| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HILFEE!! Virus - System Care AntivirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.06.2013, 01:07
| #1 |
 |  HILFEE!! Virus - System Care Antivirus Hallo! Bitte bitte helft mir! Also, vor ca. 2 Stunden ging bei mir aufeinmal alles zu und "System Care Antivirus" hat sich geöffnet. Aus Panik hab ich dann gegooglet und "SpyHunter" runtergeladen, was ja aber auch nichts bringt, wie ich gelesen habe. Wie bekomme ich die beiden Sachen jetzt wieder runter? In einigen Threads habe ich schon nachgelesen, da wurden ja Log Dateien erstellt. Allerdings habe ich nicht sehr viele PC - Kenntnisse, weiß also nicht einmal, was Log Datei bedeutet. Außerdem habe ich Angst, dass ich meine Daten dadurch verliere. Kann das passieren?   |
|
14.06.2013, 01:09
| #2 |
| /// Malware-holic   |  HILFEE!! Virus - System Care Antivirus Hi,
__________________wenn du einen zweiten PC hast dann lade von dem das folgene Programm, und kopiere die logs dann hier her. starte das infizierte System neu, drücke f8 und wähle den abgesicherten modus. aber Ergebnisse sehe ich mir erst heute mittag an. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
14.06.2013, 02:16
| #3 |
| | HILFEE!! Virus - System Care Antivirus Hallo! Vielen Dank schon mal!
__________________Hab das mal alles gemacht. OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.06.2013 02:44:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johanna\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 82,47% Memory free 15,76 Gb Paging File | 14,39 Gb Available in Paging File | 91,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 860,15 Gb Free Space | 92,34% Space Free | Partition Type: NTFS Computer Name: JOHANNA-LAPTOP | User Name: Johanna | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.14 02:15:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.05.02 16:33:20 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.11 23:33:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.09 21:07:23 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.06 00:54:04 | 001,900,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.07 16:19:12 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2013.04.01 04:28:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.01 04:28:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.08 07:03:50 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2013.01.27 10:33:36 | 000,029,696 | ---- | M] () [Auto | Stopped] -- C:\Programme\ColdTurkey\kctrp_srv.exe -- (KCTRP) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS) SRV - [2012.09.17 07:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.05.23 18:16:54 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.05.14 18:27:52 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.05.14 18:27:48 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.05.14 18:27:32 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.26 06:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.02.26 06:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.02.26 06:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.02.26 06:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.02.18 16:57:30 | 000,035,328 | ---- | M] () [Auto | Stopped] -- c:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.01 04:28:19 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.01 04:28:19 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.01 04:28:19 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symds64.sys -- (SymDS) DRV:64bit: - [2012.12.13 21:22:04 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.09.12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.10 04:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2012.06.22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner) DRV:64bit: - [2012.05.20 15:04:18 | 014,759,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.05.20 03:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.05.20 03:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.05.20 03:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.05.08 16:06:42 | 000,293,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR) DRV:64bit: - [2012.05.02 16:33:12 | 002,196,592 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2012.03.08 23:41:16 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.20 13:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2011.12.05 07:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.09 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.15 22:14:56 | 001,393,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.12.31 12:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.01.17 21:54:44 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130314.004\ex64.sys -- (NAVEX15) DRV - [2013.01.17 21:54:44 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130314.004\eng64.sys -- (NAVENG) DRV - [2013.01.16 04:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.12.12 17:47:40 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130312.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.18 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.18 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F555907E-8338-4918-9BF3-1EA0AFC350B0} IE:64bit: - HKLM\..\SearchScopes\{F555907E-8338-4918-9BF3-1EA0AFC350B0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {53F59F42-1862-4B77-B0B7-486BF13854E3} IE - HKLM\..\SearchScopes\{53F59F42-1862-4B77-B0B7-486BF13854E3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {64F14CB3-C274-4D8E-8DAA-77FC9ABE3361} IE - HKCU\..\SearchScopes\{64F14CB3-C274-4D8E-8DAA-77FC9ABE3361}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Johanna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2012.12.13 21:22:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013.06.14 02:38:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.08 03:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions [2013.06.09 21:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.09 21:07:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Johanna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - Extension: Entanglement = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: Google Docs = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Papas hei\u00DFen Doggeria = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfddkandeokkoiokpcgogdekgichblm\1.1_0\ CHR - Extension: YouTube = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Planeto Quiz = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\caekfgjhgmkgdhbiaikgdbpldepnkchg\1.0.5_0\ CHR - Extension: Music Quiz = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmifkomnnmbnegdnmggpdgphkfcldpf\1.0.0.1_0\ CHR - Extension: Google-Suche = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Learn Italian - Molto Bene = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe\1.46_0\ CHR - Extension: Parking Mania\u2122 = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliaancdkclmoacockpgpcopnfcjgmpe\1.0.0.0_0\ CHR - Extension: Little Alchemy light = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlinaifoeodggjcfoonifcjppkklkdkd\0.0.4_0\ CHR - Extension: Scrapbook = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihabipakbgncingdhhdidlbhneeicne\1.1.12_0\ CHR - Extension: Wer Wird Reich = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaokiilabbppnfohemcndaglpknfegld\0.3_0\ CHR - Extension: Learn Italian with: Italian TalkPad = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhmlplgdfbmgiencliglheddeoffoip\1.2.2_0\ CHR - Extension: Pathuku = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb\1.24.0.0_0\ CHR - Extension: Snakes = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jacpoliedopniegkhphlcjhkomkohdmm\1.0_0\ CHR - Extension: Who said this quote?: a quiz game = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeohnccjdegbjjhkpdlcgnjmmfhagbed\2.0_0\ CHR - Extension: Eingabe-Test - KeyHero = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm\1.4.0_0\ CHR - Extension: Webcam Toy = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.4_0\ CHR - Extension: Sketch W Friends = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgfbgpfpnlgcgjbfmimhkedgjmcdolaj\1.0.0.0_0\ CHR - Extension: Norton Identity Protection = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\ CHR - Extension: Google Play Books = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.8_0\ CHR - Extension: Mural.ly = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhlnnalackljjehlfocmheepffkiihf\1.5_0\ CHR - Extension: Google Mail = C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.06.14 01:50:11 | 000,000,879 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CECAPLF] C:\Program Files (x86)\ChiconyCam\CECAPLF.exe (Chicony) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ColdTurkey_notify] C:\Programme\ColdTurkey\ct_notify.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [Sitecom Control Center] C:\Program Files (x86)\Sitecom\MFP Server Control Center\Control Center.exe () O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\RunOnce: [Uninstall C:\Users\Johanna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Johanna\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk = C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1356876373011 (MUCatalogWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.121.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{287495BA-C438-4D32-B8D2-C6257B40EC1F}: DhcpNameServer = 192.168.121.253 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.06.14 00:18:59 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2013.06.14 02:15:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe [2013.06.14 00:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2013.06.14 00:36:53 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013.06.14 00:18:31 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.06.14 00:18:30 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.06.14 00:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.06.14 00:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.06.14 00:04:56 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.06.13 23:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AD0143DF9B4E72F00000AD0096E77B67 [2013.06.13 21:13:50 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\JBO BILDER [2013.06.13 16:35:43 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Documents\OneNote-Notizbücher [2013.06.13 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Documents\Outlook-Dateien [2013.06.09 21:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.08 01:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.06.08 01:18:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.06.05 22:43:09 | 000,000,000 | R--D | C] -- C:\Users\Johanna\AppData\Roaming\Brother [2013.06.05 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Local\Unity [2013.06.05 20:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ColdTurkey [2013.06.05 20:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\ColdTurkey [2013.06.05 19:59:49 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Local\Programs [2013.06.04 02:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.06.04 02:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.06.04 02:26:45 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Local\Google [2013.06.04 02:26:29 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Local\Apps [2013.06.04 02:26:28 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Local\Deployment [2013.05.23 16:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2013.05.23 15:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.14 02:42:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.14 02:42:17 | 2050,248,703 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 02:41:34 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 02:41:34 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 02:39:31 | 000,001,951 | ---- | M] () -- C:\Users\Johanna\Desktop\Dokument.rtf [2013.06.14 02:35:44 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.14 02:15:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe [2013.06.14 01:50:11 | 000,000,879 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.14 01:33:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.14 01:32:24 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.14 01:31:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-64460349-3600327859-1846462070-1000UA.job [2013.06.14 00:36:56 | 000,001,264 | ---- | M] () -- C:\Users\Johanna\Desktop\Revo Uninstaller.lnk [2013.06.14 00:18:59 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.06.14 00:18:31 | 000,002,258 | ---- | M] () -- C:\Users\Johanna\Desktop\SpyHunter.lnk [2013.06.14 00:04:56 | 000,002,048 | ---- | M] () -- C:\Users\Johanna\Desktop\System Care Antivirus.lnk [2013.06.13 21:31:41 | 000,001,099 | ---- | M] () -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013.06.13 19:31:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-64460349-3600327859-1846462070-1000Core.job [2013.06.13 14:53:43 | 001,645,398 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.13 14:53:43 | 000,702,440 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.13 14:53:43 | 000,655,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.13 14:53:43 | 000,149,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.13 14:53:43 | 000,122,520 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.11 17:01:45 | 000,000,466 | ---- | M] () -- C:\Users\Johanna\AppData\Roaming\ceccam11.ini [2013.06.08 01:51:58 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.06 20:33:36 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.05 20:00:06 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\ColdTurkey.lnk [2013.05.28 23:59:05 | 000,000,985 | ---- | M] () -- C:\Users\Johanna\Desktop\Dropbox.lnk [2013.05.23 16:06:08 | 000,002,944 | ---- | M] () -- C:\Windows\BRPARAM.INI [2013.05.21 01:47:13 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.21 01:47:12 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.16 09:02:32 | 002,098,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.14 02:39:31 | 000,001,951 | ---- | C] () -- C:\Users\Johanna\Desktop\Dokument.rtf [2013.06.14 00:36:56 | 000,001,264 | ---- | C] () -- C:\Users\Johanna\Desktop\Revo Uninstaller.lnk [2013.06.14 00:18:59 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.06.14 00:18:39 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys [2013.06.14 00:18:31 | 000,002,258 | ---- | C] () -- C:\Users\Johanna\Desktop\SpyHunter.lnk [2013.06.14 00:04:56 | 000,002,048 | ---- | C] () -- C:\Users\Johanna\Desktop\System Care Antivirus.lnk [2013.06.13 16:35:53 | 000,001,099 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013.06.05 20:00:05 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\ColdTurkey.lnk [2013.06.04 02:28:11 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.04 02:27:03 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.04 02:27:01 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.23 16:06:02 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI [2013.05.21 01:47:13 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.21 01:47:12 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.12.30 15:03:35 | 000,006,656 | ---- | C] () -- C:\Windows\SysWow64\CNMVS5m.DLL [2012.12.13 23:49:16 | 000,000,466 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\ceccam11.ini [2012.12.10 17:21:08 | 001,645,398 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.15 02:03:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.11.15 02:03:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.09.27 13:04:15 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.09.27 13:04:14 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.09.27 13:04:13 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.09.27 13:04:12 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.31 16:07:48 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Amazon [2012.12.30 03:31:15 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Audacity [2013.06.13 23:04:28 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Dropbox [2012.12.30 04:15:55 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\MakeMusic [2013.03.11 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\OpenCandy [2013.05.02 17:49:07 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PhotoScape [2013.05.30 17:29:57 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Spotify [2013.05.29 03:53:35 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\TS3Client [2013.03.11 23:28:09 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < <HTML><META HTTP-EQUIV="content-type" CONTENT="text/html;charset=utf-8"> > [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013.01.12 20:26:04 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-64460349-3600327859-1846462070-1000Core.job [2013.01.12 20:26:05 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-64460349-3600327859-1846462070-1000UA.job [2013.01.14 05:22:18 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.06.04 02:27:01 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013.06.04 02:27:03 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < > < <p style="MARGIN: 5px 20px 20px"><PRE class=alt2 style="OVERFLOW: auto; BORDER-TOP: 1px inset; HEIGHT: 498px; BORDER-RIGHT: 1px inset; BORDER-BOTTOM: 1px inset; PADDING-BOTTOM: 6px; TEXT-ALIGN: left; PADDING-TOP: 6px; PADDING-LEFT: 6px; MARGIN: 0px; BORDER-LEFT: 1px inset; PADDING-RIGHT: 6px; WIDTH: 800px" dir=ltr>activex > < %SYSTEMDRIVE%\*. > [2012.12.13 19:51:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.30 15:02:57 | 000,000,000 | -H-D | M] -- C:\BJPrinter [2012.12.10 17:10:50 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.12.13 19:50:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.12.10 17:00:14 | 000,000,000 | ---D | M] -- C:\Driver [2012.12.10 17:00:47 | 000,000,000 | ---D | M] -- C:\Inst [2012.12.10 17:25:51 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.06.14 00:18:30 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.14 00:36:53 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.06.13 23:58:53 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.12.13 19:50:50 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.30 03:49:55 | 000,000,000 | ---D | M] -- C:\PSFONTS [2012.12.13 19:50:50 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.06.14 00:18:58 | 000,000,000 | ---D | M] -- C:\sh4ldr [2012.12.12 12:34:26 | 000,000,000 | ---D | M] -- C:\SYSPREP [2013.06.14 02:18:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.13 19:50:57 | 000,000,000 | R--D | M] -- C:\Users [2013.06.14 02:30:51 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.06.14 02:41:32 | 004,718,592 | -HS- | M] () -- C:\Users\Johanna\NTUSER.DAT [2013.06.14 02:41:32 | 000,262,144 | -HS- | M] () -- C:\Users\Johanna\ntuser.dat.LOG1 [2012.12.13 19:50:58 | 000,000,000 | -HS- | M] () -- C:\Users\Johanna\ntuser.dat.LOG2 [2012.12.14 00:07:43 | 000,065,536 | -HS- | M] () -- C:\Users\Johanna\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.12.14 00:07:43 | 000,524,288 | -HS- | M] () -- C:\Users\Johanna\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.12.14 00:07:43 | 000,524,288 | -HS- | M] () -- C:\Users\Johanna\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.13 19:50:58 | 000,000,020 | -HS- | M] () -- C:\Users\Johanna\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < </PRE></DIV> > Invalid Switch: DIV> < <UL> > < <LI>Schliesse bitte nun alle Programme. (<FONT color=red>Wichtig</FONT>) > Invalid Switch: FONT>) < <LI>Klicke nun bitte auf den <B><FONT color=purple>Quick Scan</FONT></B> Button. > Invalid Switch: B> Button. < </LI></UL> > Invalid Switch: UL> < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.06.2013 02:44:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johanna\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 82,47% Memory free
15,76 Gb Paging File | 14,39 Gb Available in Paging File | 91,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 860,15 Gb Free Space | 92,34% Space Free | Partition Type: NTFS
Computer Name: JOHANNA-LAPTOP | User Name: Johanna | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11DF4A20-08E1-4040-BCAD-9FAE791E5FEA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{12603F6C-3D52-484A-B066-A8B1DBCE6277}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{194D8776-0F27-412B-8B0C-C85712A87778}" = rport=137 | protocol=17 | dir=out | app=system |
"{3F5770F8-2369-4DC0-ACE1-2BD8B972CEA9}" = lport=139 | protocol=6 | dir=in | app=system |
"{48C39D7A-2A5A-4BA2-9E41-7CC1FD695840}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54F2E201-4D19-49FF-93C8-009FB9E25C2D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{60E094A7-CB6E-4671-85E3-943B968236E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{69A63E2F-78A0-4D3B-B088-AA7B3BB89A60}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6AC4A01F-F6C2-4A9D-8C89-7865C32A3285}" = rport=138 | protocol=17 | dir=out | app=system |
"{70105D3B-341C-4438-B9D3-5D65A4A36942}" = lport=445 | protocol=6 | dir=in | app=system |
"{7780E2BF-A312-4203-AE2A-D003B774CD18}" = lport=138 | protocol=17 | dir=in | app=system |
"{8681FD56-CD2B-4915-B614-EE28DF81E14E}" = rport=445 | protocol=6 | dir=out | app=system |
"{8B3F69DB-9606-4B9F-9F54-8E6A08091B46}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{98D20E2D-D609-4C37-92A9-843806D5AC49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE3A595F-8978-4CB7-95D6-912EE49936B6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BB3DAE32-95B5-45AC-A8D6-6FE8252E8FE2}" = lport=7303 | protocol=17 | dir=in | name=control center udp port |
"{E1B017C8-69EB-4238-BDA6-E4431E11951E}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA0B6904-E993-4D4D-8FAE-C5E73C552FA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB1219BC-3343-4B72-B38D-E76CA8A838B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AEBC91-832F-4C23-873B-E7C157F386CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{098EDCE2-92CC-46D5-8DE4-4EA50AC97DEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0AF76EE5-86B2-469F-BDB6-9056AE4858F7}" = protocol=6 | dir=in | app=c:\program files (x86)\sitecom\mfp server control center\control center.exe |
"{124526C0-D63B-4C8C-BE54-392FFC63BFB8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1C018E06-D6E1-48B5-B9FA-9323C0C7081E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2855B726-B04A-481A-ADAE-DA3CBBF6ACA4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29F036B0-14BB-4F31-9F10-E17A1AFDA1F2}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
"{63DEC963-D62A-4432-9D9B-15DF13E7278A}" = protocol=6 | dir=in | app=c:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe |
"{644AEC01-8C46-4F89-9B54-308ED231BE13}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{76150BE7-2D81-47CE-8BF7-E4D51A83FA51}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{76D72C8E-3496-49B5-8443-B29261FB8266}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{784B0126-D155-4C45-8355-43A32B527740}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7F844C5D-B1B7-4A3D-80C9-E90F5184A7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B04361B4-C36E-4147-9585-336D18B34C72}" = protocol=17 | dir=in | app=c:\program files (x86)\sitecom\mfp server control center\control center.exe |
"{B64D8EB4-6E05-462D-8EA2-BD1C198FF04C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C34B3737-9950-4F0A-83F9-ACA4E632F827}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CBE783BF-B052-46F0-875C-019CA0DDAAD7}" = protocol=17 | dir=in | app=c:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe |
"{CC1772F0-D605-435E-8D0C-DB31FBBADC04}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E3C11319-97C5-4E26-930E-A3D49B44EE29}" = dir=in | app=c:\users\johanna\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F901B3B1-EF49-44F2-9573-662C93905B94}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"TCP Query User{1290C732-DE34-4B87-A73B-EE79430E831B}C:\users\johanna\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\johanna\appdata\roaming\spotify\spotify.exe |
"TCP Query User{8968D956-910F-4E8A-ADCD-48D829EA5199}C:\program files (x86)\sitecom\mfp server control center\control center.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sitecom\mfp server control center\control center.exe |
"UDP Query User{53F16BAC-D034-4D81-8E26-118389ABEE3A}C:\program files (x86)\sitecom\mfp server control center\control center.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sitecom\mfp server control center\control center.exe |
"UDP Query User{556BD15F-EFD4-4CC1-9880-675CC587EE12}C:\users\johanna\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\johanna\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6498E673-B9C2-4544-A722-1E854B5B573E}_is1" = Cold Turkey version 0.8
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCD55450-77AC-4347-B24F-654B1189F8D4}" = SpyHunter
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"HomeStudentRetail - de-de" = Microsoft Office Home and Student 2013 - de-de
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"O365HomePremRetail - de-de" = Microsoft Office 365 Home Premium - de-de
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{01944037-D136-45EE-A007-403EAD929FC7}" = Windows Live Writer
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 6.0046
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{2A14D7BC-1876-4B38-830B-18856C27F550}" = WebCam Installer
"{2AEAFC79-79E6-4784-9CF9-D9D82932BF88}" = Windows Live Family Safety
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D44D783-D027-4135-AC39-81E320ED2D3A}" = Windows Live Family Safety
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{8030AE22-7FA0-4880-A538-8906EDBF49F4}" = Windows Live Writer Resources
"{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{96914829-DF65-40AE-8A31-6F3E96BAEBBD}" = Windows Live Mail
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A2201542-DA80-457F-8BD9-6C9C90196481}" = ChiconyCam
"{A5DC64EE-2FC4-4C35-9975-639DD8499369}" = Windows Live Family Safety
"{A8F01933-6EF5-4E43-96A5-8C080304FD17}" = Sitecom Multi-Function Printserver Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) MUI
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB169E8F-5332-4DBF-B085-84AA2C373304}" = Windows Live Messenger
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Finale 2012" = Finale 2012
"Google Chrome" = Google Chrome
"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 6.0046
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}" = WebCam Installer
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"PhotoScape" = PhotoScape
"Revo Uninstaller" = Revo Uninstaller 1.94
"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.06.2013 16:00:35 | Computer Name = Johanna-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 48053644
Error - 04.06.2013 16:00:35 | Computer Name = Johanna-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 48053644
Error - 04.06.2013 17:57:55 | Computer Name = Johanna-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 27.0.1453.94,
Zeitstempel: 0x519d6d0b Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0013ad65 ID des fehlerhaften
Prozesses: 0x3b34 Startzeit der fehlerhaften Anwendung: 0x01ce61690418985e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: ceea6c6d-cd61-11e2-9d36-0090f5d9791f
Error - 05.06.2013 08:46:39 | Computer Name = Johanna-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 05.06.2013 11:25:05 | Computer Name = Johanna-Laptop | Source = Google Update | ID = 20
Description =
Error - 05.06.2013 13:56:27 | Computer Name = Johanna-Laptop | Source = Google Update | ID = 20
Description =
Error - 05.06.2013 16:31:19 | Computer Name = Johanna-Laptop | Source = Google Update | ID = 20
Description =
Error - 06.06.2013 09:09:30 | Computer Name = Johanna-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 06.06.2013 09:09:36 | Computer Name = Johanna-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 15.1.0.2,
Zeitstempel: 0x4f4a262d Name des fehlerhaften Moduls: MurocApi.dll, Version: 15.1.0.1,
Zeitstempel: 0x4f4a2503 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002084b
ID
des fehlerhaften Prozesses: 0xd78 Startzeit der fehlerhaften Anwendung: 0x01ce62b701e868b8
Pfad
der fehlerhaften Anwendung: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Intel\WiFi\bin\MurocApi.dll Berichtskennung:
55f1c94c-ceaa-11e2-82ae-0090f5d9791f
Error - 06.06.2013 13:31:26 | Computer Name = Johanna-Laptop | Source = Google Update | ID = 20
Description =
Error - 07.06.2013 08:25:10 | Computer Name = Johanna-Laptop | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 07.06.2013 17:25:38 | Computer Name = Johanna-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 07.06.2013 17:25:39 | Computer Name = Johanna-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 07.06.2013 17:31:45 | Computer Name = Johanna-Laptop | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error - 07.06.2013 17:31:45 | Computer Name = Johanna-Laptop | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 07.06.2013 17:31:45 | Computer Name = Johanna-Laptop | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error - 07.06.2013 17:31:45 | Computer Name = Johanna-Laptop | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 08.06.2013 10:51:00 | Computer Name = Johanna-Laptop | Source = DCOM | ID = 10016
Description =
Error - 08.06.2013 10:52:55 | Computer Name = Johanna-Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Adobe Active File Monitor V11 erreicht.
Error - 09.06.2013 09:25:29 | Computer Name = Johanna-Laptop | Source = DCOM | ID = 10016
Description =
Error - 10.06.2013 07:20:15 | Computer Name = Johanna-Laptop | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
14.06.2013, 12:49
| #4 |
| /// Malware-holic | HILFEE!! Virus - System Care Antivirus Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
[2013.06.14 00:04:56 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.06.13 23:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AD0143DF9B4E72F00000AD0096E77B67
[2013.06.14 00:04:56 | 000,002,048 | ---- | M] () -- C:\Users\Johanna\Desktop\System Care Antivirus.lnk
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.06.2013, 14:49
| #5 |
| | HILFEE!! Virus - System Care Antivirus Hallo! Das Fixen habe ich gemacht. Das ist der Inhalt der Datei: All processes killed Error: Unable to interpret <:OTL [2013.06.14 00:04:56 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.06.13 23:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AD0143DF9B4E72F00000AD0096E77B67 [2013.06.14 00:04:56 | 000,002,048 | ---- | M] () -- C:\Users\Johanna\Desktop\System Care Antivirus.lnk :files :Commands [emptytemp] > in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 06142013_154044 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Ich bekomme im normalen Modus übrigens immer ein Fenster, das nennt sich "ct_notify". Dort steht: "Error reading my configuration file. Please re-install me." Was hat das zu bedeuten? Der Ordner "MOved Files" enthält keine Zip Datei und ich kann bei dem Ordner auch nirgendwo "Senden an" klicken.  AHH! Moment. Und zwar habe ich ColdTurkey, eigentlich zum Lernen, damit ich Facebook etc sperren kann und mich aufs Lernen konzentrieren kann. Gestern habe ich das allerdings dazu verwendet, um dieses System Care zu blocken. Die CT-Meldung könnte dann davon sein. :/ |
|
14.06.2013, 14:50
| #6 |
| /// Malware-holic | HILFEE!! Virus - System Care Antivirus schon so machen wie ichs schreibe, also nicht als fließtext in otl lreinkopieren.b
__________________ --> HILFEE!! Virus - System Care Antivirus |
|
14.06.2013, 15:10
| #7 |
| | HILFEE!! Virus - System Care Antivirus So, jetzt hat es geklappt. System Care ist zwar vom Desktop weg, aber es öffnet sich dennoch. All processes killed ========== OTL ========== C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus folder moved successfully. Folder C:\ProgramData\AD0143DF9B4E72F00000AD0096E77B67\ not found. C:\Users\Johanna\Desktop\System Care Antivirus.lnk moved successfully. OTL by OldTimer - Version 3.2.69.0 log created on 06142013_160411 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Zip Datei ist hochgeladen! |
|
14.06.2013, 17:31
| #8 |
| /// Malware-holic | HILFEE!! Virus - System Care Antivirus Hi, normaler Modus geht? dann: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.06.2013, 20:19
| #9 |
| | HILFEE!! Virus - System Care Antivirus Hallo! Ja, der normale Modus funktioniert! So, hier ist der Inhalt: 21:12:08.0098 4212 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 21:12:08.0395 4212 ============================================================ 21:12:08.0395 4212 Current date / time: 2013/06/14 21:12:08.0395 21:12:08.0395 4212 SystemInfo: 21:12:08.0395 4212 21:12:08.0395 4212 OS Version: 6.1.7601 ServicePack: 1.0 21:12:08.0395 4212 Product type: Workstation 21:12:08.0395 4212 ComputerName: JOHANNA-LAPTOP 21:12:08.0395 4212 UserName: Johanna 21:12:08.0395 4212 Windows directory: C:\Windows 21:12:08.0395 4212 System windows directory: C:\Windows 21:12:08.0395 4212 Running under WOW64 21:12:08.0395 4212 Processor architecture: Intel x64 21:12:08.0395 4212 Number of processors: 4 21:12:08.0395 4212 Page size: 0x1000 21:12:08.0395 4212 Boot type: Normal boot 21:12:08.0395 4212 ============================================================ 21:12:10.0877 4212 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:12:10.0877 4212 ============================================================ 21:12:10.0877 4212 \Device\Harddisk0\DR0: 21:12:10.0877 4212 MBR partitions: 21:12:10.0877 4212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 21:12:10.0877 4212 ============================================================ 21:12:10.0893 4212 C: <-> \Device\Harddisk0\DR0\Partition1 21:12:10.0893 4212 ============================================================ 21:12:10.0893 4212 Initialize success 21:12:10.0893 4212 ============================================================ 21:14:26.0171 4316 ============================================================ 21:14:26.0171 4316 Scan started 21:14:26.0171 4316 Mode: Manual; SigCheck; TDLFS; 21:14:26.0171 4316 ============================================================ 21:14:26.0654 4316 ================ Scan system memory ======================== 21:14:26.0654 4316 System memory - ok 21:14:26.0654 4316 ================ Scan services ============================= 21:14:26.0826 4316 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:14:26.0888 4316 1394ohci - ok 21:14:27.0060 4316 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:14:27.0091 4316 ACPI - ok 21:14:27.0185 4316 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:14:27.0200 4316 AcpiPmi - ok 21:14:27.0590 4316 [ BF3818B441955E4D438EC72F06F1FE61 ] AdobeActiveFileMonitor11.0 C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe 21:14:27.0606 4316 AdobeActiveFileMonitor11.0 - ok 21:14:27.0793 4316 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:14:27.0809 4316 AdobeARMservice - ok 21:14:28.0152 4316 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:14:28.0168 4316 AdobeFlashPlayerUpdateSvc - ok 21:14:28.0324 4316 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 21:14:28.0355 4316 adp94xx - ok 21:14:28.0511 4316 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 21:14:28.0542 4316 adpahci - ok 21:14:28.0604 4316 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 21:14:28.0620 4316 adpu320 - ok 21:14:28.0714 4316 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:14:28.0760 4316 AeLookupSvc - ok 21:14:28.0932 4316 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 21:14:28.0948 4316 AFD - ok 21:14:29.0026 4316 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:14:29.0041 4316 agp440 - ok 21:14:29.0135 4316 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 21:14:29.0150 4316 ALG - ok 21:14:29.0260 4316 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 21:14:29.0275 4316 aliide - ok 21:14:29.0338 4316 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 21:14:29.0369 4316 amdide - ok 21:14:29.0478 4316 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 21:14:29.0509 4316 AmdK8 - ok 21:14:29.0525 4316 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 21:14:29.0540 4316 AmdPPM - ok 21:14:29.0634 4316 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:14:29.0650 4316 amdsata - ok 21:14:29.0759 4316 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 21:14:29.0790 4316 amdsbs - ok 21:14:29.0852 4316 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:14:29.0884 4316 amdxata - ok 21:14:30.0289 4316 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 21:14:30.0305 4316 AntiVirSchedulerService - ok 21:14:30.0352 4316 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 21:14:30.0367 4316 AntiVirService - ok 21:14:30.0539 4316 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 21:14:30.0586 4316 AppID - ok 21:14:30.0679 4316 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:14:30.0726 4316 AppIDSvc - ok 21:14:30.0788 4316 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 21:14:30.0804 4316 Appinfo - ok 21:14:31.0022 4316 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:14:31.0038 4316 Apple Mobile Device - ok 21:14:31.0194 4316 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 21:14:31.0225 4316 AppMgmt - ok 21:14:31.0272 4316 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 21:14:31.0288 4316 arc - ok 21:14:31.0350 4316 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 21:14:31.0366 4316 arcsas - ok 21:14:31.0490 4316 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 21:14:31.0506 4316 aspnet_state - ok 21:14:31.0537 4316 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:14:31.0584 4316 AsyncMac - ok 21:14:31.0615 4316 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 21:14:31.0615 4316 atapi - ok 21:14:31.0662 4316 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:14:31.0709 4316 AudioEndpointBuilder - ok 21:14:31.0724 4316 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:14:31.0771 4316 AudioSrv - ok 21:14:31.0802 4316 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 21:14:31.0834 4316 avgntflt - ok 21:14:31.0865 4316 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 21:14:31.0880 4316 avipbb - ok 21:14:31.0896 4316 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 21:14:31.0912 4316 avkmgr - ok 21:14:31.0958 4316 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:14:31.0990 4316 AxInstSV - ok 21:14:32.0021 4316 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 21:14:32.0052 4316 b06bdrv - ok 21:14:32.0083 4316 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:14:32.0114 4316 b57nd60a - ok 21:14:32.0161 4316 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 21:14:32.0192 4316 BDESVC - ok 21:14:32.0208 4316 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 21:14:32.0255 4316 Beep - ok 21:14:32.0302 4316 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 21:14:32.0364 4316 BFE - ok 21:14:32.0520 4316 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys 21:14:32.0551 4316 BHDrvx64 - ok 21:14:32.0582 4316 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 21:14:32.0629 4316 BITS - ok 21:14:32.0645 4316 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 21:14:32.0660 4316 blbdrive - ok 21:14:32.0738 4316 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 21:14:32.0754 4316 Bonjour Service - ok 21:14:32.0770 4316 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:14:32.0801 4316 bowser - ok 21:14:32.0816 4316 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 21:14:32.0848 4316 BrFiltLo - ok 21:14:32.0863 4316 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 21:14:32.0879 4316 BrFiltUp - ok 21:14:32.0910 4316 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 21:14:32.0926 4316 Browser - ok 21:14:32.0957 4316 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:14:32.0988 4316 Brserid - ok 21:14:33.0004 4316 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:14:33.0019 4316 BrSerWdm - ok 21:14:33.0050 4316 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:14:33.0082 4316 BrUsbMdm - ok 21:14:33.0097 4316 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:14:33.0113 4316 BrUsbSer - ok 21:14:33.0175 4316 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 21:14:33.0191 4316 BthEnum - ok 21:14:33.0222 4316 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 21:14:33.0238 4316 BTHMODEM - ok 21:14:33.0284 4316 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 21:14:33.0300 4316 BthPan - ok 21:14:33.0331 4316 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 21:14:33.0347 4316 BTHPORT - ok 21:14:33.0409 4316 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 21:14:33.0456 4316 bthserv - ok 21:14:33.0487 4316 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 21:14:33.0487 4316 BTHUSB - ok 21:14:33.0581 4316 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys 21:14:33.0596 4316 ccSet_NIS - ok 21:14:33.0628 4316 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:14:33.0690 4316 cdfs - ok 21:14:33.0721 4316 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 21:14:33.0752 4316 cdrom - ok 21:14:33.0784 4316 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 21:14:33.0830 4316 CertPropSvc - ok 21:14:33.0862 4316 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 21:14:33.0893 4316 circlass - ok 21:14:33.0893 4316 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 21:14:33.0908 4316 CLFS - ok 21:14:33.0971 4316 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:14:33.0986 4316 clr_optimization_v2.0.50727_32 - ok 21:14:34.0018 4316 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:14:34.0033 4316 clr_optimization_v2.0.50727_64 - ok 21:14:34.0096 4316 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:14:34.0127 4316 clr_optimization_v4.0.30319_32 - ok 21:14:34.0142 4316 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:14:34.0158 4316 clr_optimization_v4.0.30319_64 - ok 21:14:34.0205 4316 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 21:14:34.0220 4316 CmBatt - ok 21:14:34.0236 4316 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:14:34.0252 4316 cmdide - ok 21:14:34.0298 4316 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 21:14:34.0345 4316 CNG - ok 21:14:34.0376 4316 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 21:14:34.0408 4316 Compbatt - ok 21:14:34.0439 4316 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 21:14:34.0454 4316 CompositeBus - ok 21:14:34.0470 4316 COMSysApp - ok 21:14:34.0548 4316 [ 46609CA1A73B8045764E488EA8C73439 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 21:14:34.0579 4316 cphs - ok 21:14:34.0595 4316 cpuz135 - ok 21:14:34.0626 4316 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 21:14:34.0642 4316 crcdisk - ok 21:14:34.0704 4316 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:14:34.0735 4316 CryptSvc - ok 21:14:34.0766 4316 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 21:14:34.0782 4316 CSC - ok 21:14:34.0813 4316 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 21:14:34.0844 4316 CscService - ok 21:14:34.0891 4316 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:14:34.0954 4316 DcomLaunch - ok 21:14:34.0985 4316 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 21:14:35.0047 4316 defragsvc - ok 21:14:35.0078 4316 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:14:35.0125 4316 DfsC - ok 21:14:35.0172 4316 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 21:14:35.0188 4316 Dhcp - ok 21:14:35.0203 4316 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 21:14:35.0250 4316 discache - ok 21:14:35.0281 4316 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 21:14:35.0281 4316 Disk - ok 21:14:35.0312 4316 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 21:14:35.0328 4316 dmvsc - ok 21:14:35.0344 4316 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:14:35.0375 4316 Dnscache - ok 21:14:35.0390 4316 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:14:35.0453 4316 dot3svc - ok 21:14:35.0468 4316 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 21:14:35.0500 4316 DPS - ok 21:14:35.0531 4316 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:14:35.0562 4316 drmkaud - ok 21:14:35.0593 4316 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:14:35.0624 4316 DXGKrnl - ok 21:14:35.0656 4316 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 21:14:35.0702 4316 EapHost - ok 21:14:35.0780 4316 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 21:14:35.0843 4316 ebdrv - ok 21:14:35.0890 4316 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 21:14:35.0921 4316 eeCtrl - ok 21:14:35.0952 4316 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 21:14:35.0968 4316 EFS - ok 21:14:36.0030 4316 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:14:36.0061 4316 ehRecvr - ok 21:14:36.0077 4316 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 21:14:36.0092 4316 ehSched - ok 21:14:36.0155 4316 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 21:14:36.0186 4316 elxstor - ok 21:14:36.0202 4316 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 21:14:36.0217 4316 EraserUtilRebootDrv - ok 21:14:36.0248 4316 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:14:36.0264 4316 ErrDev - ok 21:14:36.0311 4316 [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner C:\Windows\system32\DRIVERS\EsgScanner.sys 21:14:36.0326 4316 EsgScanner - ok 21:14:36.0373 4316 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 21:14:36.0420 4316 EventSystem - ok 21:14:36.0498 4316 [ 23D401A43DADED10A153B9F3A7E66C91 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 21:14:36.0529 4316 EvtEng - ok 21:14:36.0545 4316 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 21:14:36.0592 4316 exfat - ok 21:14:36.0607 4316 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:14:36.0654 4316 fastfat - ok 21:14:36.0701 4316 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 21:14:36.0716 4316 Fax - ok 21:14:36.0732 4316 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 21:14:36.0748 4316 fdc - ok 21:14:36.0763 4316 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 21:14:36.0810 4316 fdPHost - ok 21:14:36.0826 4316 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 21:14:36.0857 4316 FDResPub - ok 21:14:36.0888 4316 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:14:36.0904 4316 FileInfo - ok 21:14:36.0904 4316 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:14:36.0950 4316 Filetrace - ok 21:14:36.0997 4316 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 21:14:37.0013 4316 flpydisk - ok 21:14:37.0028 4316 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:14:37.0060 4316 FltMgr - ok 21:14:37.0106 4316 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 21:14:37.0138 4316 FontCache - ok 21:14:37.0184 4316 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:14:37.0184 4316 FontCache3.0.0.0 - ok 21:14:37.0216 4316 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:14:37.0231 4316 FsDepends - ok 21:14:37.0278 4316 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 21:14:37.0309 4316 fssfltr - ok 21:14:37.0372 4316 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 21:14:37.0418 4316 fsssvc - ok 21:14:37.0450 4316 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:14:37.0465 4316 Fs_Rec - ok 21:14:37.0496 4316 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:14:37.0512 4316 fvevol - ok 21:14:37.0543 4316 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 21:14:37.0559 4316 gagp30kx - ok 21:14:37.0590 4316 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:14:37.0590 4316 GEARAspiWDM - ok 21:14:37.0637 4316 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 21:14:37.0684 4316 gpsvc - ok 21:14:37.0746 4316 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:14:37.0762 4316 gupdate - ok 21:14:37.0777 4316 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:14:37.0793 4316 gupdatem - ok 21:14:37.0808 4316 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:14:37.0840 4316 hcw85cir - ok 21:14:37.0871 4316 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:14:37.0902 4316 HdAudAddService - ok 21:14:37.0933 4316 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 21:14:37.0964 4316 HDAudBus - ok 21:14:37.0980 4316 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 21:14:37.0996 4316 HidBatt - ok 21:14:38.0011 4316 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 21:14:38.0042 4316 HidBth - ok 21:14:38.0074 4316 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 21:14:38.0089 4316 HidIr - ok 21:14:38.0120 4316 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 21:14:38.0167 4316 hidserv - ok 21:14:38.0198 4316 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 21:14:38.0230 4316 HidUsb - ok 21:14:38.0245 4316 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:14:38.0292 4316 hkmsvc - ok 21:14:38.0308 4316 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:14:38.0323 4316 HomeGroupListener - ok 21:14:38.0354 4316 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:14:38.0370 4316 HomeGroupProvider - ok 21:14:38.0401 4316 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:14:38.0432 4316 HpSAMD - ok 21:14:38.0464 4316 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:14:38.0526 4316 HTTP - ok 21:14:38.0526 4316 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:14:38.0542 4316 hwpolicy - ok 21:14:38.0573 4316 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 21:14:38.0573 4316 i8042prt - ok 21:14:38.0620 4316 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:14:38.0635 4316 iaStorV - ok 21:14:38.0698 4316 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 21:14:38.0713 4316 IDriverT ( UnsignedFile.Multi.Generic ) - warning 21:14:38.0713 4316 IDriverT - detected UnsignedFile.Multi.Generic (1) 21:14:38.0760 4316 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:14:38.0791 4316 idsvc - ok 21:14:38.0947 4316 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130312.001\IDSvia64.sys 21:14:38.0963 4316 IDSVia64 - ok 21:14:39.0228 4316 [ 72A89FFAB63239771DEE03C15AE7CAFD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 21:14:39.0415 4316 igfx - ok 21:14:39.0462 4316 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 21:14:39.0478 4316 iirsp - ok 21:14:39.0509 4316 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 21:14:39.0556 4316 IKEEXT - ok 21:14:39.0602 4316 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 21:14:39.0618 4316 IntcDAud - ok 21:14:39.0680 4316 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe 21:14:39.0696 4316 Intel(R) Capability Licensing Service Interface - ok 21:14:39.0727 4316 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 21:14:39.0743 4316 intelide - ok 21:14:39.0758 4316 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 21:14:39.0790 4316 intelppm - ok 21:14:39.0821 4316 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:14:39.0868 4316 IPBusEnum - ok 21:14:39.0899 4316 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:14:39.0946 4316 IpFilterDriver - ok 21:14:39.0977 4316 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:14:39.0992 4316 iphlpsvc - ok 21:14:40.0008 4316 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:14:40.0024 4316 IPMIDRV - ok 21:14:40.0039 4316 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:14:40.0086 4316 IPNAT - ok 21:14:40.0133 4316 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 21:14:40.0164 4316 iPod Service - ok 21:14:40.0180 4316 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:14:40.0211 4316 IRENUM - ok 21:14:40.0226 4316 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:14:40.0242 4316 isapnp - ok 21:14:40.0273 4316 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:14:40.0289 4316 iScsiPrt - ok 21:14:40.0336 4316 [ D596D915CF091DA1F8CE4BD38BB5D509 ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys 21:14:40.0351 4316 iusb3hcs - ok 21:14:40.0382 4316 [ 023896E23B61543A15A230EED996D911 ] iusb3hub C:\Windows\system32\drivers\iusb3hub.sys 21:14:40.0414 4316 iusb3hub - ok 21:14:40.0445 4316 [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E ] iusb3xhc C:\Windows\system32\drivers\iusb3xhc.sys 21:14:40.0476 4316 iusb3xhc - ok 21:14:40.0554 4316 [ FEA320980EC3C8B6875487AB564FC5BF ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 21:14:40.0570 4316 jhi_service - ok 21:14:40.0585 4316 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 21:14:40.0601 4316 kbdclass - ok 21:14:40.0616 4316 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 21:14:40.0632 4316 kbdhid - ok 21:14:40.0663 4316 [ 99C5AEA540FB291CDBB2AC1ACE9D136E ] KCTRP C:\Program Files\ColdTurkey\KCTRP_srv.exe 21:14:40.0679 4316 KCTRP ( UnsignedFile.Multi.Generic ) - warning 21:14:40.0679 4316 KCTRP - detected UnsignedFile.Multi.Generic (1) 21:14:40.0694 4316 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 21:14:40.0726 4316 KeyIso - ok 21:14:40.0741 4316 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:14:40.0757 4316 KSecDD - ok 21:14:40.0772 4316 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:14:40.0788 4316 KSecPkg - ok 21:14:40.0804 4316 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:14:40.0850 4316 ksthunk - ok 21:14:40.0882 4316 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 21:14:40.0928 4316 KtmRm - ok 21:14:40.0975 4316 [ 5833B5E707E947208B115404054A442D ] KUSBusByTCP C:\Windows\syswow64\Drivers\KUSBusByTCP.sys 21:14:41.0006 4316 KUSBusByTCP - ok 21:14:41.0006 4316 [ 0B2F930E5A0F09443CB485130104A921 ] KUSBusByTCPMasterBus C:\Windows\syswow64\Drivers\KUSBusByTCPMasterBus.sys 21:14:41.0022 4316 KUSBusByTCPMasterBus - ok 21:14:41.0053 4316 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:14:41.0100 4316 LanmanServer - ok 21:14:41.0116 4316 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:14:41.0162 4316 LanmanWorkstation - ok 21:14:41.0194 4316 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:14:41.0240 4316 lltdio - ok 21:14:41.0256 4316 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:14:41.0318 4316 lltdsvc - ok 21:14:41.0350 4316 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:14:41.0396 4316 lmhosts - ok 21:14:41.0428 4316 [ 6E49C68A04C85F5DBBE847BB4B960FCA ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:14:41.0443 4316 LMS - ok 21:14:41.0474 4316 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 21:14:41.0490 4316 LSI_FC - ok 21:14:41.0521 4316 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 21:14:41.0537 4316 LSI_SAS - ok 21:14:41.0552 4316 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 21:14:41.0568 4316 LSI_SAS2 - ok 21:14:41.0584 4316 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 21:14:41.0584 4316 LSI_SCSI - ok 21:14:41.0615 4316 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 21:14:41.0662 4316 luafv - ok 21:14:41.0677 4316 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:14:41.0693 4316 Mcx2Svc - ok 21:14:41.0724 4316 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 21:14:41.0740 4316 megasas - ok 21:14:41.0755 4316 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 21:14:41.0771 4316 MegaSR - ok 21:14:41.0802 4316 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys 21:14:41.0818 4316 MEIx64 - ok 21:14:41.0864 4316 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 21:14:41.0911 4316 MMCSS - ok 21:14:41.0927 4316 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 21:14:41.0974 4316 Modem - ok 21:14:42.0005 4316 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:14:42.0020 4316 monitor - ok 21:14:42.0036 4316 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 21:14:42.0052 4316 mouclass - ok 21:14:42.0083 4316 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys 21:14:42.0098 4316 mouhid - ok 21:14:42.0130 4316 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:14:42.0130 4316 mountmgr - ok 21:14:42.0176 4316 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 21:14:42.0192 4316 MozillaMaintenance - ok 21:14:42.0239 4316 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 21:14:42.0254 4316 mpio - ok 21:14:42.0286 4316 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:14:42.0332 4316 mpsdrv - ok 21:14:42.0379 4316 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:14:42.0442 4316 MpsSvc - ok 21:14:42.0457 4316 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:14:42.0473 4316 MRxDAV - ok 21:14:42.0488 4316 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:14:42.0504 4316 mrxsmb - ok 21:14:42.0535 4316 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:14:42.0551 4316 mrxsmb10 - ok 21:14:42.0551 4316 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:14:42.0566 4316 mrxsmb20 - ok 21:14:42.0582 4316 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 21:14:42.0598 4316 msahci - ok 21:14:42.0613 4316 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:14:42.0629 4316 msdsm - ok 21:14:42.0644 4316 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 21:14:42.0660 4316 MSDTC - ok 21:14:42.0676 4316 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:14:42.0722 4316 Msfs - ok 21:14:42.0738 4316 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:14:42.0769 4316 mshidkmdf - ok 21:14:42.0785 4316 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:14:42.0800 4316 msisadrv - ok 21:14:42.0847 4316 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:14:42.0894 4316 MSiSCSI - ok 21:14:42.0894 4316 msiserver - ok 21:14:42.0925 4316 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:14:42.0956 4316 MSKSSRV - ok 21:14:42.0988 4316 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:14:43.0034 4316 MSPCLOCK - ok 21:14:43.0034 4316 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:14:43.0081 4316 MSPQM - ok 21:14:43.0097 4316 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:14:43.0128 4316 MsRPC - ok 21:14:43.0144 4316 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 21:14:43.0159 4316 mssmbios - ok 21:14:43.0175 4316 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:14:43.0206 4316 MSTEE - ok 21:14:43.0222 4316 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 21:14:43.0237 4316 MTConfig - ok 21:14:43.0253 4316 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 21:14:43.0268 4316 Mup - ok 21:14:43.0300 4316 [ 48C9BA25EDA90E3DB07ADAC8CD32F5F3 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 21:14:43.0315 4316 MyWiFiDHCPDNS - ok 21:14:43.0331 4316 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 21:14:43.0378 4316 napagent - ok 21:14:43.0409 4316 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:14:43.0440 4316 NativeWifiP - ok 21:14:43.0471 4316 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130314.004\ENG64.SYS 21:14:43.0487 4316 NAVENG - ok 21:14:43.0534 4316 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130314.004\EX64.SYS 21:14:43.0596 4316 NAVEX15 - ok 21:14:43.0627 4316 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:14:43.0658 4316 NDIS - ok 21:14:43.0690 4316 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:14:43.0736 4316 NdisCap - ok 21:14:43.0752 4316 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:14:43.0799 4316 NdisTapi - ok 21:14:43.0799 4316 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:14:43.0846 4316 Ndisuio - ok 21:14:43.0861 4316 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:14:43.0892 4316 NdisWan - ok 21:14:43.0924 4316 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:14:43.0970 4316 NDProxy - ok 21:14:44.0002 4316 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:14:44.0048 4316 NetBIOS - ok 21:14:44.0048 4316 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:14:44.0095 4316 NetBT - ok 21:14:44.0173 4316 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 21:14:44.0189 4316 Netlogon - ok 21:14:44.0251 4316 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 21:14:44.0298 4316 Netman - ok 21:14:44.0345 4316 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:14:44.0360 4316 NetMsmqActivator - ok 21:14:44.0392 4316 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:14:44.0407 4316 NetPipeActivator - ok 21:14:44.0454 4316 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 21:14:44.0516 4316 netprofm - ok 21:14:44.0516 4316 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:14:44.0532 4316 NetTcpActivator - ok 21:14:44.0532 4316 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:14:44.0548 4316 NetTcpPortSharing - ok 21:14:44.0750 4316 [ FAD6C5610D020534401966CD72A1C306 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys 21:14:44.0891 4316 NETwNs64 - ok 21:14:44.0953 4316 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 21:14:44.0969 4316 nfrd960 - ok 21:14:45.0047 4316 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe 21:14:45.0062 4316 NIS - ok 21:14:45.0094 4316 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:14:45.0125 4316 NlaSvc - ok 21:14:45.0156 4316 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:14:45.0203 4316 Npfs - ok 21:14:45.0234 4316 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 21:14:45.0281 4316 nsi - ok 21:14:45.0296 4316 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:14:45.0328 4316 nsiproxy - ok 21:14:45.0374 4316 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:14:45.0468 4316 Ntfs - ok 21:14:45.0484 4316 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 21:14:45.0530 4316 Null - ok 21:14:45.0562 4316 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:14:45.0577 4316 nvraid - ok 21:14:45.0608 4316 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:14:45.0624 4316 nvstor - ok 21:14:45.0655 4316 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:14:45.0671 4316 nv_agp - ok 21:14:45.0920 4316 [ CF7B55AEF7AA9CF053C8B33D8055C367 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe 21:14:45.0967 4316 OfficeSvc - ok 21:14:45.0998 4316 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:14:46.0014 4316 ohci1394 - ok 21:14:46.0061 4316 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:14:46.0076 4316 ose - ok 21:14:46.0201 4316 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:14:46.0295 4316 osppsvc - ok 21:14:46.0326 4316 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:14:46.0357 4316 p2pimsvc - ok 21:14:46.0388 4316 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 21:14:46.0404 4316 p2psvc - ok 21:14:46.0420 4316 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 21:14:46.0435 4316 Parport - ok 21:14:46.0466 4316 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:14:46.0482 4316 partmgr - ok 21:14:46.0482 4316 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:14:46.0513 4316 PcaSvc - ok 21:14:46.0529 4316 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 21:14:46.0544 4316 pci - ok 21:14:46.0576 4316 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 21:14:46.0591 4316 pciide - ok 21:14:46.0607 4316 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 21:14:46.0638 4316 pcmcia - ok 21:14:46.0654 4316 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 21:14:46.0669 4316 pcw - ok 21:14:46.0685 4316 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:14:46.0747 4316 PEAUTH - ok 21:14:46.0778 4316 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 21:14:46.0810 4316 PeerDistSvc - ok 21:14:46.0872 4316 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:14:46.0888 4316 PerfHost - ok 21:14:46.0950 4316 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 21:14:47.0012 4316 pla - ok 21:14:47.0044 4316 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:14:47.0059 4316 PlugPlay - ok 21:14:47.0075 4316 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:14:47.0090 4316 PNRPAutoReg - ok 21:14:47.0106 4316 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:14:47.0122 4316 PNRPsvc - ok 21:14:47.0153 4316 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:14:47.0184 4316 PolicyAgent - ok 21:14:47.0215 4316 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 21:14:47.0262 4316 Power - ok 21:14:47.0340 4316 [ 1045551441ECE5532755DA637BE7BB94 ] PowerBiosServer c:\Program Files (x86)\Hotkey\PowerBiosServer.exe 21:14:47.0340 4316 PowerBiosServer ( UnsignedFile.Multi.Generic ) - warning 21:14:47.0340 4316 PowerBiosServer - detected UnsignedFile.Multi.Generic (1) 21:14:47.0371 4316 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:14:47.0434 4316 PptpMiniport - ok 21:14:47.0449 4316 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 21:14:47.0465 4316 Processor - ok 21:14:47.0480 4316 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 21:14:47.0496 4316 ProfSvc - ok 21:14:47.0512 4316 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:14:47.0527 4316 ProtectedStorage - ok 21:14:47.0558 4316 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:14:47.0590 4316 Psched - ok 21:14:47.0621 4316 [ 07D57B890DD5693A6AB660CBAE8F91B4 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 21:14:47.0636 4316 PxHlpa64 - ok 21:14:47.0683 4316 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 21:14:47.0714 4316 ql2300 - ok 21:14:47.0746 4316 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 21:14:47.0761 4316 ql40xx - ok 21:14:47.0792 4316 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 21:14:47.0824 4316 QWAVE - ok 21:14:47.0855 4316 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:14:47.0886 4316 QWAVEdrv - ok 21:14:47.0902 4316 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:14:47.0948 4316 RasAcd - ok 21:14:47.0980 4316 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:14:48.0026 4316 RasAgileVpn - ok 21:14:48.0058 4316 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 21:14:48.0104 4316 RasAuto - ok 21:14:48.0136 4316 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:14:48.0182 4316 Rasl2tp - ok 21:14:48.0198 4316 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 21:14:48.0245 4316 RasMan - ok 21:14:48.0245 4316 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:14:48.0292 4316 RasPppoe - ok 21:14:48.0323 4316 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:14:48.0354 4316 RasSstp - ok 21:14:48.0385 4316 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:14:48.0432 4316 rdbss - ok 21:14:48.0448 4316 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 21:14:48.0463 4316 rdpbus - ok 21:14:48.0494 4316 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:14:48.0541 4316 RDPCDD - ok 21:14:48.0572 4316 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 21:14:48.0588 4316 RDPDR - ok 21:14:48.0588 4316 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:14:48.0635 4316 RDPENCDD - ok 21:14:48.0650 4316 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:14:48.0697 4316 RDPREFMP - ok 21:14:48.0713 4316 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:14:48.0728 4316 RDPWD - ok 21:14:48.0744 4316 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:14:48.0760 4316 rdyboost - ok 21:14:48.0806 4316 [ 0C2B4C3B10D183BE116A38353E937F62 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 21:14:48.0822 4316 RegSrvc - ok 21:14:48.0838 4316 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:14:48.0900 4316 RemoteAccess - ok 21:14:48.0931 4316 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:14:48.0994 4316 RemoteRegistry - ok 21:14:49.0025 4316 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 21:14:49.0040 4316 RFCOMM - ok 21:14:49.0056 4316 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:14:49.0103 4316 RpcEptMapper - ok 21:14:49.0118 4316 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 21:14:49.0134 4316 RpcLocator - ok 21:14:49.0150 4316 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 21:14:49.0196 4316 RpcSs - ok 21:14:49.0243 4316 [ A90376A91D64DF7C909A72861FC1B4F9 ] RSBASTOR C:\Windows\system32\DRIVERS\RtsBaStor.sys 21:14:49.0274 4316 RSBASTOR - ok 21:14:49.0306 4316 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:14:49.0368 4316 rspndr - ok 21:14:49.0384 4316 [ C5CD940EFFADE1F6246730BCA14E9FE6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 21:14:49.0415 4316 RTL8167 - ok 21:14:49.0415 4316 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 21:14:49.0430 4316 s3cap - ok 21:14:49.0446 4316 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 21:14:49.0462 4316 SamSs - ok 21:14:49.0493 4316 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:14:49.0508 4316 sbp2port - ok 21:14:49.0524 4316 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:14:49.0571 4316 SCardSvr - ok 21:14:49.0586 4316 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:14:49.0633 4316 scfilter - ok 21:14:49.0649 4316 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 21:14:49.0696 4316 Schedule - ok 21:14:49.0727 4316 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 21:14:49.0774 4316 SCPolicySvc - ok 21:14:49.0774 4316 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:14:49.0805 4316 SDRSVC - ok 21:14:49.0820 4316 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:14:49.0883 4316 secdrv - ok 21:14:49.0898 4316 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 21:14:49.0945 4316 seclogon - ok 21:14:49.0961 4316 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 21:14:50.0008 4316 SENS - ok 21:14:50.0008 4316 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:14:50.0023 4316 SensrSvc - ok 21:14:50.0054 4316 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 21:14:50.0070 4316 Serenum - ok 21:14:50.0086 4316 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 21:14:50.0101 4316 Serial - ok 21:14:50.0148 4316 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 21:14:50.0164 4316 sermouse - ok 21:14:50.0195 4316 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 21:14:50.0242 4316 SessionEnv - ok 21:14:50.0257 4316 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:14:50.0273 4316 sffdisk - ok 21:14:50.0288 4316 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:14:50.0320 4316 sffp_mmc - ok 21:14:50.0320 4316 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:14:50.0335 4316 sffp_sd - ok 21:14:50.0366 4316 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 21:14:50.0398 4316 sfloppy - ok 21:14:50.0429 4316 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:14:50.0491 4316 SharedAccess - ok 21:14:50.0507 4316 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:14:50.0554 4316 ShellHWDetection - ok 21:14:50.0585 4316 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 21:14:50.0600 4316 SiSRaid2 - ok 21:14:50.0616 4316 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 21:14:50.0632 4316 SiSRaid4 - ok 21:14:50.0678 4316 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 21:14:50.0694 4316 SkypeUpdate - ok 21:14:50.0725 4316 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:14:50.0788 4316 Smb - ok 21:14:50.0819 4316 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:14:50.0834 4316 SNMPTRAP - ok 21:14:50.0850 4316 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 21:14:50.0866 4316 spldr - ok 21:14:50.0881 4316 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 21:14:50.0897 4316 Spooler - ok 21:14:50.0959 4316 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 21:14:51.0037 4316 sppsvc - ok 21:14:51.0068 4316 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:14:51.0115 4316 sppuinotify - ok 21:14:51.0224 4316 [ 623E4A909E759D73D1C9FA5059A49E9A ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE 21:14:51.0256 4316 SpyHunter 4 Service - ok 21:14:51.0365 4316 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS 21:14:51.0396 4316 SRTSP - ok 21:14:51.0412 4316 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS 21:14:51.0427 4316 SRTSPX - ok 21:14:51.0458 4316 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 21:14:51.0474 4316 srv - ok 21:14:51.0490 4316 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:14:51.0521 4316 srv2 - ok 21:14:51.0536 4316 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:14:51.0552 4316 srvnet - ok 21:14:51.0599 4316 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:14:51.0646 4316 SSDPSRV - ok 21:14:51.0661 4316 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:14:51.0708 4316 SstpSvc - ok 21:14:51.0724 4316 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 21:14:51.0739 4316 stexstor - ok 21:14:51.0755 4316 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 21:14:51.0786 4316 stisvc - ok 21:14:51.0802 4316 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 21:14:51.0817 4316 storflt - ok 21:14:51.0833 4316 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 21:14:51.0848 4316 StorSvc - ok 21:14:51.0864 4316 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 21:14:51.0880 4316 storvsc - ok 21:14:51.0895 4316 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 21:14:51.0911 4316 swenum - ok 21:14:51.0926 4316 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 21:14:51.0973 4316 swprv - ok 21:14:52.0020 4316 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS 21:14:52.0036 4316 SymDS - ok 21:14:52.0067 4316 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS 21:14:52.0098 4316 SymEFA - ok 21:14:52.0114 4316 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 21:14:52.0129 4316 SymEvent - ok 21:14:52.0160 4316 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS 21:14:52.0176 4316 SymIRON - ok 21:14:52.0223 4316 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS 21:14:52.0254 4316 SymNetS - ok 21:14:52.0301 4316 [ F4DB1D9E6A42D491F0F8E21854301C0B ] SynTP C:\Windows\system32\drivers\SynTP.sys 21:14:52.0348 4316 SynTP - ok 21:14:52.0394 4316 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 21:14:52.0441 4316 SysMain - ok 21:14:52.0457 4316 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:14:52.0488 4316 TabletInputService - ok 21:14:52.0504 4316 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:14:52.0535 4316 TapiSrv - ok 21:14:52.0550 4316 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 21:14:52.0597 4316 TBS - ok 21:14:52.0660 4316 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:14:52.0722 4316 Tcpip - ok 21:14:52.0784 4316 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:14:52.0831 4316 TCPIP6 - ok 21:14:52.0878 4316 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:14:52.0894 4316 tcpipreg - ok 21:14:52.0925 4316 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:14:52.0940 4316 TDPIPE - ok 21:14:52.0956 4316 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:14:52.0987 4316 TDTCP - ok 21:14:53.0018 4316 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:14:53.0065 4316 tdx - ok 21:14:53.0081 4316 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 21:14:53.0096 4316 TermDD - ok 21:14:53.0128 4316 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 21:14:53.0174 4316 TermService - ok 21:14:53.0174 4316 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 21:14:53.0206 4316 Themes - ok 21:14:53.0221 4316 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 21:14:53.0268 4316 THREADORDER - ok 21:14:53.0284 4316 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 21:14:53.0330 4316 TrkWks - ok 21:14:53.0362 4316 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:14:53.0424 4316 TrustedInstaller - ok 21:14:53.0440 4316 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:14:53.0486 4316 tssecsrv - ok 21:14:53.0502 4316 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:14:53.0518 4316 TsUsbFlt - ok 21:14:53.0533 4316 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 21:14:53.0549 4316 TsUsbGD - ok 21:14:53.0580 4316 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:14:53.0627 4316 tunnel - ok 21:14:53.0674 4316 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 21:14:53.0674 4316 uagp35 - ok 21:14:53.0705 4316 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:14:53.0736 4316 udfs - ok 21:14:53.0767 4316 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:14:53.0783 4316 UI0Detect - ok 21:14:53.0814 4316 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:14:53.0830 4316 uliagpkx - ok 21:14:53.0861 4316 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:14:53.0876 4316 umbus - ok 21:14:53.0892 4316 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 21:14:53.0908 4316 UmPass - ok 21:14:53.0939 4316 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 21:14:53.0954 4316 UmRdpService - ok 21:14:54.0048 4316 [ 23CBD4326DB5F5D5430F0863729F0835 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 21:14:54.0064 4316 UNS - ok 21:14:54.0095 4316 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 21:14:54.0157 4316 upnphost - ok 21:14:54.0188 4316 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 21:14:54.0204 4316 USBAAPL64 - ok 21:14:54.0220 4316 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys 21:14:54.0235 4316 usbccgp - ok 21:14:54.0266 4316 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:14:54.0282 4316 usbcir - ok 21:14:54.0298 4316 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 21:14:54.0313 4316 usbehci - ok 21:14:54.0329 4316 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys 21:14:54.0344 4316 usbhub - ok 21:14:54.0360 4316 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:14:54.0376 4316 usbohci - ok 21:14:54.0407 4316 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:14:54.0422 4316 usbprint - ok 21:14:54.0438 4316 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:14:54.0469 4316 USBSTOR - ok 21:14:54.0485 4316 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:14:54.0500 4316 usbuhci - ok 21:14:54.0547 4316 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 21:14:54.0563 4316 usbvideo - ok 21:14:54.0594 4316 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 21:14:54.0641 4316 UxSms - ok 21:14:54.0656 4316 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 21:14:54.0672 4316 VaultSvc - ok 21:14:54.0703 4316 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:14:54.0734 4316 vdrvroot - ok 21:14:54.0766 4316 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 21:14:54.0812 4316 vds - ok 21:14:54.0844 4316 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:14:54.0859 4316 vga - ok 21:14:54.0875 4316 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 21:14:54.0922 4316 VgaSave - ok 21:14:54.0937 4316 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:14:54.0953 4316 vhdmp - ok 21:14:55.0015 4316 [ E066AA9C9866C2001372486A6841108C ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys 21:14:55.0078 4316 VIAHdAudAddService - ok 21:14:55.0078 4316 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 21:14:55.0093 4316 viaide - ok 21:14:55.0109 4316 [ 1236737C7993FB462610E1A0AA92C40B ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe 21:14:55.0124 4316 VIAKaraokeService - ok 21:14:55.0140 4316 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 21:14:55.0171 4316 vmbus - ok 21:14:55.0187 4316 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 21:14:55.0202 4316 VMBusHID - ok 21:14:55.0218 4316 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:14:55.0234 4316 volmgr - ok 21:14:55.0265 4316 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:14:55.0280 4316 volmgrx - ok 21:14:55.0296 4316 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:14:55.0312 4316 volsnap - ok 21:14:55.0358 4316 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] vpcbus C:\Windows\system32\drivers\vpchbus.sys 21:14:55.0374 4316 vpcbus - ok 21:14:55.0390 4316 [ 8ACDA395841538CE9713A67FE8B2A3EB ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys 21:14:55.0406 4316 vpcnfltr - ok 21:14:55.0422 4316 [ 31924E31BC315773E6D149B157DB46D5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys 21:14:55.0437 4316 vpcusb - ok 21:14:55.0484 4316 [ 510D250A08C09850F5C78CA2011B3B62 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys 21:14:55.0500 4316 vpcvmm - ok 21:14:55.0547 4316 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 21:14:55.0562 4316 vsmraid - ok 21:14:55.0625 4316 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 21:14:55.0687 4316 VSS - ok 21:14:55.0703 4316 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 21:14:55.0718 4316 vwifibus - ok 21:14:55.0734 4316 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:14:55.0765 4316 vwififlt - ok 21:14:55.0781 4316 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 21:14:55.0796 4316 vwifimp - ok 21:14:55.0812 4316 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 21:14:55.0859 4316 W32Time - ok 21:14:55.0874 4316 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 21:14:55.0890 4316 WacomPen - ok 21:14:55.0921 4316 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:14:55.0968 4316 WANARP - ok 21:14:55.0983 4316 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:14:56.0015 4316 Wanarpv6 - ok 21:14:56.0061 4316 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 21:14:56.0093 4316 wbengine - ok 21:14:56.0093 4316 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:14:56.0124 4316 WbioSrvc - ok 21:14:56.0139 4316 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:14:56.0171 4316 wcncsvc - ok 21:14:56.0171 4316 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:14:56.0186 4316 WcsPlugInService - ok 21:14:56.0217 4316 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 21:14:56.0233 4316 Wd - ok 21:14:56.0264 4316 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:14:56.0295 4316 Wdf01000 - ok 21:14:56.0295 4316 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:14:56.0327 4316 WdiServiceHost - ok 21:14:56.0327 4316 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:14:56.0358 4316 WdiSystemHost - ok 21:14:56.0373 4316 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 21:14:56.0389 4316 WebClient - ok 21:14:56.0405 4316 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:14:56.0436 4316 Wecsvc - ok 21:14:56.0451 4316 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:14:56.0498 4316 wercplsupport - ok 21:14:56.0514 4316 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 21:14:56.0561 4316 WerSvc - ok 21:14:56.0576 4316 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:14:56.0623 4316 WfpLwf - ok 21:14:56.0623 4316 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:14:56.0639 4316 WIMMount - ok 21:14:56.0670 4316 WinDefend - ok 21:14:56.0670 4316 WinHttpAutoProxySvc - ok 21:14:56.0717 4316 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:14:56.0779 4316 Winmgmt - ok 21:14:56.0841 4316 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 21:14:56.0904 4316 WinRM - ok 21:14:56.0951 4316 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:14:56.0966 4316 WinUsb - ok 21:14:56.0997 4316 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 21:14:57.0029 4316 Wlansvc - ok 21:14:57.0122 4316 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:14:57.0169 4316 wlidsvc - ok 21:14:57.0200 4316 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:14:57.0216 4316 WmiAcpi - ok 21:14:57.0247 4316 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:14:57.0263 4316 wmiApSrv - ok 21:14:57.0278 4316 WMPNetworkSvc - ok 21:14:57.0294 4316 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:14:57.0309 4316 WPCSvc - ok 21:14:57.0325 4316 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:14:57.0341 4316 WPDBusEnum - ok 21:14:57.0356 4316 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:14:57.0403 4316 ws2ifsl - ok 21:14:57.0403 4316 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 21:14:57.0434 4316 wscsvc - ok 21:14:57.0481 4316 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 21:14:57.0512 4316 WSDPrintDevice - ok 21:14:57.0512 4316 WSearch - ok 21:14:57.0575 4316 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 21:14:57.0637 4316 wuauserv - ok 21:14:57.0653 4316 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:14:57.0668 4316 WudfPf - ok 21:14:57.0684 4316 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:14:57.0699 4316 WUDFRd - ok 21:14:57.0731 4316 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:14:57.0746 4316 wudfsvc - ok 21:14:57.0762 4316 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 21:14:57.0777 4316 WwanSvc - ok 21:14:57.0887 4316 [ D2FE4103450E52CB248D842501F84B90 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe 21:14:57.0949 4316 ZeroConfigService - ok 21:14:57.0965 4316 ================ Scan global =============================== 21:14:57.0980 4316 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 21:14:58.0011 4316 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:14:58.0027 4316 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:14:58.0105 4316 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 21:14:58.0245 4316 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 21:14:58.0245 4316 [Global] - ok 21:14:58.0245 4316 ================ Scan MBR ================================== 21:14:58.0261 4316 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 21:14:58.0635 4316 \Device\Harddisk0\DR0 - ok 21:14:58.0635 4316 ================ Scan VBR ================================== 21:14:58.0651 4316 [ E4CCEC53151E8C7B274AB1536317619D ] \Device\Harddisk0\DR0\Partition1 21:14:58.0651 4316 \Device\Harddisk0\DR0\Partition1 - ok 21:14:58.0651 4316 ============================================================ 21:14:58.0651 4316 Scan finished 21:14:58.0651 4316 ============================================================ 21:14:58.0667 3524 Detected object count: 3 21:14:58.0667 3524 Actual detected object count: 3 21:16:06.0776 3524 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 21:16:06.0776 3524 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:16:06.0776 3524 KCTRP ( UnsignedFile.Multi.Generic ) - skipped by user 21:16:06.0776 3524 KCTRP ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:16:06.0776 3524 PowerBiosServer ( UnsignedFile.Multi.Generic ) - skipped by user 21:16:06.0776 3524 PowerBiosServer ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
15.06.2013, 13:51
| #10 |
| /// Malware-holic | HILFEE!! Virus - System Care Antivirus Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.06.2013, 16:08
| #11 |
| | HILFEE!! Virus - System Care Antivirus Hallo! Entschuldige, dass ich erst jetzt antworte. Ich war leider unterwegs :/ Hab das eben mal gemacht. Probleme gab es soweit keine, SpyHunter hat sich zwischendurch nur geöffnet. :/ <Combofix Logfile: Code:
ATTFilter ComboFix 13-06-15.01 - Johanna 16.06.2013 16:45:07.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8068.5895 [GMT 2:00]
ausgeführt von:: c:\users\Johanna\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AD0143DF9B4E72F00000AD0096E77B67
c:\programdata\AD0143DF9B4E72F00000AD0096E77B67\AD0143DF9B4E72F00000AD0096E77B67
c:\programdata\AD0143DF9B4E72F00000AD0096E77B67\AD0143DF9B4E72F00000AD0096E77B67.exe
c:\programdata\AD0143DF9B4E72F00000AD0096E77B67\AD0143DF9B4E72F00000AD0096E77B67.ico
c:\programdata\Roaming
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-16 bis 2013-06-16 ))))))))))))))))))))))))))))))
.
.
2013-06-16 14:56 . 2013-06-16 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-14 13:40 . 2013-06-14 14:10 -------- d-----w- C:\_OTL
2013-06-13 22:36 . 2013-06-13 22:36 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-06-13 22:18 . 2012-06-22 10:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2013-06-13 22:18 . 2013-06-13 22:18 110080 ----a-r- c:\users\Johanna\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\IconF7A21AF7.exe
2013-06-13 22:18 . 2013-06-13 22:18 110080 ----a-r- c:\users\Johanna\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\IconD7F16134.exe
2013-06-13 22:18 . 2013-06-13 22:18 110080 ----a-r- c:\users\Johanna\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\Icon1226A4C5.exe
2013-06-13 22:18 . 2013-06-13 22:18 -------- d-----w- C:\sh4ldr
2013-06-13 22:18 . 2013-06-13 22:18 -------- d-----w- c:\program files\Enigma Software Group
2013-06-13 22:17 . 2013-06-13 22:18 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-13 22:17 . 2013-06-13 22:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-12 16:05 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-07 23:18 . 2013-06-10 11:18 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-06-05 20:43 . 2013-06-05 20:43 -------- d-----r- c:\users\Johanna\AppData\Roaming\Brother
2013-06-05 19:06 . 2013-06-06 13:10 -------- d-----w- c:\users\Johanna\AppData\Local\Unity
2013-06-05 18:00 . 2013-06-05 18:00 -------- d-----w- c:\program files\ColdTurkey
2013-06-05 17:59 . 2013-06-05 17:59 -------- d-----w- c:\users\Johanna\AppData\Local\Programs
2013-06-04 00:26 . 2013-06-04 00:28 -------- d-----w- c:\program files (x86)\Google
2013-06-04 00:26 . 2013-06-04 00:28 -------- d-----w- c:\users\Johanna\AppData\Local\Google
2013-06-04 00:26 . 2013-06-04 00:26 -------- d-----w- c:\users\Johanna\AppData\Local\Apps
2013-06-04 00:26 . 2013-06-04 00:26 -------- d-----w- c:\users\Johanna\AppData\Local\Deployment
2013-06-03 21:10 . 2013-06-03 21:10 20616 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1031\VSTOLoaderUI.dll
2013-06-03 21:10 . 2013-06-03 21:10 10896 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1031\VSTOInstallerUI.dll
2013-05-23 14:06 . 2013-05-23 14:06 -------- d-----w- c:\programdata\Brother
2013-05-20 23:45 . 2013-05-20 23:45 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 22:26 . 2013-02-28 20:02 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-06-13 22:08 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-13 01:01 . 2012-12-14 15:25 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 21:33 . 2012-12-14 22:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 21:33 . 2012-12-14 22:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-08 14:02 . 2013-05-08 14:03 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-04-13 05:49 . 2013-05-15 17:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 17:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 17:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 17:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 17:23 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 17:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 19:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 17:23 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 17:23 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 17:23 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-01 02:28 . 2013-04-01 02:28 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-01 02:28 . 2013-04-01 02:28 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-04-01 02:28 . 2013-04-01 02:28 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-10 10:08 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:53 . 2013-05-15 17:23 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-03-19 05:53 . 2013-05-15 17:23 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-03-19 05:46 . 2013-04-10 10:08 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 10:08 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 10:08 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 10:08 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 10:08 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-23 13:47 222712 ----a-w- c:\users\Johanna\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-23 13:47 222712 ----a-w- c:\users\Johanna\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-23 13:47 222712 ----a-w- c:\users\Johanna\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"Facebook Update"="c:\users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-12 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"Spotify Web Helper"="c:\users\Johanna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-06 1105408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-05-14 133400]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-09 5119600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Sitecom Control Center"="c:\program files (x86)\Sitecom\MFP Server Control Center\Control Center.exe" [2011-10-06 3342336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-08 345312]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"ColdTurkey_notify"="c:\program files\ColdTurkey\ct_notify.exe" [2013-01-01 47104]
.
c:\users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2013-2-28 158808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2012-4-13 4727808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KCTRP;KCTRP;c:\program files\ColdTurkey\KCTRP_srv.exe;c:\program files\ColdTurkey\KCTRP_srv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz135;cpuz135;c:\users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 KUSBusByTCP;KUSBusByTCP;SysWOW64\Drivers\KUSBusByTCP.sys;SysWOW64\Drivers\KUSBusByTCP.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [x]
S2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130312.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130312.001\IDSvia64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\KUSBusByTCPMasterBus.sys;SysWOW64\Drivers\KUSBusByTCPMasterBus.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1403010.016\SYMNETS.SYS [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 18:32 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-14 21:33]
.
2013-06-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-64460349-3600327859-1846462070-1000Core.job
- c:\users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-12 18:25]
.
2013-06-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-64460349-3600327859-1846462070-1000UA.job
- c:\users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-12 18:25]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 00:26]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-23 13:47 261624 ----a-w- c:\users\Johanna\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-23 13:47 261624 ----a-w- c:\users\Johanna\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-23 13:47 261624 ----a-w- c:\users\Johanna\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-13 22:29 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-13 22:29 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-13 22:29 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-23 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-23 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-23 440128]
"CECAPLF"="c:\program files (x86)\ChiconyCam\CECAPLF.exe" [2011-07-06 121456]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.121.253
FF - ProfilePath - c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\04u4khc1.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} - c:\program files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-16 17:02:23
ComboFix-quarantined-files.txt 2013-06-16 15:02
.
Vor Suchlauf: 13 Verzeichnis(se), 922.520.518.656 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 922.559.815.680 Bytes frei
.
- - End Of File - - 97F36D05C38270489C027CED9DF9B783
A36C5E4F47E84449FF07ED3517B43A31> Achja! Mein Internetexplorer öffnet mir jetzt irgendwie keine Seiten mehr. Verwende nun GoogleChrome. |
|
16.06.2013, 17:58
| #12 |
| /// Malware-holic | HILFEE!! Virus - System Care Antivirus deinstaliere spyhunter bitte. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.06.2013, 19:17
| #13 |
| | HILFEE!! Virus - System Care Antivirus So, es wurden keine infizierten Dateien gefunden. Sind wir jetzt fertig? Wieso kann ich mit IE nicht mehr ins Internet? Er öffnet keinerlei Seiten mehr. Kann ich die ganzen Programme, die wir jetzt installiert haben wieder deinstallieren? Welches Virenprogramm empfiehlst du mir? Jetzt besitze ich die Gratisversion von Avira. Vielen Dank schon mal! Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.06.16.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16614 Johanna :: JOHANNA-LAPTOP [Administrator] Schutz: Aktiviert 16.06.2013 19:10:52 mbam-log-2013-06-16 (19-10-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 386276 Laufzeit: 1 Stunde(n), 3 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
17.06.2013, 14:19
| #14 |
| /// Malware-holic | HILFEE!! Virus - System Care Antivirus nein wir haben noch zu tun. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten. internet explorer standard einstellungen wiederherstellen windows.microsoft.com/de-de/windows-vista/reset-internet-explorer-7-settings
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.06.2013, 15:32
| #15 |
| | HILFEE!! Virus - System Care Antivirus Der Internetexplorer funktioniert schon mal wieder Bei den ganzen Systemprogrammen, habe ich jetzt mal nichts dahinter geschrieben. |
|
| Themen zu HILFEE!! Virus - System Care Antivirus |
| angst, antivirus, aufeinmal, dateien, daten, erstell, helft, hilfee, log, nichts, panik, passieren, runtergeladen, sache, sachen, spyhunter, stunde, stunden, system, system care, system care anti virus, system care antivirus, system care antivirus entfernen, system care antivirus systemcareantivirus logs, threads, virus |
WARNUNG an die MITLESER: 
Linear-Darstellung
