Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AVG findet Invisible IFrame Infection Attack

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.06.2013, 15:16   #1
malakrolewna
 
AVG findet Invisible IFrame Infection Attack - Frage

AVG findet Invisible IFrame Infection Attack



Hallo,

mein AVG findet eine Invisible IFrame Infection Attack (type 1707), wenn ich e*ay besuche. Dort steht immer Bedrohung erkannt und entfernt, aber es poppt immer auf, wenn ich e*ay besuche. Habe auch verschiedene Scans durchgeführt und alle zeigen keine Bedrohung an.
Was kann das sein?
Ich finde dazu nur englische Seiten, die mir nicht wirklich weiterhelfen.

LG

Code:
ATTFilter
# AdwCleaner v2.302 - Datei am 10/06/2013 um 23:05:49 erstellt
# Aktualisiert am 06/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - MALAKROLEWNA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner2302.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a5n6t2t3.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R2].txt - [4160 octets] - [22/05/2013 19:20:03]
AdwCleaner[R3].txt - [1097 octets] - [22/05/2013 19:36:59]
AdwCleaner[R4].txt - [1264 octets] - [22/05/2013 20:02:10]
AdwCleaner[R5].txt - [1278 octets] - [23/05/2013 16:45:05]
AdwCleaner[R6].txt - [1515 octets] - [10/06/2013 17:48:19]
AdwCleaner[R7].txt - [1206 octets] - [10/06/2013 23:05:49]
AdwCleaner[S2].txt - [1365 octets] - [22/05/2013 22:01:51]
AdwCleaner[S3].txt - [1340 octets] - [25/05/2013 20:20:42]
AdwCleaner[S4].txt - [1449 octets] - [03/06/2013 13:40:57]
AdwCleaner[S5].txt - [1457 octets] - [09/06/2013 21:28:03]
AdwCleaner[S6].txt - [1616 octets] - [10/06/2013 22:39:46]

########## EOF - C:\AdwCleaner[R7].txt - [1566 octets] ##########
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.10.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
*** :: MALAKROLEWNA [Administrator]

11.06.2013 21:21:40
mbam-log-2013-06-11 (21-21-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 242582
Laufzeit: 7 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
Bei AVG: Bei diesem Scan wurde keine Infizierung gefunden
         

Alt 12.06.2013, 15:18   #2
markusg
/// Malware-holic
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



bitte die avg meldung als text postenb
__________________

__________________

Alt 12.06.2013, 16:01   #3
malakrolewna
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



Zitat:
Zitat von markusg Beitrag anzeigen
bitte die avg meldung als text postenb
Die Meldung kommt jetzt nicht mehr! Vor einer halben Stunde kam sie jede 3 Sekunden! Habe leider vergessen einen Druck zu machen :-(
__________________

Alt 12.06.2013, 16:04   #4
markusg
/// Malware-holic
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



dann schau mal in avg, da sollte es ereigniss meldungen geben.
bzw auch mal in die Quarantäne ob da was passenes ist
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 16:13   #5
malakrolewna
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



Zitat:
Zitat von markusg Beitrag anzeigen
dann schau mal in avg, da sollte es ereigniss meldungen geben.
bzw auch mal in die Quarantäne ob da was passenes ist

Bei Ereignisprotokoll ist das letzte ein Update um 12:03 und in der Quarantäne ist nichts.
Und sonst finde ich nicht mal bei Berichten etwas.
LG


Alt 12.06.2013, 17:59   #6
markusg
/// Malware-holic
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



könnt ihr ebay nun wieder besuche? könnte ein fehlalarm sein.
__________________
--> AVG findet Invisible IFrame Infection Attack

Alt 12.06.2013, 18:06   #7
malakrolewna
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



Hallo,

ja ich kann eBay wieder besuchen. Jedoch kam diese Meldung schon gestern Abend, dann war sie weg und heute kam sie erneut und dann alle 3 Sekunden eine. Nun ist sie schon wieder weg. Vllt kommt sie morgen wieder...Jetzt allerdings erscheint sie nicht mehr, habe vorsichtshalber heute mein Passwort geändert. Hat es etwas damit zu tun?
Kann der "Hacker" meine Daten einsehen?
Und es haben ja noch mehr Leute dieses Problem, habe hier schon gelesen, dass avast dieses IFrame (:laut AVG) als Trojaner findet.

LG

Alt 12.06.2013, 18:13   #8
markusg
/// Malware-holic
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



ja versuche grad das rauszufinden.
dein pc sollte ok sein, wir schaun mal.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 18:25   #9
malakrolewna
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



Muss ich alles so machen, wie bei OTL.exe steht, alles so markieren und auswählen oder muss ich das so machen wie du es geschrieben hast? Muss ich dann auf Scan oder Quickscan drücken? Weil bei der OTL.exe steht nämlich Scan.

Edit: Achja und mit alle Programme schließen, ist damit auch die Firewall und AVG und so gemeint? Also alles? Auch Nvidia?

Alt 12.06.2013, 18:36   #10
markusg
/// Malware-holic
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



alles schließen, so ausführen wie von mir geschrieben.
wenn du die windows firewall nutzt, musst du die jetzt nich extra deaktivieren.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 19:14   #11
malakrolewna
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



Code:
ATTFilter
OTL logfile created on: 12.06.2013 19:43:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,51% Memory free
15,96 Gb Paging File | 13,94 Gb Available in Paging File | 87,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 350,32 Gb Total Space | 264,35 Gb Free Space | 75,46% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 192,51 Gb Free Space | 98,56% Space Free | Partition Type: NTFS
Drive F: | 152,91 Gb Total Space | 54,00 Gb Free Space | 35,32% Space Free | Partition Type: NTFS
 
Computer Name: MALAKROLEWNA | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\***\AppData\Roaming\TV Movie\TV Movie Clickfinder\tvtip.exe (E.W.E.-Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FiltUSBET) -- C:\Windows\SysNative\drivers\etFilter64.sys (eMPIA Technology Inc.)
DRV:64bit: - (DCamUSBET) -- C:\Windows\SysNative\drivers\etDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ScanUSBET) -- C:\Windows\SysNative\drivers\etScan64.sys (eMPIA Technology, Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 20 C5 0E 3A 93 CD 01  [binary data]
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 B9 A6 5A 3B 82 CD 01  [binary data]
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-648031918-1672791633-3813103636-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: E:\Java\inst\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.02 14:40:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.09.02 14:40:05 | 000,000,000 | ---D | M]
 
[2013.03.06 21:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.05.22 19:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a5n6t2t3.default\extensions
[2013.04.08 19:11:52 | 000,199,379 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\a5n6t2t3.default\extensions\m2k@m2kdownloader.com.xpi
[2013.05.22 19:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.22 19:44:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\inst\bin\ssv.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\inst\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-648031918-1672791633-3813103636-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [etMonitor] C:\Windows\etMon.exe (EMPIA Technology Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [mouseElf] E:\GamingMouse\inst\MouseElf.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [WinampAgent] E:\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r  /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-648031918-1672791633-3813103636-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-648031918-1672791633-3813103636-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-648031918-1672791633-3813103636-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-648031918-1672791633-3813103636-1000..\Run: [TVTip] C:\Users\***\AppData\Roaming\TV Movie\TV Movie Clickfinder\tvstart.exe (E.W.E.-Software)
O4 - HKU\S-1-5-21-648031918-1672791633-3813103636-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-648031918-1672791633-3813103636-1000..\RunOnce: [Uninstall C:\Users\***\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\***\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKU\S-1-5-21-648031918-1672791633-3813103636-1000..\RunOnce: [Uninstall C:\Users\***\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\***a\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - HKU\S-1-5-21-648031918-1672791633-3813103636-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-648031918-1672791633-3813103636-1001..\RunOnce: [Uninstall C:\Users\***\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\***\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-648031918-1672791633-3813103636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-648031918-1672791633-3813103636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-648031918-1672791633-3813103636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - E:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - E:\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6638633-6CC7-4C7C-9113-B3733B4CB635}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\AVG AntiVirus\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\AVG AntiVirus\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.05.22 16:27:33 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.03 14:28:20 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.06.03 14:28:20 | 000,103,064 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.06.03 14:26:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.05.23 21:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.05.22 19:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.22 19:54:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.22 17:37:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.05.22 17:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.22 17:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.22 17:32:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.05.22 16:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.12 19:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.12 18:49:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.12 12:05:37 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 12:05:37 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 11:59:30 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.12 11:58:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.12 11:58:03 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 21:55:34 | 000,000,680 | RHS- | M] () -- C:\Users\***\ntuser.pol
[2013.05.22 22:51:36 | 000,438,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 19:25:14 | 001,633,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.22 19:25:14 | 000,696,638 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.22 19:25:14 | 000,651,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.22 19:25:14 | 000,147,934 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.22 19:25:14 | 000,120,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.22 16:27:33 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
 
========== Files Created - No Company Name ==========
 
[2013.06.11 21:55:34 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2013.05.22 16:27:33 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.02.23 15:35:20 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2013.02.19 21:03:33 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.02.19 21:03:33 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.04 20:50:58 | 000,027,520 | ---- | C] () -- C:\Users\***\AppData\Local\dt.dat
[2012.09.26 21:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 21:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 21:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 21:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.09 21:59:52 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\TaskKeyHook.dll
[2012.09.09 21:59:52 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\drivers\gHidUsbF.sys
[2012.09.09 21:59:52 | 000,007,808 | ---- | C] () -- C:\Windows\SysWow64\drivers\gflmouhid.sys
[2012.09.02 14:36:20 | 000,245,367 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.09.02 14:36:19 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.08.30 19:48:12 | 000,053,248 | ---- | C] () -- C:\Windows\etRunDLL.dll
[2012.08.25 18:17:25 | 000,039,556 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.08.25 18:05:14 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.08.25 18:05:08 | 000,031,754 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.08.24 23:57:50 | 001,589,518 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.10 18:22:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.01.10 18:22:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012.12.14 13:08:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2013
[2013.05.22 19:22:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2013.03.21 16:45:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.12.01 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2013.05.22 17:24:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.08.24 18:25:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.03.18 00:06:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.12.14 12:40:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.08.30 15:31:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV Movie
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.01.10 18:21:58 | 000,000,000 | -H-D | M] -- C:\$AVG
[2013.01.24 12:53:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.06.07 13:58:54 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.08.24 22:43:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.09.15 17:04:23 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.08.26 12:13:18 | 000,000,000 | ---D | M] -- C:\Netgear
[2012.08.24 19:49:27 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.22 19:06:23 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.03 13:40:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.05.22 19:21:57 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.08.24 22:43:54 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.08.24 22:43:54 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.06.12 19:45:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.09.15 13:42:44 | 000,000,000 | ---D | M] -- C:\temp
[2012.08.24 22:51:07 | 000,000,000 | R--D | M] -- C:\Users
[2013.05.25 20:16:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.24 23:00:51 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.01.30 22:33:01 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.01.30 22:33:02 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
 
< %USERPROFILE%\*.* >
[2013.06.12 19:51:11 | 004,718,592 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2013.06.12 19:51:11 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1
[2012.08.24 22:44:01 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2
[2012.08.24 22:51:31 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.08.24 22:51:31 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.08.24 22:51:31 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013.05.22 19:22:48 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{228d0469-c2ff-11e2-abc0-14dae944f084}.TM.blf
[2013.05.22 19:22:48 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{228d0469-c2ff-11e2-abc0-14dae944f084}.TMContainer00000000000000000001.regtrans-ms
[2013.05.22 19:22:48 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{228d0469-c2ff-11e2-abc0-14dae944f084}.TMContainer00000000000000000002.regtrans-ms
[2013.05.22 19:04:09 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{3f268d92-c2dd-11e2-af2c-14dae944f084}.TM.blf
[2013.05.22 19:04:09 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{3f268d92-c2dd-11e2-af2c-14dae944f084}.TMContainer00000000000000000001.regtrans-ms
[2013.05.22 19:04:09 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{3f268d92-c2dd-11e2-af2c-14dae944f084}.TMContainer00000000000000000002.regtrans-ms
[2012.08.24 22:44:01 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini
[2013.06.11 21:55:34 | 000,000,680 | RHS- | M] () -- C:\Users\***\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 12.06.2013 19:43:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,51% Memory free
15,96 Gb Paging File | 13,94 Gb Available in Paging File | 87,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 350,32 Gb Total Space | 264,35 Gb Free Space | 75,46% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 192,51 Gb Free Space | 98,56% Space Free | Partition Type: NTFS
Drive F: | 152,91 Gb Total Space | 54,00 Gb Free Space | 35,32% Space Free | Partition Type: NTFS
 
Computer Name: MALAKROLEWNA | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-648031918-1672791633-3813103636-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087CA845-4E57-4A86-B58C-8623E8B232A8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E6E8FE0-01D7-41BD-8752-5ACED67E97F5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{112BD584-CEB2-4DF1-ADBC-2D10D1B2F99E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{17B6B0CD-98A0-4003-8FDA-61367704F5F7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{20C17F4C-C9AA-43E0-B6B9-08A113339730}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2B124DFB-BD8E-42A3-A5CF-92A44DB294BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{30E38411-D847-4F70-B094-8BBFCBA0266E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{38B0ACA0-41C5-4F0E-9FF5-4AC8CDC8BAAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3963C93B-D4F1-4FDA-B0B0-C6248A4C10CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3C68CB66-C105-4FF2-AF21-217741E433CD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{3D1D1F8A-84B5-4DE7-948C-0647C71D4250}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3F21101C-CDB5-4995-B445-94F0A10EF491}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4045B209-12F6-4A1E-81A4-715A2A9B291E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4255D98B-9775-417A-890A-B4537D7C76DD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{487ED57E-9FBB-4041-A415-F8A11B6EF75D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{50EF7536-C30B-4A86-9F76-16A442CE4146}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5973B8EB-73D5-4B0A-B696-EC57F75046BD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5F9DB703-F290-4C6E-9DE5-A70D07E4221C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6086F9FC-38DF-4815-B621-579280755ECF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6710AA8C-C203-4512-8148-8BDD9E691E6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{887FBF63-3D08-4A33-8A9B-03AA45A251EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{90E8CD2B-978C-40B6-A69D-B16DB3938F98}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9681DDAE-5B88-4F91-B696-A3D97F23993D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9C2C575B-B22B-411B-8449-7C26751D2253}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0F85856-E78A-43BA-A899-10D784832D3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C23C8C5F-3830-481B-BB7C-F28FBA7AE421}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D2100F8B-291C-4E17-B564-4E9CBE69A037}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D88E80CE-E3DA-41EA-B57C-5F6D26860E7D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D99A3B4E-99F0-4030-9AF1-774EA7CBC169}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DEC6F148-152E-41AD-A450-F6A8C919167B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DF30FDEA-6A74-45EB-A318-2AEAFAFFC0D4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DF70DAB5-46D7-43AF-9116-AFF083CC31A8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F08C25B7-8183-4234-9743-B106052EF25F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{F5C661C4-4BF7-483D-9C3F-5C2E5FC2CC6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7A3CCFA-3A03-4A5F-8726-90EC007A8D05}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C69C71-D557-4CB0-96D2-A85E054BA581}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{0675BF3D-A35F-4B1F-836E-30333FDD05DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{07E9EDC7-AB8F-4F92-8470-B04B79E61EFF}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{0BF005F5-49A4-44DB-99A1-B9998CEF632A}" = protocol=6 | dir=out | app=system | 
"{106A80C7-3575-429C-8B58-1BC4150A0F68}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1280CDA4-7359-4B7F-8614-713D2230BEEA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{1671E9C0-A8D4-451A-83A5-696AB418EA47}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{26A8727A-E4A0-4331-9E4E-EB1BB2D6AB54}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{30AA1D67-8CC9-4994-91C1-F122A17A8F72}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{30C51389-4A5C-4986-8301-DBE067F29E95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{33D4B22D-691F-4B2C-BC45-81CDAA3E10FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{35266E25-5A96-4036-9B7C-92EB54C2444E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{376029DA-BA51-4FEF-9BF3-15FAB91EC12D}" = protocol=17 | dir=in | app=e:\icq\icq7m\icq.exe | 
"{38FD6E9A-90E4-4A3C-A17C-EE87C5330823}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{3EC02595-BD96-448C-A4DD-E19FEB688989}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{444C1D77-2A8F-4E79-9FA1-3DF75FDC92A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{49110310-A04D-4527-9D6D-40F3ABCAB6D2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{4B078977-5D39-4441-BC61-3598D9C61AFF}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{59B5263B-F6ED-4460-88CA-1367D30E4BEA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5A5EE6C1-F28D-45D1-8017-D7E0817BF1B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{5FA6D524-D4B9-4853-AD10-66FB049C99C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{632076AD-5332-4F22-AFDA-AD89B48A029E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{63703719-C9F1-4E4C-BBF1-D7F7461A6A73}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6BDFD986-99A0-4E95-8DA3-4850B9D2963C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6D62417F-ACC8-4949-859E-2FBBC8CDB5AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{7596CB5C-34D0-4A84-B4AC-B7FF2DE0460A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{76396249-E287-4328-8B27-F6685B2FB636}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7ACA3F89-0720-4234-B067-4236E625C01C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{7C49EC8C-38FD-48C4-A001-38D0FF4F66C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{86C4EE91-5C88-4269-B842-02834A20BCC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8732AD15-A602-4A10-953D-F5EA110846FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{87FE6C4F-E5BD-43D8-B925-CDD6B1389E8D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{8C91A881-21E1-4381-91E6-EF5B548FD58F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{90E628E6-D261-48A3-A36C-9E60CF131880}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{91A2E530-27A8-45C2-8FA7-2603786DB12F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{94EC329B-DEC5-4797-8BED-4E911E90F803}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{97F66C28-1F61-46CC-BA6F-B3B7D860DF32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9A1AB914-38F7-4A68-BA87-58F24A1C6888}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9C1D813F-2C4E-4CF1-8B18-547A67EE10E4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{A0760C8E-F3EA-45EA-980D-707FD3BC7623}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{A36ECCAC-F943-4661-B0F3-13A5314904D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3D4E10E-B151-4A3F-8295-D0987A2C6635}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A516F321-8DCC-4AA1-AE3E-973D6D7B140B}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{A6348025-D9EF-444D-B1B7-04D8ADD8FB53}" = protocol=6 | dir=in | app=c:\users\
***\appdata\local\temp\7zs33f1\hpdiagnosticcoreui.exe | 
"{A6A7FD48-4B20-4D3A-BEB7-F10577F193CE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A79E1F94-A399-4E59-9A71-B0F1A612C710}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{A7CD120E-BAF3-4AE0-B2FC-9AF4D0BC6727}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{A93F9A55-A9FE-4BA2-AB3F-5929C8822014}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A9BD9A34-371F-4017-8E40-79739B5227CB}" = protocol=17 | dir=in | app=e:\icq\icq7m\icq.exe | 
"{AFD4262A-0A23-486C-B1CC-39C8918129AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B0732242-8D04-4F81-996E-57556FB14566}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B52972CD-70E8-4CA2-AEFF-699640872B55}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{B9FBFC81-5DE8-4A43-B274-4D41DC6FC1A4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{C12930C3-5672-449F-9678-E54786FD9FD3}" = protocol=6 | dir=in | app=e:\icq\icq7m\icq.exe | 
"{C2403543-03E3-4863-A10A-8BF6953853B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C24837D0-D19A-42CB-9FAA-A5922F9A59EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C28A3506-5BF1-472F-8D59-924AABDEE7F2}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs1e5c\hpdiagnosticcoreui.exe | 
"{C5D281E0-884C-4796-9F91-1AB865BB627F}" = protocol=6 | dir=in | app=e:\avg antivirus\avgmfapx.exe | 
"{C7FDD44D-669B-4F9E-AF49-5EC7CFD61619}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{CC25328E-0723-4D1F-971A-FC994E816747}" = protocol=17 | dir=in | app=e:\avg antivirus\avgmfapx.exe | 
"{CCAF7B95-DD22-4C44-A66E-378B04335C4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1241479-84EA-4A02-B81D-B4EB47BBF78C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{D316F88D-6CBE-4A3F-8AA2-4D0777D3D1EF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D5B3EDE6-03C6-48A7-BF79-8E5ED4998638}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{D6131667-FD0C-4F73-98F0-378E0BDF7A10}" = protocol=6 | dir=in | app=e:\icq\icq7m\icq.exe | 
"{DACFA130-1520-4E2E-B5A6-DF4DF91693F0}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{DBE8E5CE-0338-4469-9D42-C0B86B978FD1}" = protocol=6 | dir=in | app=e:\icq\icq7m\icq.exe | 
"{DF3DBABF-F69F-4394-A32C-3433F6BDB2B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{E3202B43-361B-44FE-897B-08F36D092E36}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{E4F5EFB8-62F7-438E-859B-32C8F3E1D831}" = protocol=17 | dir=in | app=e:\icq\icq7m\icq.exe | 
"{E5059E31-69E4-424D-949B-63CD91139725}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs33f1\hpdiagnosticcoreui.exe | 
"{E7E49865-982D-4496-B25E-A6B094B6B59E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{EC9B0CAB-4632-4505-9C3D-E25DC0754C43}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{ED2F9DEA-6998-4C7B-AE41-298FE5EBAB9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{EFCAC3DF-3FEE-463E-8726-CB2FA7C95F8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FEA08EA0-A6F5-49A3-95F5-34495E6DE69C}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs1e5c\hpdiagnosticcoreui.exe | 
"{FF4B3304-91A1-4ACA-A8AF-C9E8C193003F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{FF7BDF39-5CD6-4CE7-A056-D3E5D01BD2F8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119EEB4B-F32F-4D71-B9C0-E42403F91C9A}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62140B07-129A-2BD0-81D2-2A1A7408ADC8}" = ATI Catalyst Install Manager
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2013
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = VAD Laplace Webcam
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B407A54-6CF2-42B5-B419-E900B2E36972}" = 1500
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A1A2ACDC-0C22-4EB1-B958-1898A93DAF28}" = TV Movie ClickFinder
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Google Chrome" = Google Chrome
"IncrediMail" = IncrediMail 2.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KYE" = Gaming Mouse
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-648031918-1672791633-3813103636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-648031918-1672791633-3813103636-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.05.2013 15:45:01 | Computer Name = MalaKrolewna | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "e:\openoffice\inst\SoftonicDownloader_fuer_apache-openoffice.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 27.05.2013 09:06:27 | Computer Name = MalaKrolewna | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "e:\openoffice\inst\SoftonicDownloader_fuer_apache-openoffice.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 02.06.2013 19:33:35 | Computer Name = MalaKrolewna | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "e:\openoffice\inst\SoftonicDownloader_fuer_apache-openoffice.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.06.2013 14:53:06 | Computer Name = MalaKrolewna | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "e:\openoffice\inst\SoftonicDownloader_fuer_apache-openoffice.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 05.06.2013 12:17:52 | Computer Name = MalaKrolewna | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "e:\openoffice\inst\SoftonicDownloader_fuer_apache-openoffice.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 06.06.2013 12:39:07 | Computer Name = MalaKrolewna | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "e:\openoffice\inst\SoftonicDownloader_fuer_apache-openoffice.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 11.06.2013 12:24:53 | Computer Name = MalaKrolewna | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "e:\openoffice\inst\SoftonicDownloader_fuer_apache-openoffice.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 12.06.2013 06:22:39 | Computer Name = MalaKrolewna | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "e:\openoffice\inst\SoftonicDownloader_fuer_apache-openoffice.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 12.06.2013 12:02:06 | Computer Name = MalaKrolewna | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "e:\openoffice\inst\SoftonicDownloader_fuer_apache-openoffice.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 12.06.2013 13:23:42 | Computer Name = MalaKrolewna | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 22d0    Startzeit:
 01ce6790d4f7b7c2    Endzeit: 7    Anwendungspfad: C:\Users\***\Downloads\OTL.exe

Berichts-ID:
   
 
[ OSession Events ]
Error - 06.05.2013 08:21:04 | Computer Name = MalaKrolewna | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1427
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.03.2013 12:59:47 | Computer Name = MalaKrolewna | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 10.03.2013 12:59:54 | Computer Name = MalaKrolewna | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 10.03.2013 13:02:00 | Computer Name = MalaKrolewna | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 10.03.2013 13:02:00 | Computer Name = MalaKrolewna | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 10.03.2013 18:00:55 | Computer Name = MalaKrolewna | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 11.03.2013 14:59:48 | Computer Name = MalaKrolewna | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 11.03.2013 14:59:52 | Computer Name = MalaKrolewna | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 11.03.2013 15:01:54 | Computer Name = MalaKrolewna | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 11.03.2013 15:01:54 | Computer Name = MalaKrolewna | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 11.03.2013 18:24:27 | Computer Name = MalaKrolewna | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
 
< End of report >
         

Alt 12.06.2013, 19:22   #12
markusg
/// Malware-holic
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 19:29   #13
malakrolewna
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



Das löscht aber keine Daten oder? Das durchsucht nur den PC? Ich soll nicht auf Cure drücken sondern auf Skip ja?

Alt 12.06.2013, 20:07   #14
markusg
/// Malware-holic
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



steht doch auch so in der Anleitung oder?b
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 20:22   #15
malakrolewna
 
AVG findet Invisible IFrame Infection Attack - Standard

AVG findet Invisible IFrame Infection Attack



Code:
ATTFilter
20:27:42.0350 3668  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:27:42.0709 3668  ============================================================
20:27:42.0710 3668  Current date / time: 2013/06/12 20:27:42.0709
20:27:42.0710 3668  SystemInfo:
20:27:42.0710 3668  
20:27:42.0710 3668  OS Version: 6.1.7601 ServicePack: 1.0
20:27:42.0710 3668  Product type: Workstation
20:27:42.0710 3668  ComputerName: MALAKROLEWNA
20:27:42.0710 3668  UserName: *** Matula
20:27:42.0710 3668  Windows directory: C:\Windows
20:27:42.0710 3668  System windows directory: C:\Windows
20:27:42.0711 3668  Running under WOW64
20:27:42.0711 3668  Processor architecture: Intel x64
20:27:42.0711 3668  Number of processors: 4
20:27:42.0711 3668  Page size: 0x1000
20:27:42.0711 3668  Boot type: Normal boot
20:27:42.0711 3668  ============================================================
20:27:44.0090 3668  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:27:44.0096 3668  ============================================================
20:27:44.0096 3668  \Device\Harddisk0\DR0:
20:27:44.0132 3668  MBR partitions:
20:27:44.0132 3668  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:27:44.0132 3668  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2BCA2EF0
20:27:44.0157 3668  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2BCD6000, BlocksNum 0x131D0000
20:27:44.0157 3668  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3EEA6000, BlocksNum 0x1869F000
20:27:44.0157 3668  ============================================================
20:27:44.0212 3668  C: <-> \Device\Harddisk0\DR0\Partition2
20:27:44.0257 3668  E: <-> \Device\Harddisk0\DR0\Partition4
20:27:44.0289 3668  F: <-> \Device\Harddisk0\DR0\Partition3
20:27:44.0289 3668  ============================================================
20:27:44.0289 3668  Initialize success
20:27:44.0289 3668  ============================================================
21:17:30.0112 1300  ============================================================
21:17:30.0112 1300  Scan started
21:17:30.0112 1300  Mode: Manual; SigCheck; TDLFS; 
21:17:30.0112 1300  ============================================================
21:17:32.0019 1300  ================ Scan system memory ========================
21:17:32.0019 1300  System memory - ok
21:17:32.0020 1300  ================ Scan services =============================
21:17:32.0198 1300  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:17:32.0269 1300  1394ohci - ok
21:17:32.0313 1300  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:17:32.0343 1300  ACPI - ok
21:17:32.0374 1300  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:17:32.0453 1300  AcpiPmi - ok
21:17:32.0589 1300  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:17:32.0614 1300  AdobeARMservice - ok
21:17:32.0741 1300  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:17:32.0767 1300  AdobeFlashPlayerUpdateSvc - ok
21:17:32.0815 1300  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:17:32.0849 1300  adp94xx - ok
21:17:32.0877 1300  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:17:32.0892 1300  adpahci - ok
21:17:32.0911 1300  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:17:32.0923 1300  adpu320 - ok
21:17:32.0951 1300  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:17:33.0127 1300  AeLookupSvc - ok
21:17:33.0196 1300  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:17:33.0268 1300  AFD - ok
21:17:33.0311 1300  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:17:33.0332 1300  agp440 - ok
21:17:33.0353 1300  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:17:33.0391 1300  ALG - ok
21:17:33.0418 1300  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:17:33.0438 1300  aliide - ok
21:17:33.0458 1300  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:17:33.0467 1300  amdide - ok
21:17:33.0503 1300  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:17:33.0568 1300  AmdK8 - ok
21:17:33.0590 1300  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:17:33.0629 1300  AmdPPM - ok
21:17:33.0683 1300  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:17:33.0710 1300  amdsata - ok
21:17:33.0744 1300  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:17:33.0775 1300  amdsbs - ok
21:17:33.0795 1300  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:17:33.0805 1300  amdxata - ok
21:17:33.0844 1300  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:17:34.0209 1300  AppID - ok
21:17:34.0240 1300  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:17:34.0302 1300  AppIDSvc - ok
21:17:34.0355 1300  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
21:17:34.0411 1300  Appinfo - ok
21:17:34.0454 1300  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:17:34.0470 1300  arc - ok
21:17:34.0482 1300  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:17:34.0498 1300  arcsas - ok
21:17:34.0614 1300  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:17:34.0639 1300  aspnet_state - ok
21:17:34.0668 1300  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:17:34.0724 1300  AsyncMac - ok
21:17:34.0759 1300  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:17:34.0769 1300  atapi - ok
21:17:34.0811 1300  [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
21:17:34.0823 1300  AtiPcie - ok
21:17:34.0876 1300  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:17:34.0948 1300  AudioEndpointBuilder - ok
21:17:34.0994 1300  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:17:35.0028 1300  AudioSrv - ok
21:17:35.0190 1300  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
21:17:35.0273 1300  AVGIDSAgent - ok
21:17:35.0303 1300  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:17:35.0314 1300  AVGIDSDriver - ok
21:17:35.0338 1300  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
21:17:35.0347 1300  AVGIDSHA - ok
21:17:35.0361 1300  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
21:17:35.0372 1300  Avgldx64 - ok
21:17:35.0415 1300  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
21:17:35.0427 1300  Avgloga - ok
21:17:35.0439 1300  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
21:17:35.0450 1300  Avgmfx64 - ok
21:17:35.0476 1300  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
21:17:35.0485 1300  Avgrkx64 - ok
21:17:35.0502 1300  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
21:17:35.0513 1300  Avgtdia - ok
21:17:35.0529 1300  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
21:17:35.0540 1300  avgwd - ok
21:17:35.0588 1300  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:17:35.0646 1300  AxInstSV - ok
21:17:35.0704 1300  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:17:35.0732 1300  b06bdrv - ok
21:17:35.0765 1300  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:17:35.0807 1300  b57nd60a - ok
21:17:35.0852 1300  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:17:35.0876 1300  BDESVC - ok
21:17:35.0894 1300  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:17:35.0947 1300  Beep - ok
21:17:36.0017 1300  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:17:36.0074 1300  BFE - ok
21:17:36.0121 1300  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:17:36.0175 1300  BITS - ok
21:17:36.0198 1300  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:17:36.0226 1300  blbdrive - ok
21:17:36.0252 1300  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:17:36.0302 1300  bowser - ok
21:17:36.0338 1300  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:17:36.0421 1300  BrFiltLo - ok
21:17:36.0424 1300  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:17:36.0461 1300  BrFiltUp - ok
21:17:36.0491 1300  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:17:36.0530 1300  Browser - ok
21:17:36.0558 1300  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:17:36.0588 1300  Brserid - ok
21:17:36.0594 1300  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:17:36.0615 1300  BrSerWdm - ok
21:17:36.0619 1300  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:17:36.0642 1300  BrUsbMdm - ok
21:17:36.0646 1300  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:17:36.0668 1300  BrUsbSer - ok
21:17:36.0672 1300  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:17:36.0685 1300  BTHMODEM - ok
21:17:36.0738 1300  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:17:36.0818 1300  bthserv - ok
21:17:36.0839 1300  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:17:36.0898 1300  cdfs - ok
21:17:36.0945 1300  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:17:36.0987 1300  cdrom - ok
21:17:37.0066 1300  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:17:37.0116 1300  CertPropSvc - ok
21:17:37.0140 1300  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:17:37.0153 1300  circlass - ok
21:17:37.0178 1300  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:17:37.0194 1300  CLFS - ok
21:17:37.0255 1300  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:17:37.0280 1300  clr_optimization_v2.0.50727_32 - ok
21:17:37.0325 1300  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:17:37.0337 1300  clr_optimization_v2.0.50727_64 - ok
21:17:37.0401 1300  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:17:37.0419 1300  clr_optimization_v4.0.30319_32 - ok
21:17:37.0438 1300  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:17:37.0448 1300  clr_optimization_v4.0.30319_64 - ok
21:17:37.0464 1300  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:17:37.0496 1300  CmBatt - ok
21:17:37.0536 1300  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:17:37.0555 1300  cmdide - ok
21:17:37.0588 1300  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
21:17:37.0619 1300  CNG - ok
21:17:37.0645 1300  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:17:37.0655 1300  Compbatt - ok
21:17:37.0699 1300  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:17:37.0711 1300  CompositeBus - ok
21:17:37.0727 1300  COMSysApp - ok
21:17:37.0742 1300  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:17:37.0752 1300  crcdisk - ok
21:17:37.0792 1300  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:17:37.0833 1300  CryptSvc - ok
21:17:37.0916 1300  [ 37DDE913951162D715A1726E71E2763A ] DCamUSBET       C:\Windows\system32\DRIVERS\etDevice64.sys
21:17:37.0976 1300  DCamUSBET - ok
21:17:38.0044 1300  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:17:38.0110 1300  DcomLaunch - ok
21:17:38.0141 1300  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:17:38.0188 1300  defragsvc - ok
21:17:38.0220 1300  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:17:38.0270 1300  DfsC - ok
21:17:38.0311 1300  dgderdrv - ok
21:17:38.0348 1300  [ 421D371E96480DD3A14EA37D0D2757D1 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
21:17:38.0373 1300  dg_ssudbus - ok
21:17:38.0421 1300  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:17:38.0490 1300  Dhcp - ok
21:17:38.0527 1300  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:17:38.0587 1300  discache - ok
21:17:38.0620 1300  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:17:38.0632 1300  Disk - ok
21:17:38.0658 1300  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:17:38.0669 1300  Dnscache - ok
21:17:38.0701 1300  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:17:38.0753 1300  dot3svc - ok
21:17:38.0811 1300  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:17:38.0846 1300  Dot4 - ok
21:17:38.0906 1300  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:17:38.0952 1300  Dot4Print - ok
21:17:38.0977 1300  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:17:39.0018 1300  dot4usb - ok
21:17:39.0050 1300  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:17:39.0104 1300  DPS - ok
21:17:39.0139 1300  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:17:39.0185 1300  drmkaud - ok
21:17:39.0245 1300  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:17:39.0280 1300  DXGKrnl - ok
21:17:39.0303 1300  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:17:39.0356 1300  EapHost - ok
21:17:39.0450 1300  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:17:39.0492 1300  ebdrv - ok
21:17:39.0528 1300  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:17:39.0566 1300  EFS - ok
21:17:39.0647 1300  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:17:39.0703 1300  ehRecvr - ok
21:17:39.0735 1300  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:17:39.0771 1300  ehSched - ok
21:17:39.0824 1300  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:17:39.0867 1300  elxstor - ok
21:17:39.0894 1300  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:17:39.0921 1300  ErrDev - ok
21:17:39.0973 1300  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:17:40.0031 1300  EventSystem - ok
21:17:40.0047 1300  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:17:40.0096 1300  exfat - ok
21:17:40.0123 1300  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:17:40.0173 1300  fastfat - ok
21:17:40.0217 1300  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:17:40.0237 1300  Fax - ok
21:17:40.0251 1300  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:17:40.0261 1300  fdc - ok
21:17:40.0293 1300  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:17:40.0338 1300  fdPHost - ok
21:17:40.0357 1300  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:17:40.0431 1300  FDResPub - ok
21:17:40.0447 1300  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:17:40.0457 1300  FileInfo - ok
21:17:40.0468 1300  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:17:40.0513 1300  Filetrace - ok
21:17:40.0545 1300  [ 3182176B36E08F63D94A3BB2E2C55A0B ] FiltUSBET       C:\Windows\system32\DRIVERS\etFilter64.sys
21:17:40.0571 1300  FiltUSBET - ok
21:17:40.0587 1300  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:17:40.0597 1300  flpydisk - ok
21:17:40.0643 1300  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:17:40.0672 1300  FltMgr - ok
21:17:40.0736 1300  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:17:40.0795 1300  FontCache - ok
21:17:40.0846 1300  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:17:40.0855 1300  FontCache3.0.0.0 - ok
21:17:40.0882 1300  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:17:40.0893 1300  FsDepends - ok
21:17:40.0933 1300  [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:17:40.0945 1300  fssfltr - ok
21:17:41.0064 1300  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:17:41.0137 1300  fsssvc - ok
21:17:41.0238 1300  [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk     C:\Windows\SysWOW64\FsUsbExDisk.SYS
21:17:41.0259 1300  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
21:17:41.0259 1300  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
21:17:41.0281 1300  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:17:41.0295 1300  Fs_Rec - ok
21:17:41.0333 1300  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:17:41.0367 1300  fvevol - ok
21:17:41.0392 1300  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:17:41.0402 1300  gagp30kx - ok
21:17:41.0441 1300  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:17:41.0476 1300  gpsvc - ok
21:17:41.0545 1300  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:17:41.0568 1300  gupdate - ok
21:17:41.0584 1300  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:17:41.0593 1300  gupdatem - ok
21:17:41.0601 1300  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:17:41.0626 1300  hcw85cir - ok
21:17:41.0681 1300  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:17:41.0729 1300  HdAudAddService - ok
21:17:41.0777 1300  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:17:41.0797 1300  HDAudBus - ok
21:17:41.0861 1300  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:17:41.0884 1300  HidBatt - ok
21:17:41.0907 1300  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:17:41.0935 1300  HidBth - ok
21:17:41.0988 1300  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:17:42.0009 1300  HidIr - ok
21:17:42.0030 1300  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:17:42.0059 1300  hidserv - ok
21:17:42.0113 1300  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:17:42.0123 1300  HidUsb - ok
21:17:42.0159 1300  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:17:42.0223 1300  hkmsvc - ok
21:17:42.0252 1300  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:17:42.0286 1300  HomeGroupListener - ok
21:17:42.0318 1300  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:17:42.0346 1300  HomeGroupProvider - ok
21:17:42.0455 1300  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:17:42.0488 1300  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:17:42.0488 1300  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:17:42.0509 1300  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:17:42.0534 1300  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:17:42.0534 1300  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:17:42.0587 1300  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:17:42.0602 1300  HpSAMD - ok
21:17:42.0645 1300  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:17:42.0690 1300  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:17:42.0690 1300  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:17:42.0758 1300  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:17:42.0816 1300  HTTP - ok
21:17:42.0841 1300  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:17:42.0852 1300  hwpolicy - ok
21:17:42.0889 1300  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:17:42.0900 1300  i8042prt - ok
21:17:42.0942 1300  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:17:42.0956 1300  iaStorV - ok
21:17:43.0012 1300  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:17:43.0036 1300  idsvc - ok
21:17:43.0062 1300  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:17:43.0073 1300  iirsp - ok
21:17:43.0117 1300  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:17:43.0208 1300  IKEEXT - ok
21:17:43.0303 1300  [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:17:43.0351 1300  IntcAzAudAddService - ok
21:17:43.0363 1300  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:17:43.0372 1300  intelide - ok
21:17:43.0399 1300  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:17:43.0422 1300  intelppm - ok
21:17:43.0456 1300  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:17:43.0486 1300  IPBusEnum - ok
21:17:43.0524 1300  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:17:43.0573 1300  IpFilterDriver - ok
21:17:43.0614 1300  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:17:43.0664 1300  iphlpsvc - ok
21:17:43.0703 1300  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:17:43.0719 1300  IPMIDRV - ok
21:17:43.0738 1300  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:17:43.0791 1300  IPNAT - ok
21:17:43.0814 1300  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:17:43.0846 1300  IRENUM - ok
21:17:43.0861 1300  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:17:43.0871 1300  isapnp - ok
21:17:43.0905 1300  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:17:43.0919 1300  iScsiPrt - ok
21:17:43.0942 1300  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:17:43.0951 1300  kbdclass - ok
21:17:43.0989 1300  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:17:43.0999 1300  kbdhid - ok
21:17:44.0005 1300  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:17:44.0015 1300  KeyIso - ok
21:17:44.0050 1300  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:17:44.0060 1300  KSecDD - ok
21:17:44.0095 1300  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:17:44.0124 1300  KSecPkg - ok
21:17:44.0152 1300  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:17:44.0188 1300  ksthunk - ok
21:17:44.0220 1300  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:17:44.0346 1300  KtmRm - ok
21:17:44.0485 1300  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:17:44.0567 1300  LanmanServer - ok
21:17:44.0601 1300  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:17:44.0648 1300  LanmanWorkstation - ok
21:17:44.0680 1300  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:17:44.0709 1300  lltdio - ok
21:17:44.0738 1300  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:17:44.0792 1300  lltdsvc - ok
21:17:44.0814 1300  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:17:44.0854 1300  lmhosts - ok
21:17:44.0897 1300  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:17:44.0909 1300  LSI_FC - ok
21:17:44.0920 1300  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:17:44.0931 1300  LSI_SAS - ok
21:17:44.0950 1300  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:17:44.0961 1300  LSI_SAS2 - ok
21:17:44.0983 1300  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:17:44.0994 1300  LSI_SCSI - ok
21:17:45.0020 1300  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:17:45.0063 1300  luafv - ok
21:17:45.0108 1300  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:17:45.0143 1300  Mcx2Svc - ok
21:17:45.0168 1300  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:17:45.0190 1300  megasas - ok
21:17:45.0214 1300  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:17:45.0230 1300  MegaSR - ok
21:17:45.0306 1300  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:17:45.0327 1300  Microsoft Office Groove Audit Service - ok
21:17:45.0371 1300  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:17:45.0428 1300  MMCSS - ok
21:17:45.0445 1300  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:17:45.0487 1300  Modem - ok
21:17:45.0530 1300  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:17:45.0542 1300  monitor - ok
21:17:45.0569 1300  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
21:17:45.0579 1300  mouclass - ok
21:17:45.0587 1300  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:17:45.0612 1300  mouhid - ok
21:17:45.0648 1300  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:17:45.0659 1300  mountmgr - ok
21:17:45.0687 1300  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:17:45.0700 1300  mpio - ok
21:17:45.0720 1300  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:17:45.0770 1300  mpsdrv - ok
21:17:45.0817 1300  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:17:45.0885 1300  MpsSvc - ok
21:17:45.0919 1300  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:17:45.0935 1300  MRxDAV - ok
21:17:45.0958 1300  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:17:46.0000 1300  mrxsmb - ok
21:17:46.0020 1300  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:17:46.0032 1300  mrxsmb10 - ok
21:17:46.0054 1300  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:17:46.0078 1300  mrxsmb20 - ok
21:17:46.0115 1300  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:17:46.0125 1300  msahci - ok
21:17:46.0162 1300  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:17:46.0189 1300  msdsm - ok
21:17:46.0219 1300  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:17:46.0249 1300  MSDTC - ok
21:17:46.0281 1300  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:17:46.0344 1300  Msfs - ok
21:17:46.0359 1300  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:17:46.0388 1300  mshidkmdf - ok
21:17:46.0416 1300  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:17:46.0426 1300  msisadrv - ok
21:17:46.0459 1300  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:17:46.0507 1300  MSiSCSI - ok
21:17:46.0510 1300  msiserver - ok
21:17:46.0541 1300  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:17:46.0588 1300  MSKSSRV - ok
21:17:46.0620 1300  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:17:46.0649 1300  MSPCLOCK - ok
21:17:46.0661 1300  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:17:46.0702 1300  MSPQM - ok
21:17:46.0749 1300  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:17:46.0777 1300  MsRPC - ok
21:17:46.0787 1300  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:17:46.0799 1300  mssmbios - ok
21:17:46.0815 1300  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:17:46.0860 1300  MSTEE - ok
21:17:46.0888 1300  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:17:46.0898 1300  MTConfig - ok
21:17:46.0935 1300  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
21:17:46.0943 1300  MTsensor - ok
21:17:46.0965 1300  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:17:46.0975 1300  Mup - ok
21:17:47.0010 1300  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:17:47.0064 1300  napagent - ok
21:17:47.0107 1300  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:17:47.0157 1300  NativeWifiP - ok
21:17:47.0203 1300  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:17:47.0246 1300  NDIS - ok
21:17:47.0273 1300  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:17:47.0302 1300  NdisCap - ok
21:17:47.0320 1300  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:17:47.0364 1300  NdisTapi - ok
21:17:47.0414 1300  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:17:47.0457 1300  Ndisuio - ok
21:17:47.0483 1300  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:17:47.0534 1300  NdisWan - ok
21:17:47.0562 1300  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:17:47.0590 1300  NDProxy - ok
21:17:47.0657 1300  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:17:47.0687 1300  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:17:47.0687 1300  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:17:47.0729 1300  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:17:47.0783 1300  NetBIOS - ok
21:17:47.0827 1300  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:17:47.0897 1300  NetBT - ok
21:17:47.0916 1300  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:17:47.0926 1300  Netlogon - ok
21:17:47.0962 1300  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:17:48.0011 1300  Netman - ok
21:17:48.0085 1300  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:17:48.0110 1300  NetMsmqActivator - ok
21:17:48.0127 1300  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:17:48.0136 1300  NetPipeActivator - ok
21:17:48.0158 1300  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:17:48.0205 1300  netprofm - ok
21:17:48.0209 1300  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:17:48.0218 1300  NetTcpActivator - ok
21:17:48.0221 1300  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:17:48.0231 1300  NetTcpPortSharing - ok
21:17:48.0263 1300  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:17:48.0287 1300  nfrd960 - ok
21:17:48.0333 1300  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:17:48.0359 1300  NlaSvc - ok
21:17:48.0374 1300  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:17:48.0426 1300  Npfs - ok
21:17:48.0464 1300  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:17:48.0496 1300  nsi - ok
21:17:48.0506 1300  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:17:48.0534 1300  nsiproxy - ok
21:17:48.0590 1300  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:17:48.0646 1300  Ntfs - ok
21:17:48.0654 1300  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:17:48.0683 1300  Null - ok
21:17:48.0735 1300  [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
21:17:48.0755 1300  NVHDA - ok
21:17:48.0986 1300  [ 7A711D08F1FD1AB8149B6199F84A0EB7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:17:49.0141 1300  nvlddmkm - ok
21:17:49.0215 1300  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:17:49.0241 1300  nvraid - ok
21:17:49.0257 1300  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:17:49.0270 1300  nvstor - ok
21:17:49.0315 1300  [ B9F3591981D761A5CA1D24C369764D96 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:17:49.0354 1300  nvsvc - ok
21:17:49.0449 1300  [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:17:49.0498 1300  nvUpdatusService - ok
21:17:49.0537 1300  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:17:49.0549 1300  nv_agp - ok
21:17:49.0663 1300  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:17:49.0701 1300  odserv - ok
21:17:49.0722 1300  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:17:49.0746 1300  ohci1394 - ok
21:17:49.0787 1300  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:17:49.0798 1300  ose - ok
21:17:49.0836 1300  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:17:49.0867 1300  p2pimsvc - ok
21:17:49.0905 1300  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:17:49.0943 1300  p2psvc - ok
21:17:49.0982 1300  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:17:49.0993 1300  Parport - ok
21:17:50.0018 1300  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:17:50.0028 1300  partmgr - ok
21:17:50.0037 1300  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:17:50.0074 1300  PcaSvc - ok
21:17:50.0108 1300  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:17:50.0121 1300  pci - ok
21:17:50.0156 1300  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:17:50.0180 1300  pciide - ok
21:17:50.0199 1300  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:17:50.0214 1300  pcmcia - ok
21:17:50.0226 1300  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:17:50.0236 1300  pcw - ok
21:17:50.0261 1300  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:17:50.0314 1300  PEAUTH - ok
21:17:50.0394 1300  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:17:50.0432 1300  PerfHost - ok
21:17:50.0486 1300  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:17:50.0575 1300  pla - ok
21:17:50.0622 1300  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:17:50.0636 1300  PlugPlay - ok
21:17:50.0690 1300  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:17:50.0710 1300  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:17:50.0710 1300  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:17:50.0746 1300  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:17:50.0761 1300  PNRPAutoReg - ok
21:17:50.0780 1300  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:17:50.0798 1300  PNRPsvc - ok
21:17:50.0844 1300  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:17:50.0915 1300  PolicyAgent - ok
21:17:50.0943 1300  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:17:50.0998 1300  Power - ok
21:17:51.0038 1300  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:17:51.0067 1300  PptpMiniport - ok
21:17:51.0085 1300  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:17:51.0095 1300  Processor - ok
21:17:51.0132 1300  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:17:51.0157 1300  ProfSvc - ok
21:17:51.0182 1300  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:17:51.0193 1300  ProtectedStorage - ok
21:17:51.0231 1300  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:17:51.0261 1300  Psched - ok
21:17:51.0311 1300  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:17:51.0381 1300  ql2300 - ok
21:17:51.0397 1300  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:17:51.0409 1300  ql40xx - ok
21:17:51.0428 1300  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:17:51.0445 1300  QWAVE - ok
21:17:51.0459 1300  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:17:51.0495 1300  QWAVEdrv - ok
21:17:51.0513 1300  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:17:51.0564 1300  RasAcd - ok
21:17:51.0602 1300  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:17:51.0646 1300  RasAgileVpn - ok
21:17:51.0663 1300  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:17:51.0711 1300  RasAuto - ok
21:17:51.0749 1300  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:17:51.0794 1300  Rasl2tp - ok
21:17:51.0831 1300  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:17:51.0901 1300  RasMan - ok
21:17:51.0935 1300  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:17:51.0964 1300  RasPppoe - ok
21:17:51.0992 1300  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:17:52.0041 1300  RasSstp - ok
21:17:52.0082 1300  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:17:52.0146 1300  rdbss - ok
21:17:52.0163 1300  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:17:52.0175 1300  rdpbus - ok
21:17:52.0185 1300  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:17:52.0214 1300  RDPCDD - ok
21:17:52.0233 1300  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:17:52.0278 1300  RDPENCDD - ok
21:17:52.0294 1300  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:17:52.0342 1300  RDPREFMP - ok
21:17:52.0433 1300  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:17:52.0470 1300  RdpVideoMiniport - ok
21:17:52.0504 1300  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:17:52.0515 1300  RDPWD - ok
21:17:52.0585 1300  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:17:52.0615 1300  rdyboost - ok
21:17:52.0648 1300  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:17:52.0682 1300  RemoteAccess - ok
21:17:52.0704 1300  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:17:52.0758 1300  RemoteRegistry - ok
21:17:52.0786 1300  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:17:52.0834 1300  RpcEptMapper - ok
21:17:52.0867 1300  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:17:52.0878 1300  RpcLocator - ok
21:17:52.0908 1300  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:17:52.0940 1300  RpcSs - ok
21:17:52.0970 1300  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:17:52.0999 1300  rspndr - ok
21:17:53.0049 1300  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:17:53.0083 1300  RTL8167 - ok
21:17:53.0093 1300  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:17:53.0104 1300  SamSs - ok
21:17:53.0140 1300  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:17:53.0151 1300  sbp2port - ok
21:17:53.0187 1300  [ FF3E9E410BAF2E210401CF6B455EF138 ] ScanUSBET       C:\Windows\system32\DRIVERS\etScan64.sys
21:17:53.0207 1300  ScanUSBET - ok
21:17:53.0241 1300  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:17:53.0274 1300  SCardSvr - ok
21:17:53.0306 1300  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:17:53.0354 1300  scfilter - ok
21:17:53.0417 1300  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:17:53.0469 1300  Schedule - ok
21:17:53.0509 1300  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:17:53.0557 1300  SCPolicySvc - ok
21:17:53.0589 1300  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:17:53.0602 1300  SDRSVC - ok
21:17:53.0619 1300  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:17:53.0660 1300  secdrv - ok
21:17:53.0690 1300  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:17:53.0737 1300  seclogon - ok
21:17:53.0766 1300  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:17:53.0815 1300  SENS - ok
21:17:53.0837 1300  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:17:53.0847 1300  SensrSvc - ok
21:17:53.0869 1300  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:17:53.0879 1300  Serenum - ok
21:17:53.0897 1300  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:17:53.0930 1300  Serial - ok
21:17:53.0960 1300  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:17:53.0981 1300  sermouse - ok
21:17:54.0028 1300  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:17:54.0085 1300  SessionEnv - ok
21:17:54.0119 1300  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:17:54.0131 1300  sffdisk - ok
21:17:54.0146 1300  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:17:54.0170 1300  sffp_mmc - ok
21:17:54.0202 1300  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:17:54.0231 1300  sffp_sd - ok
21:17:54.0260 1300  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:17:54.0280 1300  sfloppy - ok
21:17:54.0312 1300  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:17:54.0365 1300  SharedAccess - ok
21:17:54.0404 1300  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:17:54.0451 1300  ShellHWDetection - ok
21:17:54.0475 1300  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:17:54.0485 1300  SiSRaid2 - ok
21:17:54.0499 1300  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:17:54.0510 1300  SiSRaid4 - ok
21:17:54.0566 1300  [ 875B04A71869D34A415CC8B4D4673EC4 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:17:54.0591 1300  SkypeUpdate - ok
21:17:54.0624 1300  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:17:54.0656 1300  Smb - ok
21:17:54.0701 1300  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:17:54.0713 1300  SNMPTRAP - ok
21:17:54.0730 1300  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:17:54.0740 1300  spldr - ok
21:17:54.0772 1300  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:17:54.0788 1300  Spooler - ok
21:17:54.0895 1300  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:17:55.0064 1300  sppsvc - ok
21:17:55.0083 1300  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:17:55.0113 1300  sppuinotify - ok
21:17:55.0144 1300  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:17:55.0200 1300  srv - ok
21:17:55.0223 1300  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:17:55.0240 1300  srv2 - ok
21:17:55.0254 1300  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:17:55.0266 1300  srvnet - ok
21:17:55.0294 1300  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:17:55.0327 1300  SSDPSRV - ok
21:17:55.0335 1300  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:17:55.0378 1300  SstpSvc - ok
21:17:55.0427 1300  [ A97BFF59B3B983FDBDCD8AE6CF3C1E2D ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
21:17:55.0439 1300  ssudmdm - ok
21:17:55.0529 1300  [ 0887B293199AA2055888FABA989ED0A6 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:17:55.0556 1300  Stereo Service - ok
21:17:55.0591 1300  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:17:55.0601 1300  stexstor - ok
21:17:55.0657 1300  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:17:55.0698 1300  stisvc - ok
21:17:55.0733 1300  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:17:55.0758 1300  swenum - ok
21:17:55.0794 1300  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:17:55.0851 1300  swprv - ok
21:17:55.0910 1300  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:17:55.0964 1300  SysMain - ok
21:17:55.0992 1300  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:17:56.0030 1300  TabletInputService - ok
21:17:56.0063 1300  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:17:56.0122 1300  TapiSrv - ok
21:17:56.0137 1300  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:17:56.0167 1300  TBS - ok
21:17:56.0262 1300  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:17:56.0303 1300  Tcpip - ok
21:17:56.0359 1300  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:17:56.0404 1300  TCPIP6 - ok
21:17:56.0446 1300  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:17:56.0455 1300  tcpipreg - ok
21:17:56.0483 1300  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:17:56.0514 1300  TDPIPE - ok
21:17:56.0549 1300  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:17:56.0572 1300  TDTCP - ok
21:17:56.0619 1300  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:17:56.0666 1300  tdx - ok
21:17:56.0690 1300  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:17:56.0699 1300  TermDD - ok
21:17:56.0724 1300  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:17:56.0761 1300  TermService - ok
21:17:56.0787 1300  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:17:56.0801 1300  Themes - ok
21:17:56.0826 1300  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:17:56.0855 1300  THREADORDER - ok
21:17:56.0876 1300  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:17:56.0908 1300  TrkWks - ok
21:17:56.0968 1300  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:17:57.0026 1300  TrustedInstaller - ok
21:17:57.0057 1300  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:17:57.0086 1300  tssecsrv - ok
21:17:57.0126 1300  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:17:57.0163 1300  TsUsbFlt - ok
21:17:57.0211 1300  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:17:57.0265 1300  tunnel - ok
21:17:57.0298 1300  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:17:57.0320 1300  uagp35 - ok
21:17:57.0360 1300  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:17:57.0428 1300  udfs - ok
21:17:57.0471 1300  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:17:57.0507 1300  UI0Detect - ok
21:17:57.0522 1300  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:17:57.0534 1300  uliagpkx - ok
21:17:57.0576 1300  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:17:57.0618 1300  umbus - ok
21:17:57.0651 1300  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:17:57.0665 1300  UmPass - ok
21:17:57.0689 1300  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:17:57.0731 1300  upnphost - ok
21:17:57.0783 1300  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:17:57.0810 1300  usbaudio - ok
21:17:57.0821 1300  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:17:57.0846 1300  usbccgp - ok
21:17:57.0878 1300  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:17:57.0891 1300  usbcir - ok
21:17:57.0906 1300  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:17:57.0916 1300  usbehci - ok
21:17:57.0941 1300  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:17:57.0953 1300  usbhub - ok
21:17:57.0962 1300  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:17:57.0984 1300  usbohci - ok
21:17:58.0014 1300  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:17:58.0046 1300  usbprint - ok
21:17:58.0077 1300  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:17:58.0089 1300  usbscan - ok
21:17:58.0107 1300  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:17:58.0143 1300  USBSTOR - ok
21:17:58.0161 1300  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:17:58.0171 1300  usbuhci - ok
21:17:58.0196 1300  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:17:58.0239 1300  UxSms - ok
21:17:58.0260 1300  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:17:58.0271 1300  VaultSvc - ok
21:17:58.0312 1300  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:17:58.0335 1300  vdrvroot - ok
21:17:58.0372 1300  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:17:58.0413 1300  vds - ok
21:17:58.0443 1300  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:17:58.0455 1300  vga - ok
21:17:58.0458 1300  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:17:58.0487 1300  VgaSave - ok
21:17:58.0521 1300  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:17:58.0552 1300  vhdmp - ok
21:17:58.0571 1300  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:17:58.0581 1300  viaide - ok
21:17:58.0610 1300  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:17:58.0631 1300  volmgr - ok
21:17:58.0678 1300  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:17:58.0713 1300  volmgrx - ok
21:17:58.0737 1300  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:17:58.0765 1300  volsnap - ok
21:17:58.0785 1300  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:17:58.0798 1300  vsmraid - ok
21:17:58.0850 1300  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:17:58.0918 1300  VSS - ok
21:17:58.0927 1300  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:17:58.0939 1300  vwifibus - ok
21:17:58.0980 1300  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:17:59.0048 1300  W32Time - ok
21:17:59.0067 1300  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:17:59.0077 1300  WacomPen - ok
21:17:59.0124 1300  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:17:59.0179 1300  WANARP - ok
21:17:59.0182 1300  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:17:59.0210 1300  Wanarpv6 - ok
21:17:59.0268 1300  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:17:59.0353 1300  wbengine - ok
21:17:59.0398 1300  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:17:59.0431 1300  WbioSrvc - ok
21:17:59.0466 1300  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:17:59.0503 1300  wcncsvc - ok
21:17:59.0518 1300  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:17:59.0532 1300  WcsPlugInService - ok
21:17:59.0554 1300  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:17:59.0564 1300  Wd - ok
21:17:59.0602 1300  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:17:59.0629 1300  Wdf01000 - ok
21:17:59.0643 1300  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:17:59.0659 1300  WdiServiceHost - ok
21:17:59.0662 1300  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:17:59.0678 1300  WdiSystemHost - ok
21:17:59.0709 1300  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:17:59.0728 1300  WebClient - ok
21:17:59.0749 1300  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:17:59.0782 1300  Wecsvc - ok
21:17:59.0795 1300  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:17:59.0826 1300  wercplsupport - ok
21:17:59.0857 1300  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:17:59.0908 1300  WerSvc - ok
21:17:59.0940 1300  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:17:59.0969 1300  WfpLwf - ok
21:17:59.0998 1300  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:18:00.0008 1300  WIMMount - ok
21:18:00.0026 1300  WinDefend - ok
21:18:00.0037 1300  WinHttpAutoProxySvc - ok
21:18:00.0098 1300  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:18:00.0157 1300  Winmgmt - ok
21:18:00.0239 1300  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:18:00.0362 1300  WinRM - ok
21:18:00.0429 1300  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:18:00.0454 1300  WinUsb - ok
21:18:00.0489 1300  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:18:00.0540 1300  Wlansvc - ok
21:18:00.0664 1300  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:18:00.0741 1300  wlidsvc - ok
21:18:00.0779 1300  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:18:00.0816 1300  WmiAcpi - ok
21:18:00.0850 1300  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:18:00.0887 1300  wmiApSrv - ok
21:18:00.0928 1300  WMPNetworkSvc - ok
21:18:00.0959 1300  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:18:00.0979 1300  WPCSvc - ok
21:18:01.0005 1300  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:18:01.0022 1300  WPDBusEnum - ok
21:18:01.0046 1300  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:18:01.0076 1300  ws2ifsl - ok
21:18:01.0091 1300  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:18:01.0108 1300  wscsvc - ok
21:18:01.0111 1300  WSearch - ok
21:18:01.0171 1300  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:18:01.0247 1300  wuauserv - ok
21:18:01.0279 1300  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:18:01.0289 1300  WudfPf - ok
21:18:01.0328 1300  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:18:01.0350 1300  WUDFRd - ok
21:18:01.0392 1300  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:18:01.0413 1300  wudfsvc - ok
21:18:01.0448 1300  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:18:01.0483 1300  WwanSvc - ok
21:18:01.0495 1300  ================ Scan global ===============================
21:18:01.0530 1300  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:18:01.0563 1300  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:18:01.0571 1300  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:18:01.0597 1300  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:18:01.0629 1300  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:18:01.0632 1300  [Global] - ok
21:18:01.0634 1300  ================ Scan MBR ==================================
21:18:01.0646 1300  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:18:01.0979 1300  \Device\Harddisk0\DR0 - ok
21:18:01.0979 1300  ================ Scan VBR ==================================
21:18:01.0983 1300  [ 2ED5F64087D874D22C41BF932B0F9078 ] \Device\Harddisk0\DR0\Partition1
21:18:01.0984 1300  \Device\Harddisk0\DR0\Partition1 - ok
21:18:02.0012 1300  [ C9EBA213A159E56B7AD8BEB16EF8B6D4 ] \Device\Harddisk0\DR0\Partition2
21:18:02.0013 1300  \Device\Harddisk0\DR0\Partition2 - ok
21:18:02.0036 1300  [ C7B81AA9E9656DA12D3FA08C41D63E09 ] \Device\Harddisk0\DR0\Partition3
21:18:02.0037 1300  \Device\Harddisk0\DR0\Partition3 - ok
21:18:02.0060 1300  [ A5F426B8C20347DDA7282A7E5B4881FC ] \Device\Harddisk0\DR0\Partition4
21:18:02.0061 1300  \Device\Harddisk0\DR0\Partition4 - ok
21:18:02.0063 1300  ============================================================
21:18:02.0063 1300  Scan finished
21:18:02.0063 1300  ============================================================
21:18:02.0072 8544  Detected object count: 6
21:18:02.0072 8544  Actual detected object count: 6
21:18:13.0531 8544  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:13.0531 8544  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:18:13.0532 8544  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:13.0532 8544  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:18:13.0534 8544  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:13.0534 8544  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:18:13.0534 8544  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:13.0534 8544  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:18:13.0535 8544  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:13.0535 8544  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:18:13.0536 8544  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:13.0536 8544  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Wollte nur auf Nummer sicher gehen! Hat 6 Sachen gefunden!

Antwort

Themen zu AVG findet Invisible IFrame Infection Attack
administrator, anti-malware, appdata, autostart, avg, betriebssystem, browser, code, datei, dateien, erkannt, explorer, firefox, google, home, internet, internet browser, internet explorer, malwarebytes, mozilla, ordner, registrierungsdatenbank, roaming, seite, seiten, speicher, windows



Ähnliche Themen: AVG findet Invisible IFrame Infection Attack


  1. ddos-attack
    Antiviren-, Firewall- und andere Schutzprogramme - 29.07.2014 (4)
  2. Avast findet Trojaner "JS:Iframe-ZU"
    Plagegeister aller Art und deren Bekämpfung - 18.02.2013 (13)
  3. Antivir findet EXP/JS.Iframe.AL
    Plagegeister aller Art und deren Bekämpfung - 07.04.2012 (27)
  4. OS Attack: MS RPCSS Attack CVE-2004-0116 2 ; svchost
    Log-Analyse und Auswertung - 06.07.2011 (4)
  5. Mögliche infection
    Mülltonne - 26.11.2008 (0)
  6. b7128893a1258aab.exe nach TR-Attack
    Plagegeister aller Art und deren Bekämpfung - 25.11.2008 (0)
  7. Spyware Infection
    Log-Analyse und Auswertung - 05.11.2008 (5)
  8. Logitech Attack 3
    Netzwerk und Hardware - 17.08.2008 (5)
  9. Zlob infection, simulieren.
    Plagegeister aller Art und deren Bekämpfung - 27.07.2007 (4)
  10. ,,Infection Detected!!!´´
    Plagegeister aller Art und deren Bekämpfung - 09.03.2007 (16)
  11. DCOM Exploit attack!!!!!!!!!!!
    Plagegeister aller Art und deren Bekämpfung - 12.12.2006 (3)
  12. Spyware Infection :o(
    Mülltonne - 29.06.2006 (1)
  13. Spyware infection
    Plagegeister aller Art und deren Bekämpfung - 29.01.2006 (3)
  14. Spyware Infection
    Plagegeister aller Art und deren Bekämpfung - 18.12.2005 (1)
  15. Spyware Infection
    Plagegeister aller Art und deren Bekämpfung - 08.12.2005 (2)
  16. DDOS Attack ?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2005 (3)
  17. DoS-Attack ?!
    Plagegeister aller Art und deren Bekämpfung - 01.03.2004 (5)

Zum Thema AVG findet Invisible IFrame Infection Attack - Hallo, mein AVG findet eine Invisible IFrame Infection Attack (type 1707), wenn ich e*ay besuche. Dort steht immer Bedrohung erkannt und entfernt, aber es poppt immer auf, wenn ich e*ay - AVG findet Invisible IFrame Infection Attack...
Archiv
Du betrachtest: AVG findet Invisible IFrame Infection Attack auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.