl=de&tab=wn&pog=false
FF - ExtSQL: 2013-04-19 14:15; foxmarks@kei.com; c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\extensions\foxmarks@kei.com
FF - ExtSQL: 2013-04-19 14:22; {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}; c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
FF - ExtSQL: 2013-04-19 15:08; {d49175b3-3fd8-43b8-b28e-da5d47f3c398}; c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
FF - ExtSQL: 2013-04-26 19:12; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-05-22 12:07; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-05-22 12:07; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-05-22 12:07; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-05-22 12:07; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-05-22 12:07; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-06-06 20:21; plugin@getwebcake.com; c:\users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\extensions\plugin@getwebcake.com
.
.
------- Dateityp-Verknüpfung -------
.
.scr does not exist!
.reg does not exist!
.txt does not exist!
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
BHO-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
BHO-{11111111-1111-1111-1111-110211301130} - (no file)
BHO-{BBD43808-9D13-4B0B-B023-178FD1FAE442} - (no file)
BHO-{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - (no file)
BHO-{C737F472-1193-4281-BF53-A00B67AB3E19} - (no file)
BHO-{EF7BD87A-8024-11E2-F316-F3E56188709B} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
Toolbar-{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - (no file)
Toolbar-{82E1477C-B154-48D3-9891-33D83C26BCD3} - (no file)
ShellIconOverlayIdentifiers-{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} - (no file)
ShellIconOverlayIdentifiers-{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA} - (no file)
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-GoZ DS4 (64bit) 1.2.1.56 - c:\program files\DAZ 3D\DAZStudio4\Uninstallers\Remove-DS4_GoZ_Win64.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2729460 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2737083 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2742613 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2789648 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2804582 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOCC7.00.00.01PROSTATION"="9ACA4C9BCC53D4A4374D5A5C6060FC49478F67AB37A8F3D14B6DD68B3E87BE691FB86D6C68D834CCB29DBCED6CB932B9504A18EE132160A0EFEBA56D97BF813024FEF4B59539562D0766AD6704258E9CC95B42C24A644FB8C729C2C758C8BFBDAA3AB22B5903B2FE26F0751170ECD250B7DAC6A3061C68BE83A647EEA9C6AB1C39F61893FE76A45006F6FE46398FA308A14F2A23B0223BABDF5BF2C778925BA6D83A3C4B140AEC8123ABDC79B1BF884913B7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA2D97226D213B5558EDD5E5BE2F6E667A60577AA1799EB809D8ABCA6E37D474F4166F911F62978DFDFD76C522C4AD41D7D97A7E57D311557B3215217BE3D9B7536BD76995B91CA6A56E3606FAA1F6887216D8998D07E9C9888139C1D3515EECB1DBE00DA7C12E3F2DAAC733128B11C0F82D9C3F0AADA942A82468423260564087507DD1BA56E971D26A2F0DB75AA15E133C241D085F493E8AF38B2C9D5DD22D163C79DD5023EBFFC97CC65694B06FA226A252FCBC04E33253D7998E06EC7D5C6B1478D3CA36EB79D2FC42185C194FEE7028FFE2D1FBC94A281ADE871FABC2DF7CBDDC33081BD617D153ABA11D7FBCF3E7AA5E7F14969D798F18C99346C0D5DEAC37996C972BFA10E126E891F71B42524769EE4CB495326B42D64E59896591E184D9AA3D4B55D5FB492392CF9530C378C3CC4321F8FCAA716F1134EC0321AA9ECC1564B506C50084D2B02031DA7A1C4DDB678D3086FF60CCFA38E1603DB99404A9ED630EF1BAB8C2410C9B33A7E6A0E7375AC0ED09FD086EBCA5D42EA14F6268404D8BA1C2CCF627B1C2028B449AF5A1DAB69EC7D3CA6CCE3131E2036BE24A265B7AE98EE6C768109CCAE8B25DD0E729CAEC8BDC245191B2B4C7FBD58A3E7812AA13BB7380E2B6578C3ACD059767624A9F97A12891C9EADA26A46EE75715D1203CEFA4F7BA5CC90E6C6E9AB50B32E40702E4240708A02C92405CACA6A36F329957178D4712C90866641C8163F954C9D0E8BF6E34839DFB37AD879AB46E7ED9CFADB56848480FC50FB3F3F4D8D04BE1695FA83D896BAAA38664552B0485D6248400AC9DF55E26E7A23F2D6D15AC947061006E6C39580A7A49CCEE8BEE9D4BA0D65961BAA36F815944AB3AF697313F750F6DCB6083261704BC31C677A556DB74E61C3A9ECAE4CF336D1F8F91DDF73BCDAB8D117D28D9AF204787A08D1672CEAF29BF564F27A4B63759062FCBA55E1D08D3A5A45107D4A7129CB589CF1B4783B67F036D1CB0AC48E6FCFB29252C2B8C3D6511490F18C748198BF4B874E0220629A33AF8B4D007075454E4E2AB948357CA8C83CDBF0F7800C36CD8AC31ECBD2F10128363E0EB367EB1B3EBEC409B87BB2"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\PHotkey\ASLDRSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\PHotkey\GPMTray.exe
c:\program files (x86)\PHotkey\MsgTranAgt.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\SysWOW64\jmdp\stij.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-10 14:58:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-10 12:58
ComboFix2.txt 2013-06-10 12:13
.
Vor Suchlauf: 19 Verzeichnis(se), 408,014,979,072 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 407,918,460,928 Bytes frei
.
- - End Of File - - E336D01F63FF155355E0FA4EFA93A270
4624822E540EC83CD0819525C65846BA
Popup Fehlermeldung: Fensterüberschrift ::{26EE0668-A00A-44D7-9371-BEB064C98683} Fehlermeldung Der Datei ist kein Programm zum Ausführen dieserAktion zugeordnet. Installieren Sie ein entsprechendes Programm, oder erstellen Sie in der Systemsteuerung unter "Standartprogramme" eine Zuordnung, wenn bereits ein Programm installiert ist Drücke ich jetzt den "OK" Button, erscheint ein neues Fenster mit gleicher Meldung aber anderer Überschrift Explorer.EXE Auch kann ich auf meine Laufwerke weder über das Icon "auf dem Desktop noch über das Startmenü zugreifen. Andere von mir angelegte Ordner öffnen sich auch nicht. Hierbei erscheint aber keine Fehlermeldung, es tut sich einfach nichts  Gruss Holly |
|
10.06.2013, 15:01
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! |
|
11.06.2013, 08:41
| #7 |
| | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! Soweit alles geklappt mbar-Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.10.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Holly Thomas :: HOLLYTHOMAS-PC [administrator]
10.06.2013 19:30:44
mbar-log-2013-06-10 (19-30-44).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 265384
Time elapsed: 9 minute(s), 22 second(s)
Memory Processes Detected: 1
c:\Windows\System32\nlsdatb0816.exe (Adware.Agent) -> 3884 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\print64 (Adware.Agent) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Windows\System32\nlsdatb0816.exe (Adware.Agent) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-10 20:13:05
-----------------------------
20:13:05.101 OS Version: Windows x64 6.1.7601 Service Pack 1
20:13:05.101 Number of processors: 8 586 0x3A09
20:13:05.101 ComputerName: HOLLYTHOMAS-PC UserName: Holly Thomas
20:13:07.488 Initialize success
20:13:21.362 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000008b
20:13:21.362 Disk 0 Vendor: ATA_____ 0002 Size: 715404MB BusType: 11
20:13:21.612 Disk 0 MBR read error 0
20:13:21.612 Disk 0 MBR scan
20:13:21.612 Disk 0 unknown MBR code
20:13:21.612 MBR BIOS signature not found 0
20:13:21.752 Disk 0 scanning C:\Windows\system32\drivers
20:13:28.367 Service scanning
20:13:37.524 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
20:13:37.602 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
20:13:37.633 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
20:13:37.649 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
20:13:37.680 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
20:13:37.727 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
20:13:49.162 Modules scanning
20:13:49.162 Disk 0 trace - called modules:
20:13:49.193 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
20:13:49.209 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b63790]
20:13:49.209 3 CLASSPNP.SYS[fffff880019b943f] -> nt!IofCallDriver -> [0xfffffa8007a89c50]
20:13:49.224 5 iaStorF.sys[fffff8800249fa2c] -> nt!IofCallDriver -> \Device\0000008b[0xfffffa8005d268f0]
20:13:49.224 Scan finished successfully
20:14:22.593 Disk 0 MBR has been saved successfully to "C:\Users\Holly Thomas\Desktop\MBR.dat"
20:14:22.593 The log file has been saved successfully to "C:\Users\Holly Thomas\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-10 20:22:30
-----------------------------
20:22:30.847 OS Version: Windows x64 6.1.7601 Service Pack 1
20:22:30.847 Number of processors: 8 586 0x3A09
20:22:30.847 ComputerName: HOLLYTHOMAS-PC UserName: Holly Thomas
20:22:32.516 Initialize success
20:42:28.795 AVAST engine defs: 13061001
20:43:13.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000008b
20:43:13.504 Disk 0 Vendor: ATA_____ 0002 Size: 715404MB BusType: 11
20:43:13.707 Disk 0 MBR read successfully
20:43:13.723 Disk 0 MBR scan
20:43:13.723 Disk 0 unknown MBR code
20:43:13.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:43:13.754 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 450000 MB offset 206848
20:43:13.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 264276 MB offset 921808896
20:43:13.816 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1463046144
20:43:13.925 Disk 0 scanning C:\Windows\system32\drivers
20:43:25.532 Service scanning
20:43:54.361 Modules scanning
20:43:54.361 Disk 0 trace - called modules:
20:43:54.423 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
20:43:54.439 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b63790]
20:43:54.439 3 CLASSPNP.SYS[fffff880019b943f] -> nt!IofCallDriver -> [0xfffffa8007a89c50]
20:43:54.454 5 iaStorF.sys[fffff8800249fa2c] -> nt!IofCallDriver -> \Device\0000008b[0xfffffa8005d268f0]
20:43:55.531 AVAST engine scan C:\Windows
20:43:59.228 AVAST engine scan C:\Windows\system32
20:46:42.077 AVAST engine scan C:\Windows\system32\drivers
20:46:52.591 AVAST engine scan C:\Users\Holly Thomas
20:52:34.918 AVAST engine scan C:\ProgramData
20:54:14.743 Scan finished successfully
20:55:25.114 Disk 0 MBR has been saved successfully to "C:\Users\Holly Thomas\Desktop\MBR.dat"
20:55:25.114 The log file has been saved successfully to "C:\Users\Holly Thomas\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-10 20:22:30
-----------------------------
20:22:30.847 OS Version: Windows x64 6.1.7601 Service Pack 1
20:22:30.847 Number of processors: 8 586 0x3A09
20:22:30.847 ComputerName: HOLLYTHOMAS-PC UserName: Holly Thomas
20:22:32.516 Initialize success
20:42:28.795 AVAST engine defs: 13061001
20:43:13.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000008b
20:43:13.504 Disk 0 Vendor: ATA_____ 0002 Size: 715404MB BusType: 11
20:43:13.707 Disk 0 MBR read successfully
20:43:13.723 Disk 0 MBR scan
20:43:13.723 Disk 0 unknown MBR code
20:43:13.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:43:13.754 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 450000 MB offset 206848
20:43:13.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 264276 MB offset 921808896
20:43:13.816 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1463046144
20:43:13.925 Disk 0 scanning C:\Windows\system32\drivers
20:43:25.532 Service scanning
20:43:54.361 Modules scanning
20:43:54.361 Disk 0 trace - called modules:
20:43:54.423 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
20:43:54.439 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b63790]
20:43:54.439 3 CLASSPNP.SYS[fffff880019b943f] -> nt!IofCallDriver -> [0xfffffa8007a89c50]
20:43:54.454 5 iaStorF.sys[fffff8800249fa2c] -> nt!IofCallDriver -> \Device\0000008b[0xfffffa8005d268f0]
20:43:55.531 AVAST engine scan C:\Windows
20:43:59.228 AVAST engine scan C:\Windows\system32
20:46:42.077 AVAST engine scan C:\Windows\system32\drivers
20:46:52.591 AVAST engine scan C:\Users\Holly Thomas
20:52:34.918 AVAST engine scan C:\ProgramData
20:54:14.743 Scan finished successfully
20:55:25.114 Disk 0 MBR has been saved successfully to "C:\Users\Holly Thomas\Desktop\MBR.dat"
20:55:25.114 The log file has been saved successfully to "C:\Users\Holly Thomas\Desktop\aswMBR.txt"
20:55:38.027 Disk 0 MBR has been saved successfully to "C:\Users\Holly Thomas\Desktop\MBR.dat"
20:55:38.027 The log file has been saved successfully to "C:\Users\Holly Thomas\Desktop\aswMBR.txt"
TDSSKiller-Log: Code:
ATTFilter 09:30:57.0589 2308 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:30:57.0589 2308 ============================================================
09:30:57.0589 2308 Current date / time: 2013/06/11 09:30:57.0589
09:30:57.0589 2308 SystemInfo:
09:30:57.0589 2308
09:30:57.0589 2308 OS Version: 6.1.7601 ServicePack: 1.0
09:30:57.0589 2308 Product type: Workstation
09:30:57.0589 2308 ComputerName: HOLLYTHOMAS-PC
09:30:57.0589 2308 UserName: Holly Thomas
09:30:57.0589 2308 Windows directory: C:\Windows
09:30:57.0589 2308 System windows directory: C:\Windows
09:30:57.0589 2308 Running under WOW64
09:30:57.0589 2308 Processor architecture: Intel x64
09:30:57.0589 2308 Number of processors: 8
09:30:57.0589 2308 Page size: 0x1000
09:30:57.0589 2308 Boot type: Normal boot
09:30:57.0589 2308 ============================================================
09:30:58.0930 2308 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x12629C6, SectorsPerTrack: 0x1, TracksPerCylinder: 0x4C, Type 'K0', Flags 0x00000040
09:30:58.0946 2308 ============================================================
09:30:58.0946 2308 \Device\Harddisk0\DR0:
09:30:58.0946 2308 MBR partitions:
09:30:58.0946 2308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:30:58.0946 2308 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36EE8000
09:30:58.0946 2308 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36F1B000, BlocksNum 0x2042A000
09:30:58.0946 2308 ============================================================
09:30:59.0024 2308 C: <-> \Device\Harddisk0\DR0\Partition2
09:30:59.0071 2308 D: <-> \Device\Harddisk0\DR0\Partition3
09:30:59.0071 2308 ============================================================
09:30:59.0071 2308 Initialize success
09:30:59.0071 2308 ============================================================
09:31:07.0417 4040 ============================================================
09:31:07.0417 4040 Scan started
09:31:07.0417 4040 Mode: Manual; SigCheck; TDLFS;
09:31:07.0417 4040 ============================================================
09:31:08.0041 4040 ================ Scan system memory ========================
09:31:08.0041 4040 System memory - ok
09:31:08.0041 4040 ================ Scan services =============================
09:31:08.0197 4040 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:31:08.0244 4040 1394ohci - ok
09:31:08.0259 4040 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:31:08.0275 4040 ACPI - ok
09:31:08.0290 4040 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:31:08.0306 4040 AcpiPmi - ok
09:31:08.0400 4040 AddonsHelper - ok
09:31:08.0509 4040 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:31:08.0524 4040 AdobeARMservice - ok
09:31:08.0649 4040 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:31:08.0665 4040 AdobeFlashPlayerUpdateSvc - ok
09:31:08.0758 4040 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:31:08.0790 4040 adp94xx - ok
09:31:08.0790 4040 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:31:08.0805 4040 adpahci - ok
09:31:08.0805 4040 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:31:08.0821 4040 adpu320 - ok
09:31:08.0836 4040 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:31:08.0868 4040 AeLookupSvc - ok
09:31:08.0883 4040 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:31:08.0899 4040 AFD - ok
09:31:08.0899 4040 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:31:08.0914 4040 agp440 - ok
09:31:08.0930 4040 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:31:08.0946 4040 ALG - ok
09:31:08.0946 4040 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:31:08.0946 4040 aliide - ok
09:31:08.0946 4040 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:31:08.0961 4040 amdide - ok
09:31:08.0977 4040 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:31:08.0977 4040 AmdK8 - ok
09:31:08.0992 4040 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:31:08.0992 4040 AmdPPM - ok
09:31:09.0008 4040 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:31:09.0008 4040 amdsata - ok
09:31:09.0055 4040 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:31:09.0055 4040 amdsbs - ok
09:31:09.0070 4040 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:31:09.0086 4040 amdxata - ok
09:31:09.0102 4040 [ E3C6DAE5493E9B07EE98711D04D863FF ] ampa C:\Windows\system32\ampa.sys
09:31:09.0148 4040 ampa ( UnsignedFile.Multi.Generic ) - warning
09:31:09.0148 4040 ampa - detected UnsignedFile.Multi.Generic (1)
09:31:09.0211 4040 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
09:31:09.0226 4040 AMPPAL - ok
09:31:09.0242 4040 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
09:31:09.0242 4040 AMPPALP - ok
09:31:09.0336 4040 [ EDFB061F7D553B84731B8263077FD520 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
09:31:09.0398 4040 AMPPALR3 - ok
09:31:09.0429 4040 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:31:09.0460 4040 AppID - ok
09:31:09.0492 4040 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:31:09.0507 4040 AppIDSvc - ok
09:31:09.0538 4040 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
09:31:09.0538 4040 Appinfo - ok
09:31:09.0601 4040 [ A21971756255385CB494EF0E76FA653A ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
09:31:09.0632 4040 Application Updater - ok
09:31:09.0679 4040 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
09:31:09.0694 4040 arc - ok
09:31:09.0694 4040 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:31:09.0694 4040 arcsas - ok
09:31:09.0757 4040 [ EFD89582B55DD32DC79C1A4EB54612A1 ] ASLDRService C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
09:31:09.0819 4040 ASLDRService - ok
09:31:09.0944 4040 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:31:09.0960 4040 aspnet_state - ok
09:31:09.0991 4040 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:31:10.0022 4040 AsyncMac - ok
09:31:10.0022 4040 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:31:10.0022 4040 atapi - ok
09:31:10.0069 4040 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:31:10.0084 4040 AudioEndpointBuilder - ok
09:31:10.0100 4040 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:31:10.0131 4040 AudioSrv - ok
09:31:10.0178 4040 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
09:31:10.0240 4040 AVP - ok
09:31:10.0272 4040 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:31:10.0287 4040 AxInstSV - ok
09:31:10.0318 4040 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:31:10.0350 4040 b06bdrv - ok
09:31:10.0365 4040 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:31:10.0381 4040 b57nd60a - ok
09:31:10.0412 4040 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:31:10.0428 4040 BDESVC - ok
09:31:10.0474 4040 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:31:10.0521 4040 Beep - ok
09:31:10.0552 4040 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:31:10.0584 4040 BFE - ok
09:31:10.0615 4040 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
09:31:10.0646 4040 BITS - ok
09:31:10.0677 4040 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:31:10.0677 4040 blbdrive - ok
09:31:10.0833 4040 [ 883D931697B804EBA802BE0061E7A902 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
09:31:10.0864 4040 Bluetooth Device Monitor - ok
09:31:11.0083 4040 [ C7A590C6B249B3CB4724F9863ED6D18A ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
09:31:11.0114 4040 Bluetooth Media Service - ok
09:31:11.0145 4040 [ CC1C3137DE8A2C858E450D286A87C6BC ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
09:31:11.0161 4040 Bluetooth OBEX Service - ok
09:31:11.0176 4040 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:31:11.0176 4040 bowser - ok
09:31:11.0208 4040 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:31:11.0208 4040 BrFiltLo - ok
09:31:11.0223 4040 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:31:11.0239 4040 BrFiltUp - ok
09:31:11.0286 4040 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:31:11.0317 4040 BridgeMP - ok
09:31:11.0348 4040 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:31:11.0364 4040 Browser - ok
09:31:11.0379 4040 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:31:11.0395 4040 Brserid - ok
09:31:11.0395 4040 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:31:11.0395 4040 BrSerWdm - ok
09:31:11.0410 4040 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:31:11.0410 4040 BrUsbMdm - ok
09:31:11.0410 4040 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:31:11.0426 4040 BrUsbSer - ok
09:31:11.0457 4040 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
09:31:11.0457 4040 BthEnum - ok
09:31:11.0473 4040 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:31:11.0488 4040 BTHMODEM - ok
09:31:11.0488 4040 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:31:11.0504 4040 BthPan - ok
09:31:11.0535 4040 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
09:31:11.0551 4040 BTHPORT - ok
09:31:11.0582 4040 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:31:11.0613 4040 bthserv - ok
09:31:11.0644 4040 [ A3BC030FC526643DFDCA27299F75544B ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
09:31:11.0660 4040 BTHSSecurityMgr - ok
09:31:11.0676 4040 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
09:31:11.0691 4040 BTHUSB - ok
09:31:11.0707 4040 [ 49E91B6E57D0BD0CC590471C276757BC ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
09:31:11.0722 4040 btmaux - ok
09:31:11.0769 4040 [ AC249CEB05F96B927FABDF22B6ABEE40 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
09:31:11.0785 4040 btmhsf - ok
09:31:11.0800 4040 catchme - ok
09:31:11.0816 4040 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:31:11.0847 4040 cdfs - ok
09:31:11.0878 4040 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:31:11.0878 4040 cdrom - ok
09:31:11.0910 4040 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:31:11.0941 4040 CertPropSvc - ok
09:31:12.0003 4040 [ 7D2146012EA63B13642308FB8E86765F ] cFosSpeed C:\Windows\system32\DRIVERS\cfosspeed6.sys
09:31:12.0081 4040 cFosSpeed - ok
09:31:12.0128 4040 [ BF198D0369348CF2C037230E686C3976 ] cFosSpeedS C:\Program Files\cFosSpeed\spd.exe
09:31:12.0206 4040 cFosSpeedS - ok
09:31:12.0222 4040 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
09:31:12.0237 4040 circlass - ok
09:31:12.0268 4040 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:31:12.0284 4040 CLFS - ok
09:31:12.0362 4040 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:31:12.0378 4040 clr_optimization_v2.0.50727_32 - ok
09:31:12.0424 4040 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:31:12.0440 4040 clr_optimization_v2.0.50727_64 - ok
09:31:12.0502 4040 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:31:12.0502 4040 clr_optimization_v4.0.30319_32 - ok
09:31:12.0518 4040 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:31:12.0534 4040 clr_optimization_v4.0.30319_64 - ok
09:31:12.0565 4040 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
09:31:12.0596 4040 clwvd - ok
09:31:12.0627 4040 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:31:12.0643 4040 CmBatt - ok
09:31:12.0658 4040 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:31:12.0674 4040 cmdide - ok
09:31:12.0690 4040 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:31:12.0705 4040 CNG - ok
09:31:12.0721 4040 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:31:12.0736 4040 Compbatt - ok
09:31:12.0752 4040 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:31:12.0752 4040 CompositeBus - ok
09:31:12.0752 4040 COMSysApp - ok
09:31:12.0830 4040 [ 12ECF907D1FB4D19D55169D00FB4F907 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:31:12.0892 4040 cphs - ok
09:31:12.0908 4040 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:31:12.0908 4040 crcdisk - ok
09:31:12.0986 4040 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:31:13.0002 4040 CryptSvc - ok
09:31:13.0095 4040 [ 958EF96991ABCCFDAC0953C4A24081DC ] DAZContentManagementService C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
09:31:13.0111 4040 DAZContentManagementService ( UnsignedFile.Multi.Generic ) - warning
09:31:13.0111 4040 DAZContentManagementService - detected UnsignedFile.Multi.Generic (1)
09:31:13.0158 4040 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:31:13.0204 4040 DcomLaunch - ok
09:31:13.0220 4040 [ F1BF87B19D32D68DC3A8B1C03F9861B5 ] ddmdrv C:\Windows\system32\ddmdrv.sys
09:31:13.0267 4040 ddmdrv ( UnsignedFile.Multi.Generic ) - warning
09:31:13.0267 4040 ddmdrv - detected UnsignedFile.Multi.Generic (1)
09:31:13.0298 4040 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:31:13.0329 4040 defragsvc - ok
09:31:13.0392 4040 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:31:13.0438 4040 DfsC - ok
09:31:13.0454 4040 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:31:13.0470 4040 Dhcp - ok
09:31:13.0485 4040 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:31:13.0501 4040 discache - ok
09:31:13.0516 4040 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
09:31:13.0516 4040 Disk - ok
09:31:13.0563 4040 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:31:13.0579 4040 Dnscache - ok
09:31:13.0610 4040 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:31:13.0626 4040 dot3svc - ok
09:31:13.0641 4040 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:31:13.0672 4040 DPS - ok
09:31:13.0688 4040 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:31:13.0704 4040 drmkaud - ok
09:31:13.0735 4040 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:31:13.0750 4040 DXGKrnl - ok
09:31:13.0782 4040 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:31:13.0828 4040 EapHost - ok
09:31:13.0938 4040 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:31:13.0953 4040 ebdrv - ok
09:31:13.0984 4040 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:31:14.0000 4040 EFS - ok
09:31:14.0078 4040 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:31:14.0109 4040 ehRecvr - ok
09:31:14.0109 4040 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:31:14.0125 4040 ehSched - ok
09:31:14.0172 4040 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:31:14.0187 4040 elxstor - ok
09:31:14.0218 4040 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:31:14.0218 4040 ErrDev - ok
09:31:14.0250 4040 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:31:14.0281 4040 EventSystem - ok
09:31:14.0390 4040 [ 6EB16C7286FBCD3AB206743BA813EC48 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:31:14.0421 4040 EvtEng - ok
09:31:14.0437 4040 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:31:14.0468 4040 exfat - ok
09:31:14.0484 4040 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:31:14.0515 4040 fastfat - ok
09:31:14.0562 4040 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:31:14.0577 4040 Fax - ok
09:31:14.0593 4040 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
09:31:14.0608 4040 fdc - ok
09:31:14.0624 4040 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:31:14.0655 4040 fdPHost - ok
09:31:14.0671 4040 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:31:14.0686 4040 FDResPub - ok
09:31:14.0718 4040 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:31:14.0733 4040 FileInfo - ok
09:31:14.0749 4040 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:31:14.0780 4040 Filetrace - ok
09:31:14.0858 4040 [ 00907C94641E14F3ADBB2A533EFD8BF3 ] FirebirdGuardianDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
09:31:14.0874 4040 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
09:31:14.0874 4040 FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic (1)
09:31:14.0983 4040 [ 468AEC7534B7B0A66AC5FE9A2C0020E4 ] FirebirdServerDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
09:31:15.0030 4040 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
09:31:15.0030 4040 FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic (1)
09:31:15.0045 4040 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:31:15.0045 4040 flpydisk - ok
09:31:15.0061 4040 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:31:15.0076 4040 FltMgr - ok
09:31:15.0139 4040 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
09:31:15.0170 4040 FontCache - ok
09:31:15.0264 4040 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:31:15.0279 4040 FontCache3.0.0.0 - ok
09:31:15.0310 4040 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:31:15.0326 4040 FsDepends - ok
09:31:15.0342 4040 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:31:15.0357 4040 Fs_Rec - ok
09:31:15.0404 4040 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:31:15.0404 4040 fvevol - ok
09:31:15.0435 4040 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:31:15.0435 4040 gagp30kx - ok
09:31:15.0482 4040 [ 618EF0B56F114309CA2D7152D00A1BF0 ] GFilterSvc C:\Windows\System32\GFilterSvc.exe
09:31:15.0482 4040 GFilterSvc ( UnsignedFile.Multi.Generic ) - warning
09:31:15.0482 4040 GFilterSvc - detected UnsignedFile.Multi.Generic (1)
09:31:15.0529 4040 [ 4E1D0A246E10CFDDBF856432418DE404 ] GFNEXSrv C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
09:31:15.0544 4040 GFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
09:31:15.0544 4040 GFNEXSrv - detected UnsignedFile.Multi.Generic (1)
09:31:15.0607 4040 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:31:15.0654 4040 gpsvc - ok
09:31:15.0700 4040 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:31:15.0716 4040 gupdate - ok
09:31:15.0716 4040 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:31:15.0716 4040 gupdatem - ok
09:31:15.0732 4040 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:31:15.0747 4040 hcw85cir - ok
09:31:15.0778 4040 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:31:15.0778 4040 HdAudAddService - ok
09:31:15.0810 4040 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:31:15.0810 4040 HDAudBus - ok
09:31:15.0825 4040 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:31:15.0841 4040 HidBatt - ok
09:31:15.0841 4040 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:31:15.0856 4040 HidBth - ok
09:31:15.0856 4040 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
09:31:15.0872 4040 HidIr - ok
09:31:15.0888 4040 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
09:31:15.0919 4040 hidserv - ok
09:31:15.0934 4040 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:31:15.0950 4040 HidUsb - ok
09:31:15.0966 4040 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:31:15.0997 4040 hkmsvc - ok
09:31:16.0012 4040 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:31:16.0028 4040 HomeGroupListener - ok
09:31:16.0044 4040 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:31:16.0059 4040 HomeGroupProvider - ok
09:31:16.0075 4040 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:31:16.0075 4040 HpSAMD - ok
09:31:16.0122 4040 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:31:16.0153 4040 HTTP - ok
09:31:16.0168 4040 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:31:16.0184 4040 hwpolicy - ok
09:31:16.0200 4040 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:31:16.0200 4040 i8042prt - ok
09:31:16.0231 4040 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys
09:31:16.0262 4040 iaStor - ok
09:31:16.0324 4040 [ FA4C48E36F0B24E7E33D3E7E1844B9C9 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
09:31:16.0387 4040 iaStorA - ok
09:31:16.0434 4040 [ D5854F77CEEAFC5A8405F8ECCBEC09DF ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
09:31:16.0512 4040 IAStorDataMgrSvc - ok
09:31:16.0543 4040 [ 05E24E2CA39C0D2FAADE8FC603345A7D ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
09:31:16.0574 4040 iaStorF - ok
09:31:16.0605 4040 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:31:16.0621 4040 iaStorV - ok
09:31:16.0636 4040 [ C430482AC892D52CED021EDDD4D368A2 ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
09:31:16.0683 4040 ibtfltcoex - ok
09:31:16.0746 4040 [ C58305AC412A2DE95D461072E0AF5AAF ] IBUpdaterService C:\Windows\system32\dmwu.exe
09:31:16.0777 4040 IBUpdaterService - ok
09:31:16.0870 4040 [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
09:31:16.0917 4040 ICCS - ok
09:31:17.0042 4040 [ 829EA5ECCAA623279D94EAEE3B5AD140 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
09:31:17.0104 4040 IconMan_R - ok
09:31:17.0167 4040 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:31:17.0198 4040 idsvc - ok
09:31:17.0338 4040 [ 54FB3B4847B6CD8CE1B448471ADFE02A ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:31:17.0370 4040 igfx - ok
09:31:17.0401 4040 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:31:17.0416 4040 iirsp - ok
09:31:17.0448 4040 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:31:17.0479 4040 IKEEXT - ok
09:31:17.0588 4040 [ 826B707277FECF130AB4B5F156B53837 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:31:17.0666 4040 IntcAzAudAddService - ok
09:31:17.0713 4040 [ 0E0B99617ED3FDB6C5F0E2D62709B5DF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:31:17.0744 4040 IntcDAud - ok
09:31:17.0822 4040 [ C6128F2E3DC6156C6F8828F9F1B96010 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:31:17.0853 4040 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - warning
09:31:17.0853 4040 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic (1)
09:31:17.0884 4040 [ 729AB4F0608E95EFF8FDEF23596283E2 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
09:31:17.0916 4040 Intel(R) Capability Licensing Service TCP IP Interface - ok
09:31:17.0931 4040 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:31:17.0931 4040 intelide - ok
09:31:17.0962 4040 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
09:31:17.0962 4040 intelppm - ok
09:31:17.0994 4040 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:31:18.0025 4040 IPBusEnum - ok
09:31:18.0025 4040 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:31:18.0040 4040 IpFilterDriver - ok
09:31:18.0087 4040 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:31:18.0087 4040 iphlpsvc - ok
09:31:18.0103 4040 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:31:18.0103 4040 IPMIDRV - ok
09:31:18.0103 4040 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:31:18.0134 4040 IPNAT - ok
09:31:18.0150 4040 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:31:18.0165 4040 IRENUM - ok
09:31:18.0181 4040 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:31:18.0181 4040 isapnp - ok
09:31:18.0228 4040 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:31:18.0228 4040 iScsiPrt - ok
09:31:18.0259 4040 [ 7A4D015FF432645C55C162DADAEA143E ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
09:31:18.0290 4040 iusb3hcs - ok
09:31:18.0321 4040 [ 5D6164479F6F900ACD287FDC6935532E ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
09:31:18.0368 4040 iusb3hub - ok
09:31:18.0415 4040 [ 9F5687C7EFA906E4F33586D393F7C257 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
09:31:18.0477 4040 iusb3xhc - ok
09:31:18.0524 4040 [ 924019BC58FEDDE04A08C45EC1CF1847 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
09:31:18.0602 4040 jhi_service - ok
09:31:18.0633 4040 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:31:18.0633 4040 kbdclass - ok
09:31:18.0649 4040 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:31:18.0664 4040 kbdhid - ok
09:31:18.0664 4040 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:31:18.0680 4040 KeyIso - ok
09:31:18.0711 4040 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
09:31:18.0774 4040 kl1 - ok
09:31:18.0820 4040 [ 2CBD248370721DCAD632DB70D09C5A6D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
09:31:18.0867 4040 KLIF - ok
09:31:18.0898 4040 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
09:31:18.0930 4040 KLIM6 - ok
09:31:18.0945 4040 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
09:31:18.0976 4040 klkbdflt - ok
09:31:18.0992 4040 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
09:31:19.0054 4040 klmouflt - ok
09:31:19.0070 4040 [ 982974975E679276F0FA39EFA331A268 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
09:31:19.0101 4040 kltdi - ok
09:31:19.0132 4040 [ 1FCB657B581CC4DF17FD6571F93602DE ] kneps C:\Windows\system32\DRIVERS\kneps.sys
09:31:19.0164 4040 kneps - ok
09:31:19.0210 4040 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:31:19.0226 4040 KSecDD - ok
09:31:19.0226 4040 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:31:19.0242 4040 KSecPkg - ok
09:31:19.0257 4040 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:31:19.0288 4040 ksthunk - ok
09:31:19.0320 4040 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:31:19.0335 4040 KtmRm - ok
09:31:19.0413 4040 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:31:19.0444 4040 LanmanServer - ok
09:31:19.0476 4040 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:31:19.0507 4040 LanmanWorkstation - ok
09:31:19.0585 4040 [ 101CFC3764C27259847188581B185EA6 ] LiveTunerPM C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys
09:31:19.0647 4040 LiveTunerPM - ok
09:31:19.0647 4040 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:31:19.0678 4040 lltdio - ok
09:31:19.0725 4040 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:31:19.0741 4040 lltdsvc - ok
09:31:19.0756 4040 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:31:19.0788 4040 lmhosts - ok
09:31:19.0944 4040 [ DF9ADD70659EA4F2A17075524E043FD8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:31:20.0006 4040 LMS - ok
09:31:20.0022 4040 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:31:20.0022 4040 LSI_FC - ok
09:31:20.0037 4040 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:31:20.0037 4040 LSI_SAS - ok
09:31:20.0053 4040 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:31:20.0068 4040 LSI_SAS2 - ok
09:31:20.0068 4040 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:31:20.0084 4040 LSI_SCSI - ok
09:31:20.0084 4040 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:31:20.0115 4040 luafv - ok
09:31:20.0146 4040 [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter C:\Windows\system32\drivers\massfilter.sys
09:31:20.0146 4040 massfilter - ok
09:31:20.0178 4040 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:31:20.0193 4040 Mcx2Svc - ok
09:31:20.0193 4040 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
09:31:20.0209 4040 megasas - ok
09:31:20.0224 4040 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:31:20.0240 4040 MegaSR - ok
09:31:20.0271 4040 [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:31:20.0302 4040 MEIx64 - ok
09:31:20.0365 4040 [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
09:31:20.0365 4040 MemeoBackgroundService - ok
09:31:20.0396 4040 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:31:20.0443 4040 MMCSS - ok
09:31:20.0458 4040 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:31:20.0490 4040 Modem - ok
09:31:20.0505 4040 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:31:20.0505 4040 monitor - ok
09:31:20.0521 4040 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:31:20.0521 4040 mouclass - ok
09:31:20.0536 4040 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:31:20.0552 4040 mouhid - ok
09:31:20.0599 4040 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:31:20.0614 4040 mountmgr - ok
09:31:20.0646 4040 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:31:20.0661 4040 MozillaMaintenance - ok
09:31:20.0692 4040 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:31:20.0692 4040 mpio - ok
09:31:20.0724 4040 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:31:20.0755 4040 mpsdrv - ok
09:31:20.0770 4040 MpsSvc - ok
09:31:20.0786 4040 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:31:20.0802 4040 MRxDAV - ok
09:31:20.0817 4040 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:31:20.0817 4040 mrxsmb - ok
09:31:20.0848 4040 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:31:20.0848 4040 mrxsmb10 - ok
09:31:20.0864 4040 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:31:20.0880 4040 mrxsmb20 - ok
09:31:20.0880 4040 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:31:20.0880 4040 msahci - ok
09:31:20.0895 4040 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:31:20.0895 4040 msdsm - ok
09:31:20.0926 4040 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:31:20.0926 4040 MSDTC - ok
09:31:20.0958 4040 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:31:20.0973 4040 Msfs - ok
09:31:20.0989 4040 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:31:21.0004 4040 mshidkmdf - ok
09:31:21.0020 4040 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:31:21.0020 4040 msisadrv - ok
09:31:21.0067 4040 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:31:21.0082 4040 MSiSCSI - ok
09:31:21.0082 4040 msiserver - ok
09:31:21.0114 4040 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:31:21.0160 4040 MSKSSRV - ok
09:31:21.0160 4040 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:31:21.0192 4040 MSPCLOCK - ok
09:31:21.0207 4040 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:31:21.0238 4040 MSPQM - ok
09:31:21.0254 4040 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:31:21.0254 4040 MsRPC - ok
09:31:21.0270 4040 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:31:21.0285 4040 mssmbios - ok
09:31:21.0285 4040 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:31:21.0316 4040 MSTEE - ok
09:31:21.0316 4040 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:31:21.0316 4040 MTConfig - ok
09:31:21.0332 4040 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:31:21.0348 4040 Mup - ok
09:31:21.0379 4040 [ 7E11D1788F5B531D49EF0AF97202437B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
09:31:21.0394 4040 MyWiFiDHCPDNS - ok
09:31:21.0441 4040 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:31:21.0472 4040 napagent - ok
09:31:21.0519 4040 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:31:21.0550 4040 NativeWifiP - ok
09:31:21.0597 4040 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:31:21.0613 4040 NDIS - ok
09:31:21.0644 4040 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:31:21.0691 4040 NdisCap - ok
09:31:21.0706 4040 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:31:21.0738 4040 NdisTapi - ok
09:31:21.0753 4040 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:31:21.0769 4040 Ndisuio - ok
09:31:21.0800 4040 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:31:21.0816 4040 NdisWan - ok
09:31:21.0847 4040 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:31:21.0862 4040 NDProxy - ok
09:31:21.0878 4040 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:31:21.0909 4040 NetBIOS - ok
09:31:21.0925 4040 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:31:21.0940 4040 NetBT - ok
09:31:21.0956 4040 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:31:21.0956 4040 Netlogon - ok
09:31:21.0987 4040 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:31:22.0018 4040 Netman - ok
09:31:22.0096 4040 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:31:22.0112 4040 NetMsmqActivator - ok
09:31:22.0128 4040 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:31:22.0143 4040 NetPipeActivator - ok
09:31:22.0174 4040 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:31:22.0206 4040 netprofm - ok
09:31:22.0206 4040 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:31:22.0221 4040 NetTcpActivator - ok
09:31:22.0221 4040 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:31:22.0237 4040 NetTcpPortSharing - ok
09:31:22.0486 4040 [ 98CF53F7B23F77D082805D5DBBD99A4E ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
09:31:22.0580 4040 NETwNs64 - ok
09:31:22.0611 4040 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:31:22.0627 4040 nfrd960 - ok
09:31:22.0642 4040 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:31:22.0642 4040 NlaSvc - ok
09:31:22.0642 4040 nlsX86cc - ok
09:31:22.0674 4040 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:31:22.0705 4040 Npfs - ok
09:31:22.0720 4040 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:31:22.0752 4040 nsi - ok
09:31:22.0752 4040 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:31:22.0783 4040 nsiproxy - ok
09:31:22.0845 4040 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:31:22.0876 4040 Ntfs - ok
09:31:22.0892 4040 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:31:22.0923 4040 Null - ok
09:31:22.0954 4040 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
09:31:22.0970 4040 NVENETFD - ok
09:31:23.0204 4040 [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:31:23.0344 4040 nvlddmkm - ok
09:31:23.0376 4040 [ 7067753FA8B75A3BDBA5633B4D2A5D0A ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
09:31:23.0422 4040 nvpciflt - ok
09:31:23.0438 4040 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:31:23.0454 4040 nvraid - ok
09:31:23.0469 4040 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:31:23.0469 4040 nvstor - ok
09:31:23.0532 4040 [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc C:\Windows\system32\nvvsvc.exe
09:31:23.0610 4040 nvsvc - ok
09:31:23.0688 4040 [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:31:23.0766 4040 nvUpdatusService - ok
09:31:23.0781 4040 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:31:23.0797 4040 nv_agp - ok
09:31:23.0844 4040 [ 1CCE8E88654E3952859085752F67B3CA ] O&O CleverCache C:\Program Files\OO Software\CleverCache\ooccag.exe
09:31:23.0875 4040 O&O CleverCache - ok
09:31:23.0890 4040 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:31:23.0890 4040 ohci1394 - ok
09:31:23.0953 4040 [ EC3916367B10DEA26227DFAF7AA7346A ] Online Shield Starter Service C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe
09:31:23.0984 4040 Online Shield Starter Service - ok
09:31:24.0015 4040 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:31:24.0031 4040 p2pimsvc - ok
09:31:24.0062 4040 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:31:24.0078 4040 p2psvc - ok
09:31:24.0093 4040 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
09:31:24.0109 4040 Parport - ok
09:31:24.0140 4040 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:31:24.0140 4040 partmgr - ok
09:31:24.0156 4040 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:31:24.0171 4040 PcaSvc - ok
09:31:24.0202 4040 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:31:24.0202 4040 pci - ok
09:31:24.0218 4040 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:31:24.0234 4040 pciide - ok
09:31:24.0234 4040 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:31:24.0249 4040 pcmcia - ok
09:31:24.0265 4040 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:31:24.0265 4040 pcw - ok
09:31:24.0296 4040 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:31:24.0343 4040 PEAUTH - ok
09:31:24.0358 4040 [ EE926C59CBD4DC4DC9FBB85014A2F1A5 ] PEGAGFN C:\Program Files (x86)\PHotkey\PEGAGFN.sys
09:31:24.0405 4040 PEGAGFN - ok
09:31:24.0483 4040 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:31:24.0499 4040 PerfHost - ok
09:31:24.0592 4040 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:31:24.0655 4040 pla - ok
09:31:24.0670 4040 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:31:24.0686 4040 PlugPlay - ok
09:31:24.0702 4040 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:31:24.0717 4040 PNRPAutoReg - ok
09:31:24.0733 4040 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:31:24.0748 4040 PNRPsvc - ok
09:31:24.0780 4040 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:31:24.0811 4040 PolicyAgent - ok
09:31:24.0826 4040 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:31:24.0858 4040 Power - ok
09:31:24.0889 4040 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:31:24.0904 4040 PptpMiniport - ok
09:31:24.0920 4040 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
09:31:24.0936 4040 Processor - ok
09:31:24.0951 4040 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:31:24.0967 4040 ProfSvc - ok
09:31:24.0998 4040 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:31:25.0014 4040 ProtectedStorage - ok
09:31:25.0045 4040 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:31:25.0060 4040 Psched - ok
09:31:25.0138 4040 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
09:31:25.0154 4040 PSI_SVC_2 - ok
09:31:25.0294 4040 PSI_SVC_2_x64 - ok
09:31:25.0357 4040 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:31:25.0388 4040 ql2300 - ok
09:31:25.0404 4040 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:31:25.0419 4040 ql40xx - ok
09:31:25.0450 4040 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:31:25.0466 4040 QWAVE - ok
09:31:25.0482 4040 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:31:25.0497 4040 QWAVEdrv - ok
09:31:25.0497 4040 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:31:25.0528 4040 RasAcd - ok
09:31:25.0560 4040 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:31:25.0575 4040 RasAgileVpn - ok
09:31:25.0591 4040 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:31:25.0622 4040 RasAuto - ok
09:31:25.0638 4040 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:31:25.0669 4040 Rasl2tp - ok
09:31:25.0669 4040 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:31:25.0700 4040 RasMan - ok
09:31:25.0716 4040 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:31:25.0731 4040 RasPppoe - ok
09:31:25.0762 4040 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:31:25.0794 4040 RasSstp - ok
09:31:25.0794 4040 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:31:25.0825 4040 rdbss - ok
09:31:25.0840 4040 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:31:25.0856 4040 rdpbus - ok
09:31:25.0872 4040 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:31:25.0887 4040 RDPCDD - ok
09:31:25.0903 4040 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:31:25.0934 4040 RDPENCDD - ok
09:31:25.0950 4040 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:31:25.0965 4040 RDPREFMP - ok
09:31:25.0996 4040 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:31:26.0012 4040 RDPWD - ok
09:31:26.0043 4040 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:31:26.0059 4040 rdyboost - ok
09:31:26.0121 4040 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:31:26.0121 4040 RegSrvc - ok
09:31:26.0152 4040 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:31:26.0199 4040 RemoteAccess - ok
09:31:26.0262 4040 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:31:26.0308 4040 RemoteRegistry - ok
09:31:26.0355 4040 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:31:26.0371 4040 RFCOMM - ok
09:31:26.0386 4040 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:31:26.0418 4040 RpcEptMapper - ok
09:31:26.0449 4040 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:31:26.0449 4040 RpcLocator - ok
09:31:26.0480 4040 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:31:26.0496 4040 RpcSs - ok
09:31:26.0527 4040 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCap C:\Windows\system32\DRIVERS\rrnetcap.sys
09:31:26.0574 4040 RRNetCap - ok
09:31:26.0589 4040 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCapMP C:\Windows\system32\DRIVERS\rrnetcap.sys
09:31:26.0636 4040 RRNetCapMP - ok
09:31:26.0652 4040 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:31:26.0667 4040 rspndr - ok
09:31:26.0730 4040 [ FC009873CBC12CC6D7045D803D8E8CD3 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
09:31:26.0745 4040 RSUSBSTOR - ok
09:31:26.0792 4040 [ 61A04C0C084D560BBEF1D09604608262 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:31:26.0839 4040 RTL8167 - ok
09:31:26.0886 4040 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
09:31:26.0948 4040 RTL8192su - ok
09:31:26.0964 4040 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:31:26.0979 4040 SamSs - ok
09:31:27.0042 4040 [ CCBF62280DAF6D94A4C73E391CDAC68C ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
09:31:27.0276 4040 SbieDrv - ok
09:31:27.0291 4040 [ 8A1F63C6EC01C56C9EC4C681E593FE34 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
09:31:27.0307 4040 SbieSvc - ok
09:31:27.0322 4040 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:31:27.0338 4040 sbp2port - ok
09:31:27.0369 4040 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:31:27.0400 4040 SCardSvr - ok
09:31:27.0416 4040 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:31:27.0432 4040 scfilter - ok
09:31:27.0494 4040 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:31:27.0525 4040 Schedule - ok
09:31:27.0556 4040 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:31:27.0603 4040 SCPolicySvc - ok
09:31:27.0619 4040 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:31:27.0634 4040 SDRSVC - ok
09:31:27.0728 4040 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Holly Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
09:31:27.0728 4040 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
09:31:27.0728 4040 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
09:31:27.0759 4040 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:31:27.0790 4040 secdrv - ok
09:31:27.0822 4040 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:31:27.0837 4040 seclogon - ok
09:31:27.0853 4040 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
09:31:27.0868 4040 SENS - ok
09:31:27.0884 4040 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:31:27.0884 4040 SensrSvc - ok
09:31:27.0946 4040 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
09:31:27.0946 4040 Serenum - ok
09:31:27.0962 4040 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
09:31:27.0962 4040 Serial - ok
09:31:27.0978 4040 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:31:27.0978 4040 sermouse - ok
09:31:28.0009 4040 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:31:28.0040 4040 SessionEnv - ok
09:31:28.0040 4040 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:31:28.0040 4040 sffdisk - ok
09:31:28.0056 4040 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:31:28.0056 4040 sffp_mmc - ok
09:31:28.0071 4040 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:31:28.0071 4040 sffp_sd - ok
09:31:28.0087 4040 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:31:28.0087 4040 sfloppy - ok
09:31:28.0149 4040 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:31:28.0180 4040 SharedAccess - ok
09:31:28.0258 4040 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:31:28.0290 4040 ShellHWDetection - ok
09:31:28.0305 4040 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:31:28.0305 4040 SiSRaid2 - ok
09:31:28.0352 4040 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:31:28.0368 4040 SiSRaid4 - ok
09:31:28.0399 4040 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
09:31:28.0461 4040 SmartDefragDriver - ok
09:31:28.0477 4040 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:31:28.0492 4040 Smb - ok
09:31:28.0524 4040 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:31:28.0539 4040 SNMPTRAP - ok
09:31:28.0617 4040 [ 369539B35C79BF15E354F7CBD438D721 ] Soda PDF 5 Helper Service C:\Program Files (x86)\Soda PDF 5\HelperService.exe
09:31:28.0633 4040 Soda PDF 5 Helper Service - ok
09:31:28.0680 4040 [ 69CFDF67E891AB2B6B97886DB5A016DF ] Soda PDF 5 Service C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
09:31:28.0711 4040 Soda PDF 5 Service - ok
09:31:28.0742 4040 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:31:28.0742 4040 spldr - ok
09:31:28.0789 4040 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:31:28.0789 4040 Spooler - ok
09:31:28.0960 4040 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:31:29.0007 4040 sppsvc - ok
09:31:29.0023 4040 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:31:29.0054 4040 sppuinotify - ok
09:31:29.0163 4040 [ CEEA05E64C2230BB2B6924132F766272 ] SProtection C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
09:31:29.0194 4040 SProtection - ok
09:31:29.0226 4040 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:31:29.0241 4040 srv - ok
09:31:29.0257 4040 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:31:29.0272 4040 srv2 - ok
09:31:29.0304 4040 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:31:29.0304 4040 srvnet - ok
09:31:29.0335 4040 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:31:29.0366 4040 SSDPSRV - ok
09:31:29.0382 4040 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:31:29.0413 4040 SstpSvc - ok
09:31:29.0475 4040 [ 81F177C1954453AF407604160BD149CB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:31:29.0522 4040 Stereo Service - ok
09:31:29.0553 4040 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:31:29.0553 4040 stexstor - ok
09:31:29.0584 4040 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:31:29.0616 4040 stisvc - ok
09:31:29.0631 4040 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:31:29.0647 4040 swenum - ok
09:31:29.0694 4040 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:31:29.0725 4040 swprv - ok
09:31:29.0756 4040 [ BD4F51AEF67AB7D57698BC4AAD983D1F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:31:29.0818 4040 SynTP - ok
09:31:29.0896 4040 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:31:29.0928 4040 SysMain - ok
09:31:30.0037 4040 [ 7017BC8488459E3B7BE018B84285CD13 ] SystemStoreService C:\Program Files (x86)\SelfUpdater\SystemStore.exe
09:31:30.0068 4040 SystemStoreService ( UnsignedFile.Multi.Generic ) - warning
09:31:30.0068 4040 SystemStoreService - detected UnsignedFile.Multi.Generic (1)
09:31:30.0115 4040 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:31:30.0115 4040 TabletInputService - ok
09:31:30.0177 4040 [ D0B07EED9DDEC5C69521C689B7BF455F ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
09:31:30.0240 4040 tap0901 - ok
09:31:30.0255 4040 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:31:30.0286 4040 TapiSrv - ok
09:31:30.0318 4040 [ 048CFE7569D6ADCAB9349BB1A566A79E ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
09:31:30.0380 4040 tbhsd - ok
09:31:30.0411 4040 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:31:30.0427 4040 TBS - ok
09:31:30.0520 4040 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:31:30.0536 4040 Tcpip - ok
09:31:30.0567 4040 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:31:30.0583 4040 TCPIP6 - ok
09:31:30.0614 4040 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:31:30.0630 4040 tcpipreg - ok
09:31:30.0645 4040 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:31:30.0661 4040 TDPIPE - ok
09:31:30.0692 4040 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:31:30.0692 4040 TDTCP - ok
09:31:30.0708 4040 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:31:30.0739 4040 tdx - ok
09:31:30.0754 4040 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:31:30.0754 4040 TermDD - ok
09:31:30.0801 4040 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:31:30.0832 4040 TermService - ok
09:31:30.0832 4040 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:31:30.0848 4040 Themes - ok
09:31:30.0879 4040 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:31:30.0910 4040 THREADORDER - ok
09:31:30.0926 4040 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:31:30.0957 4040 TrkWks - ok
09:31:30.0988 4040 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:31:31.0020 4040 TrustedInstaller - ok
09:31:31.0051 4040 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:31:31.0066 4040 tssecsrv - ok
09:31:31.0113 4040 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:31:31.0113 4040 TsUsbFlt - ok
09:31:31.0144 4040 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:31:31.0160 4040 TsUsbGD - ok
09:31:31.0191 4040 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:31:31.0207 4040 tunnel - ok
09:31:31.0222 4040 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:31:31.0222 4040 uagp35 - ok
09:31:31.0254 4040 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:31:31.0269 4040 udfs - ok
09:31:31.0347 4040 [ 30B78A6296127B7A793CF42CA61B29B0 ] UI Assistant Service C:\Program Files (x86)\Join Air\AssistantServices.exe
09:31:31.0363 4040 UI Assistant Service - ok
09:31:31.0394 4040 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:31:31.0410 4040 UI0Detect - ok
09:31:31.0472 4040 [ 4AD47E4A6AEBB8D2D54414BCDAC0AA38 ] ui11drdr C:\Windows\system32\DRIVERS\ui11drdr.sys
09:31:31.0550 4040 ui11drdr - ok
09:31:31.0566 4040 [ 5357F9507B59C831C5CD79F1F6374A5E ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
09:31:31.0612 4040 UimBus - ok
09:31:31.0644 4040 [ 001402EA0FB543F77F91090130FD029D ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys
09:31:31.0706 4040 Uim_IM - ok
09:31:31.0722 4040 [ E75B35EEBC923B6DB2DBEA52E71A7892 ] Uim_VIM C:\Windows\system32\Drivers\uim_vimx64.sys
09:31:31.0753 4040 Uim_VIM - ok
09:31:31.0784 4040 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:31:31.0800 4040 uliagpkx - ok
09:31:31.0815 4040 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:31:31.0815 4040 umbus - ok
09:31:31.0846 4040 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
09:31:31.0846 4040 UmPass - ok
09:31:31.0909 4040 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:31:31.0956 4040 upnphost - ok
09:31:31.0971 4040 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:31:31.0987 4040 usbccgp - ok
09:31:32.0002 4040 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:31:32.0002 4040 usbcir - ok
09:31:32.0034 4040 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:31:32.0034 4040 usbehci - ok
09:31:32.0080 4040 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
09:31:32.0096 4040 usbhub - ok
09:31:32.0096 4040 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:31:32.0112 4040 usbohci - ok
09:31:32.0112 4040 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
09:31:32.0127 4040 usbprint - ok
09:31:32.0143 4040 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:31:32.0143 4040 USBSTOR - ok
09:31:32.0158 4040 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:31:32.0158 4040 usbuhci - ok
09:31:32.0174 4040 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:31:32.0190 4040 usbvideo - ok
09:31:32.0205 4040 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:31:32.0236 4040 UxSms - ok
09:31:32.0252 4040 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:31:32.0268 4040 VaultSvc - ok
09:31:32.0283 4040 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:31:32.0283 4040 vdrvroot - ok
09:31:32.0299 4040 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:31:32.0330 4040 vds - ok
09:31:32.0346 4040 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:31:32.0346 4040 vga - ok
09:31:32.0377 4040 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:31:32.0392 4040 VgaSave - ok
09:31:32.0439 4040 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:31:32.0455 4040 vhdmp - ok
09:31:32.0470 4040 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:31:32.0470 4040 viaide - ok
09:31:32.0502 4040 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:31:32.0502 4040 volmgr - ok
09:31:32.0533 4040 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:31:32.0548 4040 volmgrx - ok
09:31:32.0580 4040 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:31:32.0595 4040 volsnap - ok
09:31:32.0595 4040 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:31:32.0611 4040 vsmraid - ok
09:31:32.0689 4040 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:31:32.0720 4040 VSS - ok
09:31:32.0736 4040 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:31:32.0736 4040 vwifibus - ok
09:31:32.0751 4040 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:31:32.0767 4040 vwififlt - ok
09:31:32.0782 4040 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:31:32.0798 4040 vwifimp - ok
09:31:32.0814 4040 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:31:32.0845 4040 W32Time - ok
09:31:32.0860 4040 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:31:32.0892 4040 WacomPen - ok
09:31:32.0907 4040 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:31:32.0938 4040 WANARP - ok
09:31:32.0938 4040 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:31:32.0970 4040 Wanarpv6 - ok
09:31:33.0016 4040 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:31:33.0032 4040 wbengine - ok
09:31:33.0048 4040 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:31:33.0063 4040 WbioSrvc - ok
09:31:33.0079 4040 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:31:33.0094 4040 wcncsvc - ok
09:31:33.0126 4040 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:31:33.0141 4040 WcsPlugInService - ok
09:31:33.0172 4040 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
09:31:33.0172 4040 Wd - ok
09:31:33.0219 4040 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:31:33.0235 4040 Wdf01000 - ok
09:31:33.0266 4040 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:31:33.0297 4040 WdiServiceHost - ok
09:31:33.0297 4040 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:31:33.0313 4040 WdiSystemHost - ok
09:31:33.0328 4040 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:31:33.0344 4040 WebClient - ok
09:31:33.0360 4040 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:31:33.0391 4040 Wecsvc - ok
09:31:33.0406 4040 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:31:33.0438 4040 wercplsupport - ok
09:31:33.0453 4040 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:31:33.0469 4040 WerSvc - ok
09:31:33.0484 4040 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:31:33.0516 4040 WfpLwf - ok
09:31:33.0547 4040 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:31:33.0547 4040 WIMMount - ok
09:31:33.0578 4040 WinDefend - ok
09:31:33.0594 4040 WinHttpAutoProxySvc - ok
09:31:33.0672 4040 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:31:33.0687 4040 Winmgmt - ok
09:31:33.0765 4040 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:31:33.0812 4040 WinRM - ok
09:31:33.0906 4040 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:31:33.0937 4040 Wlansvc - ok
09:31:33.0984 4040 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:31:33.0984 4040 wlcrasvc - ok
09:31:34.0124 4040 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:31:34.0155 4040 wlidsvc - ok
09:31:34.0171 4040 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:31:34.0171 4040 WmiAcpi - ok
09:31:34.0249 4040 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:31:34.0249 4040 wmiApSrv - ok
09:31:34.0264 4040 WMPNetworkSvc - ok
09:31:34.0389 4040 [ 94D96F43F7FBECDDEB6D7837FF375611 ] WO_LiveService C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe
09:31:34.0452 4040 WO_LiveService - ok
09:31:34.0483 4040 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:31:34.0483 4040 WPCSvc - ok
09:31:34.0514 4040 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:31:34.0514 4040 WPDBusEnum - ok
09:31:34.0530 4040 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:31:34.0545 4040 ws2ifsl - ok
09:31:34.0561 4040 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
09:31:34.0576 4040 wscsvc - ok
09:31:34.0592 4040 WSearch - ok
09:31:34.0623 4040 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
09:31:34.0654 4040 wsvd - ok
09:31:34.0732 4040 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:31:34.0764 4040 wuauserv - ok
09:31:34.0795 4040 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:31:34.0795 4040 WudfPf - ok
09:31:34.0810 4040 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:31:34.0826 4040 WUDFRd - ok
09:31:34.0857 4040 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:31:34.0873 4040 wudfsvc - ok
09:31:34.0904 4040 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
09:31:34.0904 4040 WwanSvc - ok
09:31:35.0138 4040 [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
09:31:35.0169 4040 ZeroConfigService - ok
09:31:35.0216 4040 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
09:31:35.0232 4040 ZTEusbmdm6k - ok
09:31:35.0263 4040 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
09:31:35.0263 4040 ZTEusbnmea - ok
09:31:35.0310 4040 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
09:31:35.0325 4040 ZTEusbser6k - ok
09:31:35.0372 4040 ================ Scan global ===============================
09:31:35.0419 4040 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:31:35.0450 4040 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:31:35.0466 4040 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:31:35.0481 4040 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:31:35.0512 4040 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:31:35.0512 4040 [Global] - ok
09:31:35.0512 4040 ================ Scan MBR ==================================
09:31:35.0528 4040 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
09:31:37.0213 4040 \Device\Harddisk0\DR0 - ok
09:31:37.0213 4040 ================ Scan VBR ==================================
09:31:37.0213 4040 [ 7D35D0AC034ACCC08154A4C5E3FA97A8 ] \Device\Harddisk0\DR0\Partition1
09:31:37.0213 4040 \Device\Harddisk0\DR0\Partition1 - ok
09:31:37.0244 4040 [ 9374BACCE2DE4F03C0C83079096FE13E ] \Device\Harddisk0\DR0\Partition2
09:31:37.0244 4040 \Device\Harddisk0\DR0\Partition2 - ok
09:31:37.0260 4040 [ 30A3D46D3A456CAE9083F1248960E49B ] \Device\Harddisk0\DR0\Partition3
09:31:37.0260 4040 \Device\Harddisk0\DR0\Partition3 - ok
09:31:37.0260 4040 ============================================================
09:31:37.0260 4040 Scan finished
09:31:37.0260 4040 ============================================================
09:31:37.0260 5928 Detected object count: 10
09:31:37.0260 5928 Actual detected object count: 10
09:31:42.0876 5928 ampa ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928 ampa ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:42.0876 5928 DAZContentManagementService ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928 DAZContentManagementService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:42.0876 5928 ddmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928 ddmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:42.0876 5928 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:42.0876 5928 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:42.0876 5928 GFilterSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928 GFilterSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:42.0876 5928 GFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928 GFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:42.0876 5928 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0876 5928 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:42.0891 5928 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0891 5928 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:42.0891 5928 SystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
09:31:42.0891 5928 SystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:31:46.0947 6088 Deinitialize success
Holly |
|
11.06.2013, 09:40
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! Hast du MBAR wiederholt laufen lassen? Es soll so lange gescannt werden, bis es keine Rootkits mehr findet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.06.2013, 10:16
| #9 |
| | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! habe MBAR zweimal durchfaufen lassen ! hier die 2. Log-Datei: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.10.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Holly Thomas :: HOLLYTHOMAS-PC [administrator]
10.06.2013 19:56:46
mbar-log-2013-06-10 (19-56-46).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 265371
Time elapsed: 9 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
11.06.2013, 11:00
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.06.2013, 12:28
| #11 |
| | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! Hier die Logfiles Junkware Removal Tool: HINWEIS: Während des Scans öffnete sich wieder ein Hinweisfenster Fensterüberschrift: Explorer.EXE Meldung: Der Datei ist kein Programm zum Ausführen dieser Aktion zugeordnet. Installieren Sie ein entsprechendes Programm, oder erstellen Sie in der Systemsteuerung unter "Standartprogramme" eine Zuordnung, wenn bereits ein Programm installiert ist Nach drücken des "OK" Buttons lief der Scan weiter Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Holly Thomas on 11.06.2013 at 12:41:55.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Failed to stop: [Service] ibupdaterservice
~~~ Registry Values
~~~ Registry Keys
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\Program Files (x86)\iminent"
Failed to delete: [Folder] "C:\Program Files (x86)\software4u"
Failed to delete: [Folder] "C:\Program Files (x86)\sweetim"
Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\spigot"
~~~ FireFox
Emptied folder: C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\minidumps [5 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.06.2013 at 12:44:05.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.303 - Datei am 11/06/2013 um 12:50:25 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Holly Thomas - HOLLYTHOMAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Holly Thomas\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : GFilterSvc
Gestoppt & Gelöscht : IBUpdaterService
Gestoppt & Gelöscht : SearchAnonymizer
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Ordner Gelöscht : C:\Program Files (x86)\Ad Optimizer (am) v2
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\IObit Apps Toolbar
Ordner Gelöscht : C:\Program Files (x86)\software4u
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Local\Ad Optimizer (am) v2
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaapdpmcjlaghfomgnghcphammlfnhbp
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Roaming\HELPER
Ordner Gelöscht : C:\Users\Holly Thomas\AppData\Roaming\OCS
Ordner Gelöscht : C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{206a7328-437f-4bd9-b53e-12bfee24d588}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\596da8ab76fbf41
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{118D6CE9-5F18-42F9-958A-14676A629FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Holly Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\k23g37x1.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [389 octets] - [11/06/2013 12:50:14]
AdwCleaner[S2].txt - [7228 octets] - [11/06/2013 12:50:25]
########## EOF - C:\AdwCleaner[S2].txt - [7288 octets] ##########
Code:
ATTFilter OTL logfile created on: 11.06.2013 12:59:44 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly Thomas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.90 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 69.44% Memory free 11.80 Gb Paging File | 9.87 Gb Available in Paging File | 83.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 439.45 Gb Total Space | 379.18 Gb Free Space | 86.28% Space Free | Partition Type: NTFS Drive D: | 258.08 Gb Total Space | 190.77 Gb Free Space | 73.92% Space Free | Partition Type: NTFS Computer Name: HOLLYTHOMAS-PC | User Name: Holly Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Holly Thomas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe (Steganos Software GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project) PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project) PRC - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe () PRC - C:\Program Files (x86)\PHotkey\PHotkey.exe () PRC - C:\Program Files (x86)\PHotkey\GPMTray.exe (TODO: <公司名稱>) PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.) PRC - C:\Program Files (x86)\Join Air\UIExec.exe () PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe () PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\PHotkey\MsgTranAgt.exe () PRC - C:\Program Files (x86)\PHotkey\ASLDRSrv.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\5829bdd91a092eefbd310a54965e4d05\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ae4ece84c702ac6c77ad3d9fefb460da\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\48c8bc21c2933feb49fe400a1a5d5fda\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ac75f3ab477cbd11c9b006da280d4afc\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\213a5e78cf78cb4643782fbbe4749631\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cd135f4c2e6e3fb8c1932939c04904e2\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f1d702efac188b6774d5134b13fc341a\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\130613a664d9a4237b5b22c3c80f6d96\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\186f94773130bc17c5b86c0c7d491a91\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ff27928194bf78f0cd9eaecd152d3b1a\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\f31ac8665f9f5d8e6ad4abd29f913386\System.ServiceModel.Internals.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d8e2d3037c3d36f5a7c763970400e79c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\84371136df209abcd5fbf89db89f2e97\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\506bcca8d286f754825f3f1b0bf64894\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\Join Air\UIExec.exe () ========== Services (SafeList) ========== SRV:64bit: - (PSI_SVC_2_x64) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe File not found SRV:64bit: - (cFosSpeedS) -- C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH) SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe () SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (O&O CleverCache) -- C:\Program Files\OO Software\CleverCache\ooccag.exe (O&O Software GmbH) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (Online Shield Starter Service) -- C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe (Steganos Software GmbH) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Soda PDF 5 Helper Service) -- C:\Program Files (x86)\Soda PDF 5\HelperService.exe (LULU Software) SRV - (Soda PDF 5 Service) -- C:\Program Files (x86)\Soda PDF 5\ConversionService.exe (LULU Software) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (SystemStoreService) -- C:\Program Files (x86)\SelfUpdater\SystemStore.exe () SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project) SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (WO_LiveService) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe () SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) SRV - (GFNEXSrv) -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe () SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.) SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe () SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (ASLDRService) -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (cFosSpeed) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Motorola Solutions, Inc.) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Motorola Solutions, Inc.) DRV:64bit: - (ui11drdr) -- C:\Windows\SysNative\drivers\ui11drdr.SYS (1&1 Internet AG) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider) DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon) DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ampa) -- C:\Windows\SysNative\ampa.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ddmdrv) -- C:\Windows\SysNative\ddmdrv.sys () DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys () DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (ampa) -- C:\Windows\SysWOW64\ampa.sys () DRV - (ddmdrv) -- C:\Windows\SysWOW64\ddmdrv.sys () DRV - (LiveTunerPM) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys () DRV - (PEGAGFN) -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys (PEGATRON) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{5A3D93CA-089F-4350-981F-CCD332E30493}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms} IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&k=0 IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197 IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{9E9583F9-14A1-43B4-AD7A-757768D9C682}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/index.html?query={searchTerms}&lang={language}&zip=&town=&site=&country=&safe=[safe,off,strict] IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{BD5DEC50-F97F-4430-9611-3F635D04F9CC}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D3149374D444E465F64654445353033&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&k=0 IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{C02B9DEC-8D4E-4B92-A22D-6903BD8BF1CD}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{C1B33A0D-1764-42D4-A6F1-B96220D8C9E5}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{DB729DA9-48FE-43D4-82B0-C5A3D6093CDC}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{E135BCFE-3973-463C-A5A9-BE82F5BB2B93}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{E88A2311-BA37-4985-A383-D90109A94239}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://news.google.de/nwshp?hl=de&tab=wn&pog=false" FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.8 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.4 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: %7Bd49175b3-3fd8-43b8-b28e-da5d47f3c398%7D:1.0.49 FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@startpage24.com/npLin64;Version=4: C:\Program Files (x86)\Startpage24\Plugin\Version_861\firefox\plugins\nplink64.dll (Link64 GmbH) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.05.22 12:07:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.05.22 12:07:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.05.22 12:07:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.05.22 12:07:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.05.22 12:07:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 20:20:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 20:20:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.04.19 14:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\Extensions [2013.06.07 20:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\Firefox\Profiles\k23g37x1.default\extensions [2013.05.24 14:40:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\Firefox\Profiles\k23g37x1.default\extensions\foxmarks@kei.com [2013.05.14 15:49:29 | 000,350,626 | ---- | M] () (No name found) -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013.05.24 14:39:56 | 000,395,933 | ---- | M] () (No name found) -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi [2013.04.19 14:22:20 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2013.06.10 19:07:46 | 000,002,120 | ---- | M] () -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\searchplugins\MyStart.xml [2013.05.24 16:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 16:00:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.22 12:07:17 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Startpage24 Startpage (Enabled) = C:\Program Files (x86)\Startpage24\Plugin\Version_861\firefox\plugins\nplink64.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\ CHR - Extension: Domain Error Assistant = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: Savings-Slider = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\ CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\ CHR - Extension: Google Mail = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\Holly Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2013.06.10 14:53:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - No CLSID value found. O2:64bit: - BHO: (no name) - {73455575-E40C-433C-9784-C78DC7761455} - No CLSID value found. O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2:64bit: - BHO: (no name) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - No CLSID value found. O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2:64bit: - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found. O2 - BHO: (no name) - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - No CLSID value found. O2 - BHO: (no name) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - No CLSID value found. O2 - BHO: (no name) - {73455575-E40C-433C-9784-C78DC7761455} - No CLSID value found. O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (no name) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - No CLSID value found. O2 - BHO: (no name) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - No CLSID value found. O2 - BHO: (no name) - {C737F472-1193-4281-BF53-A00B67AB3E19} - No CLSID value found. O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - No CLSID value found. O3 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Holly Thomas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found O4:64bit: - HKLM..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe () O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001..\Run: [1&1_1&1 Office-Drive Manager] C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE (1&1 Internet AG) O4 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001..\Run: [Power2GoExpress] NA File not found O4 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001..\Run: [Software4u-System Observer] C:\Program Files (x86)\Software4u\Registry CleanUP 5\Software4u.SCObserver.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - Reg Error: Key error. File not found O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA097411-4510-4DFA-B6A7-5381BC083969}: DhcpNameServer = 8.8.8.8 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (SmartDefragBootTime.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.11 12:37:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.11 12:36:50 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.11 12:35:55 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Holly Thomas\Desktop\JRT.exe [2013.06.10 16:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.10 16:29:39 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\Desktop\mbar [2013.06.10 16:27:43 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Holly Thomas\Desktop\aswMBR.exe [2013.06.10 16:27:37 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Holly Thomas\Desktop\tdsskiller.exe [2013.06.10 15:08:43 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\1&1 [2013.06.10 15:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 [2013.06.10 14:53:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.10 13:03:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.10 13:03:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.10 13:03:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.10 13:03:44 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.10 13:03:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.10 12:55:36 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Holly Thomas\Desktop\ComboFix.exe [2013.06.09 20:39:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Holly Thomas\Desktop\OTL.exe [2013.06.07 14:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3 [2013.06.07 14:24:46 | 000,000,000 | ---D | C] -- C:\Python33 [2013.06.07 14:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.07 14:18:29 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.06.07 14:18:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.06.07 14:18:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.06.07 14:18:10 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.06.07 14:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.06 20:36:13 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\DivX [2013.06.06 20:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2013.06.06 20:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2013.06.06 20:24:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2013.06.06 20:22:46 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Codec Pack Packages [2013.06.06 20:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2013.06.06 20:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2013.06.06 20:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid [2013.06.06 20:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2013.06.06 20:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid [2013.06.06 20:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2013.06.06 20:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub [2013.06.06 20:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub [2013.06.06 20:22:18 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\LavFilters [2013.06.06 20:22:18 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\CDXReader [2013.06.06 20:22:17 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2013.06.06 20:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali [2013.06.06 20:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2013.06.06 20:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSP-worx [2013.06.06 20:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2013.06.06 20:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenSource Flash Video Splitter [2013.06.05 20:09:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AKVIS [2013.06.05 20:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AKVIS [2013.06.05 20:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AKVIS [2013.06.05 20:01:42 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Local\Downloaded Installations [2013.06.03 20:49:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013.06.03 20:49:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [2013.06.03 20:49:23 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.06.02 20:23:53 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Task Coach [2013.06.02 20:13:51 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\Documents\Efficient Organizer AutoBackup [2013.06.01 12:19:22 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\XYplorer [2013.06.01 12:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XYplorer [2013.06.01 12:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XYplorer [2013.06.01 11:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis [2013.05.27 18:31:18 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-abc [2013.05.27 18:31:18 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\1-abc [2013.05.27 18:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1-abc [2013.05.27 14:20:31 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Local\WEKA DVD Interface [2013.05.22 11:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2013.05.22 11:40:54 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2013.05.22 11:39:45 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2013.05.22 11:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.05.22 11:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.05.22 11:39:26 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2013.05.22 11:39:26 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2013.05.18 11:59:17 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Steganos VPN [2013.05.18 11:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online Shield [2013.05.18 11:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steganos Online Shield [2013.05.18 11:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos [2013.05.18 11:55:28 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\Steganos [2013.05.16 11:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.05.16 00:03:50 | 002,653,696 | ---- | C] (Python Software Foundation) -- C:\Windows\SysWow64\python33.dll [2013.05.16 00:03:06 | 000,094,208 | ---- | C] (Python Software Foundation) -- C:\Windows\pyw.exe [2013.05.16 00:03:06 | 000,093,696 | ---- | C] (Python Software Foundation) -- C:\Windows\py.exe [2013.05.15 21:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0 [2013.05.15 20:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.15 19:49:15 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Roaming\MS-Buchhalter [2013.05.15 19:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MS-Buchhalter [2013.05.15 19:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MS-Buchhalter Start [2013.05.15 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MS-Buchhalter [2013.05.15 19:07:58 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\hob_jportal [2013.05.15 16:54:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 16:54:32 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 16:54:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.15 16:54:31 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 16:54:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.15 16:54:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.15 16:54:31 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.15 16:54:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.15 16:54:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.15 16:54:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.15 16:54:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.15 16:54:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.15 16:54:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 16:54:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 16:54:28 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 14:49:44 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 14:49:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 14:49:30 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 14:49:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 14:49:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 14:49:29 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 14:49:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.15 14:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProSaldo [2013.05.15 12:59:54 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\Documents\ProSaldo [2013.05.15 12:58:13 | 000,000,000 | ---D | C] -- C:\Users\Holly Thomas\AppData\Local\ProSaldo [2013.05.15 12:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProSaldo [2013.05.14 19:11:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE [2013.05.14 19:06:23 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.14 19:06:23 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.14 19:06:23 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.14 19:06:23 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.14 19:06:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.14 19:06:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.14 19:06:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.14 19:06:23 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.14 19:06:23 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.14 19:06:23 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.14 19:06:22 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.14 19:06:22 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.14 19:06:22 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.14 19:06:22 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.14 19:06:22 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.14 19:06:22 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.14 19:06:22 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.14 19:06:22 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.14 19:06:22 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.14 19:06:22 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.14 19:06:22 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.14 19:06:22 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.14 19:06:22 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.14 19:06:22 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.14 19:06:22 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.14 19:06:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.14 19:06:22 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.14 19:06:22 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.14 19:06:22 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.14 19:06:22 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.14 19:06:22 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.14 19:06:22 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.14 19:06:22 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.14 19:06:22 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.14 19:06:22 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.14 19:06:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.14 19:06:22 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.14 19:06:22 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.14 19:06:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.14 19:06:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.14 19:06:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.14 19:06:22 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.14 19:06:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.14 19:06:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.14 19:06:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.14 19:06:22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.14 19:06:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.14 19:06:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.14 19:06:22 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.14 19:06:22 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.14 19:06:22 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.14 19:06:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.14 19:06:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.11 13:00:17 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 13:00:17 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 12:57:13 | 001,624,178 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.11 12:57:13 | 000,700,736 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.11 12:57:13 | 000,655,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.11 12:57:13 | 000,150,342 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.11 12:57:13 | 000,122,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.11 12:57:12 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.11 12:53:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.11 12:53:29 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\PC Fresh.job [2013.06.11 12:52:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.11 12:51:51 | 455,733,247 | -HS- | M] () -- C:\hiberfil.sys [2013.06.11 12:12:34 | 000,648,201 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\adwcleaner.exe [2013.06.11 12:12:00 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Holly Thomas\Desktop\JRT.exe [2013.06.11 12:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.10 20:55:38 | 000,000,512 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\MBR.dat [2013.06.10 16:22:24 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Holly Thomas\Desktop\tdsskiller.exe [2013.06.10 16:21:18 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Holly Thomas\Desktop\aswMBR.exe [2013.06.10 14:53:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.10 12:55:56 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Holly Thomas\Desktop\ComboFix.exe [2013.06.10 11:08:33 | 791,311,310 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.10 09:57:36 | 000,377,856 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\gmer_2.1.19163.exe [2013.06.10 09:54:38 | 000,000,000 | ---- | M] () -- C:\Users\Holly Thomas\defogger_reenable [2013.06.10 09:54:04 | 000,050,477 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\Defogger.exe [2013.06.09 20:39:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holly Thomas\Desktop\OTL.exe [2013.06.07 16:22:38 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\One-Click Optimizer.job [2013.06.07 14:17:55 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.06.07 14:17:53 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.06.07 14:17:53 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.06.07 14:17:53 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.06.07 14:17:52 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.06.07 14:17:52 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.06.06 20:24:57 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2013.06.06 20:22:14 | 000,002,003 | ---- | M] () -- C:\Windows\unins000.dat [2013.06.06 20:22:05 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe [2013.06.06 19:40:33 | 000,001,714 | ---- | M] () -- C:\Windows\Sandboxie.ini [2013.06.05 20:07:18 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\AKVIS Sketch.lnk [2013.06.04 14:07:03 | 000,004,583 | ---- | M] () -- C:\Users\Holly Thomas\AppData\Local\recently-used.xbel [2013.06.03 21:12:33 | 001,851,392 | ---- | M] () -- C:\Users\Holly Thomas\Documents\MyCalendar.ecfx [2013.06.02 20:19:23 | 001,851,392 | ---- | M] () -- C:\Users\Holly Thomas\Documents\MyDiary.edfx [2013.06.01 18:43:12 | 000,001,430 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\XYplorer.lnk [2013.05.22 12:07:16 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys [2013.05.22 12:07:15 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.05.22 12:07:15 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys [2013.05.22 12:07:15 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys [2013.05.22 12:07:14 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2013.05.22 12:07:14 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.05.16 12:31:15 | 000,002,053 | ---- | M] () -- C:\Users\Holly Thomas\Desktop\DAZ 3D Install Manager 1.lnk [2013.05.16 00:03:50 | 002,653,696 | ---- | M] (Python Software Foundation) -- C:\Windows\SysWow64\python33.dll [2013.05.16 00:03:06 | 000,094,208 | ---- | M] (Python Software Foundation) -- C:\Windows\pyw.exe [2013.05.16 00:03:06 | 000,093,696 | ---- | M] (Python Software Foundation) -- C:\Windows\py.exe [2013.05.15 17:54:38 | 000,490,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 16:12:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 16:12:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.14 19:06:23 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.14 19:06:23 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.14 19:06:23 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.14 19:06:23 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.14 19:06:23 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.14 19:06:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.14 19:06:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.14 19:06:23 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.14 19:06:23 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.14 19:06:23 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.14 19:06:22 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.14 19:06:22 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.14 19:06:22 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.14 19:06:22 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.14 19:06:22 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.14 19:06:22 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.14 19:06:22 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.14 19:06:22 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.14 19:06:22 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.14 19:06:22 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.14 19:06:22 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.14 19:06:22 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.14 19:06:22 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.14 19:06:22 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.14 19:06:22 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.14 19:06:22 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.14 19:06:22 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.14 19:06:22 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.14 19:06:22 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.14 19:06:22 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.14 19:06:22 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.14 19:06:22 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.14 19:06:22 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.14 19:06:22 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.14 19:06:22 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.14 19:06:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.14 19:06:22 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.14 19:06:22 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.14 19:06:22 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.14 19:06:22 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.14 19:06:22 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.14 19:06:22 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.14 19:06:22 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.14 19:06:22 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.14 19:06:22 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.14 19:06:22 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.14 19:06:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.14 19:06:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.14 19:06:22 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.14 19:06:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.14 19:06:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.14 19:06:22 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.14 19:06:22 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.14 19:06:22 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.14 19:06:22 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.12 18:28:33 | 000,010,515 | ---- | M] () -- C:\Windows\Q-Dir.ini [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.11 12:35:59 | 000,648,201 | ---- | C] () -- C:\Users\Holly Thomas\Desktop\adwcleaner.exe [2013.06.10 20:14:22 | 000,000,512 | ---- | C] () -- C:\Users\Holly Thomas\Desktop\MBR.dat [2013.06.10 13:03:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.10 13:03:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.10 13:03:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.10 13:03:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.10 13:03:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.10 09:57:36 | 000,377,856 | ---- | C] () -- C:\Users\Holly Thomas\Desktop\gmer_2.1.19163.exe [2013.06.10 09:54:38 | 000,000,000 | ---- | C] () -- C:\Users\Holly Thomas\defogger_reenable [2013.06.10 09:54:03 | 000,050,477 | ---- | C] () -- C:\Users\Holly Thomas\Desktop\Defogger.exe [2013.06.06 20:24:57 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2013.06.06 20:22:30 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013.06.06 20:22:29 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll [2013.06.06 20:22:29 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013.06.06 20:22:29 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll [2013.06.06 20:22:29 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013.06.06 20:22:29 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax [2013.06.06 20:22:29 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2013.06.06 20:22:21 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.06.06 20:22:13 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013.06.06 20:22:11 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll [2013.06.06 20:22:09 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2013.06.06 20:22:07 | 000,002,003 | ---- | C] () -- C:\Windows\unins000.dat [2013.06.05 20:07:18 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\AKVIS Sketch.lnk [2013.06.04 14:07:03 | 000,004,583 | ---- | C] () -- C:\Users\Holly Thomas\AppData\Local\recently-used.xbel [2013.06.03 20:49:23 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013.06.01 18:42:10 | 000,001,430 | ---- | C] () -- C:\Users\Holly Thomas\Desktop\XYplorer.lnk [2013.05.14 19:06:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.14 19:06:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.10 16:42:32 | 000,313,918 | ---- | C] () -- C:\Users\Holly Thomas\test.flame [2013.05.10 16:42:32 | 000,310,980 | ---- | C] () -- C:\Users\Holly Thomas\test.bak [2013.04.26 21:31:55 | 000,003,584 | ---- | C] () -- C:\Users\Holly Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.24 15:52:54 | 000,000,251 | ---- | C] () -- C:\Users\Holly Thomas\AppData\Roaming\gmic_faves [2013.04.24 15:44:26 | 000,001,392 | ---- | C] () -- C:\Users\Holly Thomas\AppData\Roaming\gmic_sources.cimgz [2013.04.24 12:52:55 | 000,010,515 | ---- | C] () -- C:\Windows\Q-Dir.ini [2013.04.23 16:33:55 | 000,000,035 | ---- | C] () -- C:\Users\Holly Thomas\.gtk-bookmarks [2013.04.22 16:14:16 | 000,000,161 | ---- | C] () -- C:\Users\Holly Thomas\.gtkrc-2.0 [2013.04.19 15:20:36 | 000,002,942 | ---- | C] () -- C:\Users\Holly Thomas\j-wildfire.properties [2013.04.19 15:20:26 | 000,000,058 | ---- | C] () -- C:\Users\Holly Thomas\j-wildfire-launcher.properties [2013.04.15 21:28:03 | 000,003,143 | ---- | C] () -- C:\Users\Holly Thomas\Flames.flame [2013.04.10 16:32:04 | 000,000,046 | ---- | C] () -- C:\Users\Holly Thomas\AppData\Roaming\ApoPluginSrc.dat [2013.03.27 19:53:12 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll [2013.03.27 19:53:12 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013.03.27 19:53:12 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll [2013.03.03 13:52:44 | 000,001,714 | ---- | C] () -- C:\Windows\Sandboxie.ini [2013.03.02 19:08:27 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\CIUtils.dll [2013.03.01 19:54:44 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2013.03.01 19:54:44 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2013.03.01 19:54:44 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2013.02.03 13:46:24 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ddmdrv.sys [2013.02.03 13:46:23 | 001,293,240 | ---- | C] () -- C:\Windows\ddmmain.exe [2013.02.03 13:46:18 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys [2013.02.03 13:46:17 | 001,645,496 | ---- | C] () -- C:\Windows\ampa.exe [2013.01.27 19:07:13 | 000,000,741 | ---- | C] () -- C:\Windows\ydownloaderlibpr.ini [2013.01.27 19:06:55 | 000,131,072 | ---- | C] () -- C:\Program Files (x86)\Uninstal.EXE [2013.01.27 19:06:55 | 000,006,023 | ---- | C] () -- C:\Program Files (x86)\Uninstal.INI [2013.01.16 11:14:55 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.10.10 20:13:58 | 000,002,738 | ---- | C] () -- C:\Users\Holly Thomas\dbSThumb.CFG [2012.09.28 16:48:23 | 001,598,458 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.28 16:38:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.09.28 12:51:50 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.09.28 12:51:32 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.09.27 21:03:37 | 000,000,075 | RHS- | C] () -- C:\Windows\FFSSET.BIN [2012.03.13 05:53:58 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.03.13 05:53:56 | 000,559,780 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:EC77041F @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:054B9966 < End of report > |
|
11.06.2013, 12:52
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart !Fixen mit OTL
Code:
ATTFilter :reg
[-HKEY_LOCAL_MACHINE\Software\datamngr]
[-HKEY_CURRENT_USER\Software\iminent]
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr]
:OTL
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{5A3D93CA-089F-4350-981F-CCD332E30493}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = http://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{9E9583F9-14A1-43B4-AD7A-757768D9C682}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = http://search.webwebweb.com/index.html?query={searchTerms}&lang={language}&zip=&town=&site=&country=&safe=[safe,off,strict]
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{BD5DEC50-F97F-4430-9611-3F635D04F9CC}: "URL" = http://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D3149374D444E465F64654445353033&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{C02B9DEC-8D4E-4B92-A22D-6903BD8BF1CD}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{C1B33A0D-1764-42D4-A6F1-B96220D8C9E5}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{DB729DA9-48FE-43D4-82B0-C5A3D6093CDC}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{E135BCFE-3973-463C-A5A9-BE82F5BB2B93}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\SearchScopes\{E88A2311-BA37-4985-A383-D90109A94239}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=2c5e4066-cfbe-46b7-b6bf-c6798b4bbde2&pid=freewarede&mode=bounce&k=0
[2013.06.10 19:07:46 | 000,002,120 | ---- | M] () -- C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\searchplugins\MyStart.xml
O2:64bit: - BHO: (no name) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - No CLSID value found.
O2:64bit: - BHO: (no name) - {73455575-E40C-433C-9784-C78DC7761455} - No CLSID value found.
O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2:64bit: - BHO: (no name) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O2 - BHO: (no name) - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - No CLSID value found.
O2 - BHO: (no name) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - No CLSID value found.
O2 - BHO: (no name) - {73455575-E40C-433C-9784-C78DC7761455} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - No CLSID value found.
O2 - BHO: (no name) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - No CLSID value found.
O2 - BHO: (no name) - {C737F472-1193-4281-BF53-A00B67AB3E19} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-1250718090-1537509961-2586294136-1001..\Run: [Software4u-System Observer] C:\Program Files (x86)\Software4u\Registry CleanUP 5\Software4u.SCObserver.exe File not found
FF - user.js - File not found
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:EC77041F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:054B9966
:Files
C:\Program Files (x86)\iminent
C:\Program Files (x86)\software4u
C:\Program Files (x86)\sweetim
C:\Program Files (x86)\Common Files\spigot
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.06.2013, 13:50
| #13 |
| | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! Logfile nach dem fixen mit OTL: Code:
ATTFilter All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\iminent\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr\ not found.
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5A3D93CA-089F-4350-981F-CCD332E30493}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A3D93CA-089F-4350-981F-CCD332E30493}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{721061fb-eb79-4568-a03c-3ce26d68dae9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9E9583F9-14A1-43B4-AD7A-757768D9C682}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E9583F9-14A1-43B4-AD7A-757768D9C682}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BD5DEC50-F97F-4430-9611-3F635D04F9CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD5DEC50-F97F-4430-9611-3F635D04F9CC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C02B9DEC-8D4E-4B92-A22D-6903BD8BF1CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C02B9DEC-8D4E-4B92-A22D-6903BD8BF1CD}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C1B33A0D-1764-42D4-A6F1-B96220D8C9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1B33A0D-1764-42D4-A6F1-B96220D8C9E5}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DB729DA9-48FE-43D4-82B0-C5A3D6093CDC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB729DA9-48FE-43D4-82B0-C5A3D6093CDC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E135BCFE-3973-463C-A5A9-BE82F5BB2B93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E135BCFE-3973-463C-A5A9-BE82F5BB2B93}\ not found.
Registry key HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E88A2311-BA37-4985-A383-D90109A94239}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E88A2311-BA37-4985-A383-D90109A94239}\ not found.
C:\Users\Holly Thomas\AppData\Roaming\mozilla\firefox\profiles\k23g37x1.default\searchplugins\MyStart.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73455575-E40C-433C-9784-C78DC7761455}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e250b90-0e7a-42a3-9d65-e39f9f227fa4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e250b90-0e7a-42a3-9d65-e39f9f227fa4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73455575-E40C-433C-9784-C78DC7761455}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBD43808-9D13-4B0B-B023-178FD1FAE442}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBD43808-9D13-4B0B-B023-178FD1FAE442}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C737F472-1193-4281-BF53-A00B67AB3E19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C737F472-1193-4281-BF53-A00B67AB3E19}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{353e2a48-6254-4bd3-88f4-3b51a0ca7870} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{353e2a48-6254-4bd3-88f4-3b51a0ca7870}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Software4u-System Observer deleted successfully.
ADS C:\ProgramData\Temp:EC77041F deleted successfully.
ADS C:\ProgramData\Temp:054B9966 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\iminent not found.
File\Folder C:\Program Files (x86)\software4u not found.
File\Folder C:\Program Files (x86)\sweetim not found.
File\Folder C:\Program Files (x86)\Common Files\spigot not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Holly Thomas\Desktop\cmd.bat deleted successfully.
C:\Users\Holly Thomas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Holly Thomas
->Temp folder emptied: 91458144 bytes
->Temporary Internet Files folder emptied: 88408784 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6790049 bytes
->Google Chrome cache emptied: 349511017 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 119808 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 933596 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1017047 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 13178222 bytes
Total Files Cleaned = 526.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 06112013_142823
Files\Folders moved on Reboot...
C:\Users\Holly Thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Holly Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\master36321 moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL Extras logfile created on: 11.06.2013 12:59:44 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly Thomas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5.90 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 69.44% Memory free
11.80 Gb Paging File | 9.87 Gb Available in Paging File | 83.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 439.45 Gb Total Space | 379.18 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive D: | 258.08 Gb Total Space | 190.77 Gb Free Space | 73.92% Space Free | Partition Type: NTFS
Computer Name: HOLLYTHOMAS-PC | User Name: Holly Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.ini [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.reg [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Classes\<extension>]
.txt [@ = txt_auto_file] -- C:\Program Files (x86)\LibreOffice 4.0\program\sdraw.exe (The Document Foundation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [print] -- Reg Error: Key error.
inifile [open] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [open] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [open] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
wshfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [print] -- Reg Error: Key error.
inifile [open] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [open] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [open] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
wshfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A9A7E5-9E3A-498F-9063-B4CC3EDA5269}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{13F0CE2B-7C19-4996-8CD5-3711C73A9554}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{160262DC-2365-4B45-89A4-B7D41E9134C2}" = rport=137 | protocol=17 | dir=out | app=system |
"{1A4FAA52-8D93-4A32-B2EB-4919539CFFE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2320C600-F142-47B8-ABEE-37A3CE74235D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23B2C8BD-63E3-4C6A-8782-642E34FE38CC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2ECFC2AC-D738-45C7-B0FA-585EEDDAC548}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30BD14D3-8AAE-468F-93AF-20CFD96D09B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AE1A3CE-3E45-4366-8C47-9080DC637CDC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3F0CB73A-4640-4B7B-A0AC-524E66E23823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{48A44CCA-170A-4558-B873-D74EB36B3CF2}" = lport=137 | protocol=17 | dir=in | app=system |
"{5967AC1D-FB02-4C0A-9D65-5122A422366B}" = lport=445 | protocol=6 | dir=in | app=system |
"{6FCE6F3B-B7D1-45FE-A6EE-223D41140190}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A2B1D48-56AF-4B0B-95BC-596E694DB724}" = rport=445 | protocol=6 | dir=out | app=system |
"{AC8EC265-7856-4A01-9889-830F8F225F05}" = lport=138 | protocol=17 | dir=in | app=system |
"{B5583CD1-6BF0-4727-B29A-98CB6406E5F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5F9D0F0-6E52-4D0C-A150-C88269D1ADE7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C64C7A83-2EE3-4EC8-A328-4B128C1ADD4B}" = rport=139 | protocol=6 | dir=out | app=system |
"{D1EA1AD2-E0B2-4B0F-BED5-C65A10244517}" = rport=138 | protocol=17 | dir=out | app=system |
"{D63C74F5-9DCE-4F49-A501-D838905BB8A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DE9CB128-0AD3-42DE-A6B4-71A94D50780A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD562115-D34B-4988-B11A-C15A5925BE5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEF28EEC-A41B-4C55-99FC-BBC39DCDCE83}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080F5C83-07CF-4F4E-A825-CC7B5C99056C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18E13C25-17E6-478D-B92E-E94CA873B8BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F7F41FA-8A20-44A2-98EB-3D53C5D85866}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{438DCD5D-9DC1-4009-B154-3382FD1974D7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47AEDD1A-CCFC-4768-9F72-4BAE02AC9B29}" = protocol=6 | dir=out | app=system |
"{4DC15C81-A35B-49D5-9180-CD8EBAD84F19}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{62BC519E-F03E-422B-994A-03D6AD40E6C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C98C599-5E87-49D6-8E75-43B8A6E26E76}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{744BFF9C-7E4C-4454-9BAF-483273D333D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BC52A14-7F99-4444-A30D-974410118714}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{82119DB7-2463-4659-8764-C6401C83C38A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85832019-5E10-4687-9BE8-ECC6260C4DFB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{87F0D76D-2A46-4C14-AD23-8DE6B6A05510}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{9850B9F1-FC4B-43BF-8F1D-E9D496977206}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9EF67116-BDE0-4310-A476-0761785E79DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ADCFFC1B-840F-4E24-B5E5-9B7E2DD55C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{B097F56D-452F-4E9C-BB8D-4643D3C12CD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0B4056E-B896-435C-BBE5-FF8029F17959}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{CAB9A42F-D988-445B-A9D2-4F40A99530AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CF989236-702C-4938-B9F3-6378435B1662}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D235C2BC-59DE-4A01-83DC-137AD522FB22}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D306708B-9D06-41FD-84C3-5DD57153EA36}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D6EC845A-F2AD-4235-A4E3-45C547C7206F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE9DA040-A308-4D92-A45D-EDDF48D45978}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F16D6580-6300-4A38-95E6-8E2D6CD61630}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F75681F3-51F6-46B3-84EE-334401999272}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1551A29F-B1B0-43CA-90B5-E6E5186F683E}" = PSPPro64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi-Software
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6BD8753C-D71C-4918-83D7-89886BEF8FF8}" = Tacitus Rendering Infrastructure (x64)
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7629623D-F0D0-4AC6-A763-FBE06ED8288C}" = Intel(R) Rapid Storage Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA2600C1-6BDF-4FD1-1211-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E520EB70-A071-4A1A-9BD2-B28CC6D9DB22}" = O&O CleverCache
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"12031B46-075F-4028-A7B6-CA6218BB65E2_is1" = INCENDIA EX V
"CCleaner" = CCleaner
"cFosSpeed" = cFosSpeed v9.02
"HDR projects elements_is1" = HDR projects elements (64-Bit)
"PhotomatixPro42x64_is1" = Photomatix Pro version 4.2.6
"ProInst" = Intel PROSet Wireless
"Q-Dir" = Q-Dir
"Sandboxie" = Sandboxie 3.76 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = Corel PaintShop Pro X5
"_{AE4364BD-ED09-4D94-8DA2-315C10A57CD1}" = Ultimate Creative Collection (X5)
"_{BA7B3A61-EB8C-4C70-8179-93DDA248AA49}" = Nik Color Efex Pro 3.0
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1" = AOMEI Partition Assistant Pro Edition 5.1
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1" = Kalenderchen 5
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15002A1B-C1E7-4E91-A3EC-5502BF924A32}" = Setup
"{15180A90-1FC0-47E4-A150-3AECEF07B3B6}" = Corel PaintShop Pro X5
"{1522E36C-3739-41E4-8CD3-A4AFEA70086A}" = PSPPContent
"{153DD765-C8C6-4893-8CEF-D965351D82EC}" = PSPPHelp
"{154B0B16-ABCD-4A06-B0B7-8146B7A89B25}" = IPM_PSP_COM
"{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = ICA
"{15A0F110-4A57-4C8B-9F19-28C024D4AA9D}" = IObit Apps Toolbar v6.8
"{1600A56F-253A-4D00-851F-6DCC9796FDC7}_is1" = dbSThumb - Bilderdatenbank
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29258311-EA49-11DE-967C-005056C00008}" = Paragon Festplatten Manager™ 2012 Kompakt
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{2EC5640C-A426-4CFA-8737-656D1FE58128}_is1" = concept/design online.TiVi
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{33311EA4-0ECA-4E7F-83E5-8A92CD760152}" = Serif DrawPlus Starter Edition
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35EDE682-4AE5-47D6-B44F-103F859951DC}" = Serif PanoramaPlus X4
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1" = concept/design Video Jukebox
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{385E6A4D-A440-43E2-9BAF-A012FB5FC2E2}" = Perfect Effects 4.0.1
"{394C2C3E-CA18-4216-B430-ACDD82C26973}" = ArtRage 2 Starter Edition
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4209F371-29A2-6661-598F-36C7BBD65D31}_is1" = Ashampoo WinOptimizer 9 v.9.04.31
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{458C704E-19EA-4673-9ED1-14669657636E}" = COMPUTERBILD-Abzockschutz
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C650FBF-A043-45B0-B8A3-4221D92E6652}_is1" = Radiobattler 2013.1.3
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4E9B5BFE-856B-4C3A-BE90-4547DC255B22}" = Soda PDF 5
"{500F4898-C705-4B91-9C98-3D125330A022}_is1" = Password Depot 7
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60597b3f-d714-4f4e-8094-be088a31ff25}" = TubeBox
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6B68D0AD-880A-4862-928A-2830037BE50E}" = TubeBox
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.31 PRO
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{896614ED-00BD-4E0C-99AB-01C76EE416D9}" = Steganos Online Shield
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{92389de9-939e-341b-a076-1d52d7dbca71}" = Python 3.3.2
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.1
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}" = AKVIS Sketch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE4364BD-ED09-4D94-8DA2-315C10A57CD1}" = Ultimate Creative Collection (X5)
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B722FBCA-350B-4B54-B465-D183421D3401}" = Click-Crypt
"{B7E68A6D-1C9B-4F18-B021-949115021714}" = COMPUTERBILD Vorteil-Center
"{B8F4A45C-581C-4707-8EF2-2B9E6722270C}" = SketchUp 8
"{BA7B3A61-EB8C-4C70-8179-93DDA248AA49}" = Nik Color Efex Pro 3.0
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1" = concept/design onlineTV 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83BD122-F7F1-4AA3-8140-DAE1F54E7B4F}_is1" = Registry CleanUp 5 Installation & Registrierung
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDF6CEF3-8415-4868-8B1F-8D9E5FF8FC23}" = Microsoft Expression Design 4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio 2
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}" = LibreOffice 4.0.3.3
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox
"1&1 Office-Drive Manager" = 1&1 Office-Drive Manager
"1-abc.net Password Organizer" = 1-abc.net Password Organizer (Remove only)
"247C9365-9617-43EE-934F-84A8ADCB89D7_is1" = Registry CleanUP 5
"35A39AB0-5E9F-4B70-98DA-4B8158C89C4B" = Mandelbulber
"Ad Optimizer (am) v2" = Ad Optimizer (am) v2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aqsis" = Aqsis Renderer 1.8.2
"Ashampoo Burning Studio 2013_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"AVS Audio Converter_is1" = AVS Audio Converter 7
"AVS Audio Editor_is1" = AVS Audio Editor 7.1
"AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0
"AVS Document Converter_is1" = AVS Document Converter 2.2.5
"AVS Image Converter_is1" = AVS Image Converter 2.3.2.248
"AVS Media Player_is1" = AVS Media Player 4.1.10.99
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.1.3.149
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Batch Picture Resizer_is1" = Batch Picture Resizer 4.0
"ChaosPro 4.0" = ChaosPro
"Cut Out_is1" = Cut Out 3.0
"DAGOBERT-DACHS" = DAGOBERT-DACHS
"DAZ 3D Install Manager 1 1.0.1.59" = DAZ 3D Install Manager 1
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4.6 (64bit) 4.6.0.18" = DAZ Studio 4.6 (64bit)
"DC-Bass Source" = DC-Bass Source 1.3.0
"Decimator DS4 (64bit) 1.3.1.56" = Decimator DS4 (64bit)
"Decimator DS4 (64bit) 1.4.0.18" = Decimator DS4 (64bit)
"Design_8.0.31217.1" = Microsoft Expression Design 4
"DPP" = Canon Utilities Digital Photo Professional 3.6
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Efficient Calendar Free_is1" = Efficient Calendar Free 3.50
"Efficient Diary_is1" = Efficient Diary 3.50
"FBDBServer_2_5_is1" = Firebird 2.5.2.26539 (Win32)
"ffdshow_is1" = ffdshow v1.1.4399 [2012-03-22]
"Gimp" = Gimp 2.8.4
"Google Chrome" = Google Chrome
"GoZ DS4 (64bit) 1.2.1.56" = GoZ DS4 (64bit)
"HaaliMkx" = Haali Media Splitter
"HDR Photo Pro 5" = HDR Photo Pro 5
"Inkscape" = Inkscape 0.48.4
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"JPG-Illuminator" = JPG-Illuminator 4.4.4
"LAME_is1" = LAME v3.99.3 (for Windows)
"Makehuman" = Makehuman
"MediaMonkey_is1" = MediaMonkey 4.0
"Mixxx (1.10.1)" = Mixxx 1.10.1 (64-bit)
"MonKey Office 2013_is1" = MonKey Office 2013, Version 10.1.2
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"MyKeyFinder_is1" = MyKeyFinder
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"PC Fresh_is1" = PC Fresh
"PhotoZoom Classic 4" = BenVista PhotoZoom Classic 4.0.4
"PortraitProfessional10_is1" = Portrait Professional 10.8
"QR-Code Generator" = QR-Code Generator 1.12.0
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secure Eraser_is1" = Secure Eraser
"Smart Defrag 2_is1" = Smart Defrag 2
"Startpage24" = Startpage24
"Stepok's One Click Wipe und Recomposit_is1" = One Click Wipe 3
"Tacitus Rendering Infrastructure (x64)" = Tacitus Rendering Infrastructure
"Task Coach_is1" = Task Coach 1.3.29
"Tradingtagebuch für Trader_is1" = Tradingtagebuch für Trader Version 8.0.0.1
"VertusBlingIt" = Vertus Bling! It 1.1.5
"vsfilter_is1" = DirectVobSub 2.40.4209
"Vue 11 64bit" = Vue 11 64bit
"Web_4.0.1460.0" = Microsoft Expression Web 4
"WinLiveSuite" = Windows Live Essentials
"XenoDream v2.4_is1" = XenoDream 2.401 TRIAL
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"XYplorer" = XYplorer 12.30
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1250718090-1537509961-2586294136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Codec Pack Packages" = Codec Pack Packages
"DSite" = Update for Codec Pack
"FileZilla Client" = FileZilla Client 3.7.0.2
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"TwistedBrush Open Studio" = TwistedBrush Open Studio
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.06.2013 06:50:15 | Computer Name = HollyThomas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: adwcleaner.exe, Version: 2.3.0.3,
Zeitstempel: 0x4f25baec Name des fehlerhaften Moduls: adwcleaner.exe, Version: 2.3.0.3,
Zeitstempel: 0x4f25baec Ausnahmecode: 0xc0000005 Fehleroffset: 0x000111c9 ID des fehlerhaften
Prozesses: 0x630 Startzeit der fehlerhaften Anwendung: 0x01ce66916d826abf Pfad der
fehlerhaften Anwendung: C:\Users\Holly Thomas\Desktop\adwcleaner.exe Pfad des fehlerhaften
Moduls: C:\Users\Holly Thomas\Desktop\adwcleaner.exe Berichtskennung: b2426cd0-d284-11e2-bf22-e840f2d2fb19
Error - 11.06.2013 06:52:47 | Computer Name = HollyThomas-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 11.06.2013 06:55:16 | Computer Name = HollyThomas-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern
zu überwachen.
[ System Events ]
Error - 11.06.2013 06:55:07 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Bluetooth Media Service erreicht.
Error - 11.06.2013 06:55:07 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Media Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 11.06.2013 06:55:08 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Bluetooth OBEX Service erreicht.
Error - 11.06.2013 06:55:08 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth OBEX Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 11.06.2013 06:55:08 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service erreicht.
Error - 11.06.2013 06:55:08 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed
Security Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 11.06.2013 06:55:14 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) Management and Security Application Local Management Service erreicht.
Error - 11.06.2013 06:55:14 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 11.06.2013 06:55:14 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 11.06.2013 06:55:14 | Computer Name = HollyThomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
11.06.2013, 14:09
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.06.2013, 09:10
| #15 |
| | Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! Guten Morgen, hier meine Logs MBAM: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.11.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Holly Thomas :: HOLLYTHOMAS-PC [Administrator] Schutz: Aktiviert 11.06.2013 15:48:03 MBAM-log-2013-06-11 (16-45-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 456636 Laufzeit: 56 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211301130} (PUP.215Apps) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211301130} (PUP.215Apps) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Sandbox\Holly_Thomas\DefaultBox\user\current\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\ad436001f5fd38f69bd6676517882b7c\gutscheinfilter_r686.exe (Adware.Dropper) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3b306a0e0a40554297d21b4d39f419e3
# engine=14049
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-11 07:15:50
# local_time=2013-06-11 09:15:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 8051 25748072 0 0
# compatibility_mode=5893 16776574 100 94 18588736 122608000 0 0
# scanned=237310
# found=0
# cleaned=0
# scan_time=6710
ESETSmartInstaller@High as downloader log:
all ok
|
|
| Themen zu Aufforderung die wssetup.exe von Perion zu starten erscheint nach Rechnerstart ! |
| angreifer, anhang, aufforderung, benutzerdaten, code, computer, ebenfalls, erscheint, erstell, erstellt, files, google, hallo zusammen, java, legales programm, problem, program, programm, rechners, rechnerstart, schicke, software, starte, starten, web, zusammen |
Textbox. 
Linear-Darstellung
