Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner.agent.ck - PLS HELP (https://www.trojaner-board.de/129901-trojaner-agent-ck-pls-help.html)

juergen21186 21.01.2013 21:34
Trojaner.agent.ck - PLS HELP
 
Halo Jungs,

könnt ihr mir helfen bei einem kleine Problem mit meinem PC!

Ha eine Trojaner drauf und einer meiner Accounts wurde bereits gehackt - PLS HELP!


THX
Mfg
WOlfi

markusg 21.01.2013 22:11
hi
welches programm hat die im betreff genannte meldung gezeigt, log posten bitte.
klingt nach malwarebytes, deswegen, öffnen, logdateien, Berichte mit Funden posten

juergen21186 21.01.2013 22:39
c:\windows\reset- kann die log nicht öffnen..

Trojan.Agent.CK

Ahhh

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Maria :: HELMS-PC [Administrator]

Schutz: Aktiviert

21.01.2013 21:44:46
MBAM-log-2013-01-21 (22-42-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 393593
Laufzeit: 40 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\reset.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.

(Ende)

markusg 22.01.2013 15:28
ne idee woher die stamm:
C:\Windows\reset.exe

juergen21186 22.01.2013 20:19
keine ahnung woher die stammt
wiso was macht diese datei???

markusg 23.01.2013 14:18
weis ich momentan noch nicht, schaun wir mal:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

juergen21186 23.01.2013 19:00
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 23.01.2013 18:36:53 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Maria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 62,90% Memory free
8,00 Gb Paging File | 6,36 Gb Available in Paging File | 79,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 5,74 Gb Free Space | 11,78% Space Free | Partition Type: NTFS
Drive D: | 649,81 Gb Total Space | 595,98 Gb Free Space | 91,72% Space Free | Partition Type: NTFS
Drive E: | 12,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: HELMS-PC | User Name: Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8889CD-F161-4A91-B944-8F26529639F1}" = rport=139 | protocol=6 | dir=out | app=system |
"{0E17C817-6DD5-4BBF-AC51-0743DB268D0C}" = lport=137 | protocol=17 | dir=in | app=system |
"{1409FF30-0264-47F4-AF11-416D07B4D8E9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{15125B67-755D-4CF3-AE01-232D3DFB6C3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23002E68-ADBB-43DB-B3CD-78D20AA1FB43}" = lport=138 | protocol=17 | dir=in | app=system |
"{2EB294B3-1D24-463B-817E-021D97F82087}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FF8693D-1234-4D48-8A9D-7D1C2ECE8263}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{30E0DAA8-9A4C-4AED-BA83-FF8BD3AC71F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36B29A43-8076-448B-8F50-8641A9FC6FBD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3B5BF209-51A1-4794-857F-403D778DB58A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BECCD02-7C75-4139-9401-C55C134DD582}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54D5358C-CD09-479F-A5BE-CFEB2244D09D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6BA04D64-48AE-4100-A822-BA66ED1A2394}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E19E760-1881-4993-8272-203C527A74AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{7F15CDD5-6FB4-47FA-A0FC-16AEE4230E7B}" = lport=139 | protocol=6 | dir=in | app=system |
"{8823F5EB-F2A3-4856-84DA-C4B4455BD097}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A897AEE-CB28-4344-9EF9-1870DE997F03}" = lport=2869 | protocol=6 | dir=in | app=system |
"{989F6822-279C-4576-BCC4-E94DE3F915D1}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FD3EDA8-065F-4292-98CA-9BC77A40D137}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2E451FA-F13D-4FA0-BB6D-AD8B6A89A9E3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CC4C076F-842E-4617-9F45-840A97D759E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD4B9477-97C0-402E-BA5A-5743E9370EEE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D596B60D-6428-4639-9A65-A50C6DBCEBBE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFBC7F30-05FA-4C66-8CEE-CDA6FC1D8386}" = lport=445 | protocol=6 | dir=in | app=system |
"{F07AE683-847C-4471-A4FD-F0EB2C563B78}" = rport=138 | protocol=17 | dir=out | app=system |
"{F3DCD11F-3E99-4A0B-8F1E-E5D8387D9316}" = rport=10243 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003FAA3D-ADAA-4BD2-AF19-09986A407684}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{0152FDE8-55AD-4F5D-B9CE-8C34A8CCBC44}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0156EA62-A800-476A-98E5-0BCBF998329E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{106A8A8E-5E23-494D-8957-1CCF9B1B0977}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{1DD4A1A8-DA40-4129-AD6A-0B31B485BD43}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FEBE171-E73E-4ED8-A3D4-3FAB5DDACB5A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{22919BD2-34F4-4C93-B368-59AF2DA522CD}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{3083C742-F22C-49BC-9DBB-FD780111DB21}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{33FBF56B-245D-4E26-9F09-0DAEFA4F084C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{33FC580F-A1F7-4AE9-8700-DB65265501BB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{3C53D7D2-8200-4E47-81E9-6B00753DC756}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3F1ADBD1-1907-40E9-B353-CF45C3EACF61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F617A3D-BC50-47A3-92AB-B173D074DDFB}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{45999390-F5BA-4D5D-9398-2C88E1204FCC}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{4AFB2722-9A7C-49CB-9AE0-935112E5CCA0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4BB364CE-162F-4162-8289-420F7C58D000}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5899D2DD-7454-4312-9A4C-51232707CCD9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{592735B0-775F-4BE5-B013-04A757E9D3ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5C2D4698-24ED-4765-81EA-8A0E0C37D036}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{624C17A9-8EB4-48DE-A17B-4C891819A46E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{67605B95-FE47-48F7-94CD-7B7B1480B9B6}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{7E1FE96E-86C3-4481-A6D9-48CDEF67951D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{8103A9B3-1A3A-4559-9E94-1D62BCD94A52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{820EAA12-FC4E-4EBF-A3B8-B7E44C7BC095}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F0C7AD8-0CB0-452D-8DA7-E2F428E47F5D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{900E4C66-2E8B-4076-AF0A-62F68BA77FA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98930990-87E7-4EF3-95C1-A195D5C69F1D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A0240C4A-B130-4C08-AAD8-554449E4B898}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A3F2F74D-E42E-4878-B063-D72C63DAA360}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0C7A1B4-AB0E-4FF2-9AC5-83650C3F3487}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{B4A2AE28-99AF-4840-BC40-1F7B54B543DC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B62ED63D-C4BE-40A2-A3FE-5F058195EB4A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B6611775-11DA-4B37-A0D2-E34895547321}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B70ECE64-C400-4D60-8816-3C00886F258C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B98706D4-0515-4D89-8C4B-7E4667C6ABEF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BE89726C-8E71-4C7B-ACEB-5F41313A8424}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C0824B9D-97F0-4C38-82D9-EB3A8975EA0A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{D2F3F2E4-6A55-4ABB-91EA-FC294B71B511}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6C56E8C-F108-4DCA-8444-E94683B55B76}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E0E1187A-2E66-4FA1-B5B0-79776E15F688}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E5D4C63C-0104-4703-9DC4-711964A48A39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EADFFDBC-F776-40D1-BEC9-3B07551A8B87}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{EB146887-5E7B-43F3-891A-0BF483EE3C20}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EEB8CA28-E536-4B70-9304-9100CD3B98EC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F0E70BD5-0A10-40A6-90CF-157918068A54}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F63B748A-BEE0-412B-A336-211ABBAC4593}" = protocol=6 | dir=out | app=system |
"{F6C0971F-B592-4A5B-A92F-7E20EE7E3C63}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{F99EF7AF-B043-4898-B098-D25F962E4E5C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"TCP Query User{2A83F49F-0EE5-4EA4-B8CD-74E0A4079BA2}D:\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\world of tanks\wotlauncher.exe |
"TCP Query User{3AD578A9-E60F-492A-8396-EE40AC4079DE}D:\world of tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\world of tanks\worldoftanks.exe |
"TCP Query User{48225E00-7327-488A-B81C-D5A8A5BEB8C6}D:\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=d:\age of conan\conanpatcher.exe |
"TCP Query User{66674DAF-A92C-4183-86CC-D39389C50586}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{72CC8248-452D-4CCD-BD0F-0DE370F5687F}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{8AB211A3-1948-4FC7-8462-9DBEC1C3712C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{DF85630C-F796-45B3-8FF1-62BBFEC8F8FB}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe |
"TCP Query User{E837B553-B2CF-40DA-A6AA-EF5BC2B3D2F9}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{FF6A869D-363F-4644-AABD-38D7D50EBBED}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{1124E65E-B7D7-466A-837C-300A66CBD661}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe |
"UDP Query User{40AFA244-6C9D-42F7-9F17-66B9F898CFC5}D:\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\world of tanks\wotlauncher.exe |
"UDP Query User{5227989C-6E07-413B-9540-D979C00A1886}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{5946E5DD-CCA5-4968-97AD-8D2EE259BE5F}D:\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=d:\age of conan\conanpatcher.exe |
"UDP Query User{85526D46-89F0-4218-B505-E1930AE25D63}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{9BBA9E25-4314-4BDC-ACD4-028F45F3A0F5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{A1C82949-0932-43BD-9218-41706B9A4FFE}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{AA0CCA6B-6344-4E13-A19A-81C5B623E4FB}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{D0A9FC43-B6BD-434E-8E9B-702604122987}D:\world of tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\world of tanks\worldoftanks.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2016B2AD-0051-05C7-9CCB-CE9F05659CB7}" = ccc-utility64
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{25D04DBB-FE9D-E3BA-C2F3-F1BE9B8C0709}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55B44B84-A758-EAF7-0906-E397B384FCDF}" = ATI AVIVO64 Codecs
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87A583D2-2C4C-4F01-B226-D60EE8C4DDB7}" = ESET NOD32 Antivirus
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C6C08B1E-8A45-7571-727E-E28DD15AD556}" = AMD Drag and Drop Transcoding
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D611B241-28A0-4937-AF86-17565CAF9807}" = PC Suite for Sony Ericsson x64
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
"{0CA1005F-B640-0354-EC82-F8F7447A8E8A}" = CCC Help Hungarian
"{0FC472C3-6A2A-969F-10E7-E8F61B18117C}" = Catalyst Control Center Localization All
"{12076C90-4A78-7241-F633-4D2B019D5611}" = CCC Help Thai
"{17E11EC2-3736-10A1-330C-CC7EB6CAC6B3}" = CCC Help Turkish
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{31405CA2-F009-D91B-FEFF-35924343CB14}" = Catalyst Control Center InstallProxy
"{31B75145-DF24-C759-E735-9C129956961E}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{59F5C54C-ED39-58B4-42DA-3F20AB440E49}" = CCC Help Czech
"{641C1B16-FD4C-0F97-47AE-76637FC64225}" = CCC Help English
"{64B157C9-C291-2535-8177-237BC2D37EBF}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79C2D7F9-3BF8-52C1-6A7A-84C9296171F8}" = CCC Help German
"{7B29E627-71A5-6824-3F85-DBEF19624BD0}" = ccc-core-static
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{88B2BB7B-A684-E8E3-65C6-DDC5DC152C2A}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CB77076-DB66-5D92-7886-807226C9CE4B}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94F4B1D4-0BCC-E5C6-4EAE-F1A287383D5B}" = CCC Help Finnish
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98838C21-AD83-77AA-3B09-F437C6F24F8F}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6F56DA-7051-6677-4E5A-9DC6C573F2B5}" = CCC Help Portuguese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE051B0-39BC-F5DD-C99B-0D4793184C2A}" = CCC Help Chinese Standard
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA6B96C4-7AF5-3F6A-E630-4096508A9C47}" = CCC Help Danish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B48E87FE-A8D9-EE14-B607-3FA1ACEF218E}" = CCC Help Norwegian
"{B4FA8E67-D299-485A-407B-05A2681BAF47}" = CCC Help Japanese
"{BB05BC7D-BEF8-7A7B-C62E-F1BE381E70BB}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3FA3CCE-2A88-0976-B875-4B3E9D41204D}" = Catalyst Control Center Graphics Previews Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D34F0251-1C96-09B3-EE29-2A9148413252}" = CCC Help Chinese Traditional
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A0D86-35B0-BFC8-174B-D991EDF903B8}" = Catalyst Control Center Graphics Previews Vista
"{D5610369-AF78-386F-4985-9822654973A3}" = CCC Help Polish
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E937F8DA-8C7F-ADFE-7EA5-7C1CAAB23C05}" = HydraVision
"{ECD129A4-5A21-1977-0849-6913BA6BA29C}" = CCC Help Russian
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F77D44EB-2A6E-E2EE-7C30-40A5409B2650}" = CCC Help Greek
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"3DataManager" = 3DataManager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Conan_is1" = Age of Conan: Unchained
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"StarCraft II" = StarCraft II
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.12.2012 14:45:18 | Computer Name = Helms-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 73778301
 
Error - 18.12.2012 14:45:18 | Computer Name = Helms-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 73778301
 
Error - 19.12.2012 13:59:52 | Computer Name = Helms-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000089cd
ID
 des fehlerhaften Prozesses: 0x6c4  Startzeit der fehlerhaften Anwendung: 0x01cdde017787a3e0
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: e2886268-4a05-11e2-87c5-20cf30b2528b
 
Error - 22.12.2012 05:15:49 | Computer Name = Helms-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msiexec.exe, Version: 5.0.7601.17514,
 Zeitstempel: 0x4ce79d93  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c96e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000013cb4
ID
 des fehlerhaften Prozesses: 0xef4  Startzeit der fehlerhaften Anwendung: 0x01cde02077a56df0
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\msiexec.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\RPCRT4.dll  Berichtskennung: 2cd52f18-4c18-11e2-ba92-20cf30b2528b
 
Error - 25.12.2012 08:16:11 | Computer Name = Helms-PC | Source = RasClient | ID = 20227
Description =
 
Error - 25.12.2012 20:27:24 | Computer Name = Helms-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
 Zeitstempel: 0x50b7198b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00144ed8  ID des fehlerhaften
 Prozesses: 0x1318  Startzeit der fehlerhaften Anwendung: 0x01cde2be426d08f0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 0455f5d0-4ef3-11e2-ad7d-20cf30b2528b
 
Error - 28.12.2012 13:37:05 | Computer Name = Helms-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
 Zeitstempel: 0x50b7198b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00144ed8  ID des fehlerhaften
 Prozesses: 0x1324  Startzeit der fehlerhaften Anwendung: 0x01cde4f5d478bf80  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 3185e7e4-5115-11e2-9b46-20cf30b2528b
 
Error - 04.01.2013 14:33:51 | Computer Name = Helms-PC | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.5.3.23260 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1c8    Startzeit:
01cdeaa972784e40    Endzeit: 104    Anwendungspfad: D:\StarCraft II\Versions\Base23260\SC2.exe

Berichts-ID:
 
 
Error - 08.01.2013 11:37:48 | Computer Name = Helms-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000017f5f
ID
 des fehlerhaften Prozesses: 0x648  Startzeit der fehlerhaften Anwendung: 0x01cded91a0ed7da0
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 5a853a90-59a9-11e2-99ed-20cf30b2528b
 
Error - 16.01.2013 15:27:29 | Computer Name = Helms-PC | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.5.4.24540 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1160    Startzeit:
 01cdf4106abc2e40    Endzeit: 81    Anwendungspfad: D:\StarCraft II\Versions\Base23260\SC2.exe

Berichts-ID:
 
 
[ System Events ]
Error - 20.01.2013 17:38:43 | Computer Name = Helms-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 21.01.2013 14:54:10 | Computer Name = Helms-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Eset Trial Reset erreicht.
 
Error - 21.01.2013 14:54:10 | Computer Name = Helms-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eset Trial Reset" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 21.01.2013 14:55:30 | Computer Name = Helms-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "ESET Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 21.01.2013 14:55:30 | Computer Name = Helms-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "ESET Service" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:  %%1058
 
Error - 22.01.2013 14:39:49 | Computer Name = Helms-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Eset Trial Reset erreicht.
 
Error - 22.01.2013 14:39:49 | Computer Name = Helms-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eset Trial Reset" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 22.01.2013 17:13:25 | Computer Name = Helms-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 23.01.2013 13:28:35 | Computer Name = Helms-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Eset Trial Reset erreicht.
 
Error - 23.01.2013 13:28:35 | Computer Name = Helms-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eset Trial Reset" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 23.01.2013 18:36:53 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Maria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 62,90% Memory free
8,00 Gb Paging File | 6,36 Gb Available in Paging File | 79,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 5,74 Gb Free Space | 11,78% Space Free | Partition Type: NTFS
Drive D: | 649,81 Gb Total Space | 595,98 Gb Free Space | 91,72% Space Free | Partition Type: NTFS
Drive E: | 12,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: HELMS-PC | User Name: Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.23 18:33:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe
PRC - [2013.01.19 11:29:16 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010.11.04 17:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010.08.10 11:24:13 | 002,500,048 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Program Files (x86)\3DataManager\3DataManager.exe
PRC - [2010.07.27 11:01:09 | 000,484,816 | ---- | M] () -- C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe
PRC - [2010.07.08 13:18:29 | 000,333,264 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WTGService.exe
PRC - [2010.06.14 13:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010.03.22 19:07:22 | 000,268,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.02.28 11:58:42 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
PRC - [2008.02.28 11:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2006.03.02 11:55:24 | 000,634,947 | ---- | M] (Intuwave Ltd.) -- C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
PRC - [2006.03.02 11:54:16 | 000,290,816 | ---- | M] (Intuwave Ltd.) -- C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.19 11:29:15 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.08.09 13:34:51 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WTGSMSPCClient.Dll
MOD - [2010.08.04 11:47:00 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WtgCore.dll
MOD - [2010.07.29 13:33:58 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WtgDriverInstall.dll
MOD - [2010.07.28 13:55:38 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WtgBluetooth.dll
MOD - [2010.07.28 13:55:37 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WtgDetection.dll
MOD - [2010.07.28 13:55:36 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WtgDatabase.dll
MOD - [2010.07.28 13:55:36 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WtgPorts.dll
MOD - [2010.07.28 13:55:36 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WtgDialup.dll
MOD - [2010.07.28 13:55:34 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WtgUtil.dll
MOD - [2010.07.27 11:01:09 | 000,484,816 | ---- | M] () -- C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe
MOD - [2010.07.08 13:10:30 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\3DataManager\PhoenixUtil.dll
MOD - [2010.07.08 13:10:13 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\3DataManager\LiveBoxCM.dll
MOD - [2010.07.08 13:10:09 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WTGDriverInstallX.Dll
MOD - [2010.07.08 13:08:44 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WtgWiFi.dll
MOD - [2010.07.08 13:08:43 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WTGDebugs.dll
MOD - [2010.07.06 13:45:30 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WTGXMLUtil.dll
MOD - [2010.06.14 13:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
MOD - [2010.01.27 05:12:26 | 000,236,032 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WtgMobileBroadband7.dll
MOD - [2009.08.28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2007.02.27 15:14:00 | 000,823,296 | ---- | M] () -- C:\Program Files (x86)\3DataManager\LIBEAY32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.05.27 17:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:39:29 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\regedt32.exe -- (.EsetTrialReset)
SRV:64bit: - [2008.02.19 09:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV - [2013.01.19 11:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 14:56:36 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.27 19:07:33 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.11.04 17:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.11.04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.07.08 13:18:29 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService)
SRV - [2010.03.22 19:07:22 | 000,268,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010.03.22 19:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.14 02:14:30 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\regedt32.exe -- (.EsetTrialReset)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.23 14:41:05 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2012.12.23 14:41:05 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2012.12.23 14:41:05 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2012.12.23 14:41:05 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.11.01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.09.03 06:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010.07.29 12:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.07.29 12:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010.07.21 16:58:50 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010.05.27 18:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.27 17:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.06 10:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.03.09 15:33:10 | 001,849,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.15 01:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008.01.15 10:42:24 | 000,120,832 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zebrsce.sys -- (zebrsce)
DRV:64bit: - [2008.01.15 10:42:22 | 000,145,408 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zebrmdmc.sys -- (zebrmdmc)
DRV:64bit: - [2008.01.15 10:42:22 | 000,145,408 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zebrmdm.sys -- (zebrmdm)
DRV:64bit: - [2008.01.15 10:42:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zebrmdfl.sys -- (zebrmdfl)
DRV:64bit: - [2008.01.15 10:42:20 | 000,108,544 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zebrbus.sys -- (zebrbus)
DRV:64bit: - [2008.01.15 10:42:20 | 000,081,280 | ---- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\zebrceb.sys -- (zebrceb)
DRV:64bit: - [2007.01.19 17:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 19 B8 00 11 F8 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:29:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 11:29:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.12.27 19:16:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:29:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 11:29:10 | 000,000,000 | ---D | M]
 
[2010.12.27 14:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\mozilla\Extensions
[2013.01.21 23:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\rrbor1vp.default\extensions
[2013.01.21 23:28:48 | 000,533,221 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\mozilla\firefox\profiles\rrbor1vp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.17 17:36:54 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\mozilla\firefox\profiles\rrbor1vp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.19 11:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 11:29:16 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.10 09:33:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 20:38:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.10 09:33:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.10 09:33:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.10 09:33:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.10 09:33:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [PC Suite for Smartphones] C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKCU..\Run: [mRouterConfig] C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe (Intuwave Ltd.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{356E9984-4FC1-404B-9EBA-E9C8E8E8F42A}: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E778B24-E2C4-4E64-B05F-157040E97C41}: NameServer = 213.94.78.17 213.94.78.16
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\MARIA\DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\MARIA\DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.16 13:22:04 | 000,021,960 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.16 17:14:06 | 000,000,057 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f6f76d67-4d02-11e2-8128-20cf30b2528b}\Shell - "" = AutoRun
O33 - MountPoints2\{f6f76d67-4d02-11e2-8128-20cf30b2528b}\Shell\AutoRun\command - "" = E:\.\Autorun.exe -- [2008.06.16 13:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.23 18:33:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe
[2013.01.22 22:25:27 | 000,000,000 | ---D | C] -- C:\Users\Maria\Documents\ProcessExplorer
[2013.01.21 21:27:08 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\TeamViewer
[2013.01.21 21:03:45 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Malwarebytes
[2013.01.21 21:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.21 21:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.21 21:03:00 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.21 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.21 21:02:44 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Local\Programs
[2013.01.19 11:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.31 11:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.12.29 23:41:48 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Local\Funcom
[2012.12.29 23:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs
[2012.12.28 17:42:13 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Wargaming.net
[2012.12.26 11:22:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.12.26 11:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.12.25 17:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2012.12.25 17:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012.12.25 14:50:35 | 000,000,000 | ---D | C] -- C:\Users\Maria\Documents\Microsoft Hardware
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.23 18:35:01 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.23 18:35:01 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.23 18:33:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe
[2013.01.23 18:28:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.23 18:28:25 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.22 22:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.21 22:15:56 | 000,000,118 | ---- | M] () -- C:\Users\Maria\Desktop\Trojaner Board.url
[2013.01.21 21:44:31 | 000,001,127 | ---- | M] () -- C:\Users\Maria\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.21 21:03:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.10 12:13:03 | 000,056,133 | ---- | M] () -- C:\Users\Maria\Desktop\2.jpg
[2013.01.10 12:12:40 | 000,065,368 | ---- | M] () -- C:\Users\Maria\Desktop\1.jpg
[2013.01.10 11:27:56 | 000,418,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 00:02:05 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.10 00:02:05 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.10 00:02:05 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.10 00:02:05 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.10 00:02:05 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.31 11:16:57 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.12.26 11:22:32 | 000,000,589 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2012.12.25 17:46:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.12.25 13:15:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.01.21 22:15:39 | 000,000,118 | ---- | C] () -- C:\Users\Maria\Desktop\Trojaner Board.url
[2013.01.21 21:44:31 | 000,001,127 | ---- | C] () -- C:\Users\Maria\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.21 21:03:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.10 12:13:02 | 000,056,133 | ---- | C] () -- C:\Users\Maria\Desktop\2.jpg
[2013.01.10 12:12:38 | 000,065,368 | ---- | C] () -- C:\Users\Maria\Desktop\1.jpg
[2012.12.31 11:16:53 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.12.26 11:22:32 | 000,000,589 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2012.12.25 17:46:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.12.25 13:15:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.04.29 21:09:00 | 000,003,088 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\PData.MMM
[2012.04.29 21:09:00 | 000,003,088 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\PData.MM1
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.20 12:51:35 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\3DataManager
[2012.04.29 21:09:00 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\AUTOSICH
[2013.01.21 21:27:08 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\TeamViewer
[2011.03.23 14:29:26 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Teleca
[2013.01.23 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\TS3Client
[2012.12.28 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Wargaming.net
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.02.17 19:58:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.27 13:36:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.28 13:45:54 | 000,000,000 | ---D | M] -- C:\drivers
[2010.12.27 18:24:04 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.25 17:44:57 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.21 21:03:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.21 21:03:01 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.12.27 13:36:39 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.12.27 13:36:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.23 18:38:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.05 22:13:17 | 000,000,000 | ---D | M] -- C:\temp
[2010.12.27 14:11:46 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.22 19:40:59 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.31 07:51:21 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.01.23 18:49:47 | 003,670,016 | -HS- | M] () -- C:\Users\Maria\NTUSER.DAT
[2013.01.23 18:49:47 | 000,262,144 | -HS- | M] () -- C:\Users\Maria\ntuser.dat.LOG1
[2010.12.27 13:36:50 | 000,000,000 | -HS- | M] () -- C:\Users\Maria\ntuser.dat.LOG2
[2010.12.27 13:39:29 | 000,065,536 | -HS- | M] () -- C:\Users\Maria\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.12.27 13:39:29 | 000,524,288 | -HS- | M] () -- C:\Users\Maria\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.12.27 13:39:29 | 000,524,288 | -HS- | M] () -- C:\Users\Maria\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.04.24 06:17:27 | 000,065,536 | -HS- | M] () -- C:\Users\Maria\NTUSER.DAT{6b1ff0dd-8dc3-11e1-8673-20cf30b2528b}.TM.blf
[2012.04.24 06:17:27 | 000,524,288 | -HS- | M] () -- C:\Users\Maria\NTUSER.DAT{6b1ff0dd-8dc3-11e1-8673-20cf30b2528b}.TMContainer00000000000000000001.regtrans-ms
[2012.04.24 06:17:27 | 000,524,288 | -HS- | M] () -- C:\Users\Maria\NTUSER.DAT{6b1ff0dd-8dc3-11e1-8673-20cf30b2528b}.TMContainer00000000000000000002.regtrans-ms
[2011.12.16 13:28:47 | 000,065,536 | -HS- | M] () -- C:\Users\Maria\NTUSER.DAT{936d756c-27df-11e1-be0b-20cf30b2528b}.TM.blf
[2011.12.16 13:28:47 | 000,524,288 | -HS- | M] () -- C:\Users\Maria\NTUSER.DAT{936d756c-27df-11e1-be0b-20cf30b2528b}.TMContainer00000000000000000001.regtrans-ms
[2011.12.16 13:28:47 | 000,524,288 | -HS- | M] () -- C:\Users\Maria\NTUSER.DAT{936d756c-27df-11e1-be0b-20cf30b2528b}.TMContainer00000000000000000002.regtrans-ms
[2010.12.27 13:36:50 | 000,000,020 | -HS- | M] () -- C:\Users\Maria\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---

hab gemacht was du gemeint hast hoffe das hilft uns weiter!!

markusg 24.01.2013 18:02
Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

juergen21186 24.01.2013 18:31
18:27:58.0456 3352 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:27:58.0877 3352 ============================================================
18:27:58.0877 3352 Current date / time: 2013/01/24 18:27:58.0877
18:27:58.0877 3352 SystemInfo:
18:27:58.0877 3352
18:27:58.0877 3352 OS Version: 6.1.7601 ServicePack: 1.0
18:27:58.0877 3352 Product type: Workstation
18:27:58.0877 3352 ComputerName: HELMS-PC
18:27:58.0877 3352 UserName: Maria
18:27:58.0877 3352 Windows directory: C:\Windows
18:27:58.0877 3352 System windows directory: C:\Windows
18:27:58.0877 3352 Running under WOW64
18:27:58.0877 3352 Processor architecture: Intel x64
18:27:58.0877 3352 Number of processors: 4
18:27:58.0877 3352 Page size: 0x1000
18:27:58.0877 3352 Boot type: Normal boot
18:27:58.0877 3352 ============================================================
18:27:59.0693 3352 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x540BE, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
18:27:59.0704 3352 ============================================================
18:27:59.0704 3352 \Device\Harddisk0\DR0:
18:27:59.0704 3352 MBR partitions:
18:27:59.0704 3352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:27:59.0704 3352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6176000
18:27:59.0704 3352 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x61A8800, BlocksNum 0x5139C800
18:27:59.0704 3352 ============================================================
18:27:59.0716 3352 C: <-> \Device\Harddisk0\DR0\Partition2
18:27:59.0717 3352 D: <-> \Device\Harddisk0\DR0\Partition3
18:27:59.0717 3352 ============================================================
18:27:59.0717 3352 Initialize success
18:27:59.0717 3352 ============================================================
18:29:08.0613 3148 ============================================================
18:29:08.0613 3148 Scan started
18:29:08.0613 3148 Mode: Manual; SigCheck; TDLFS;
18:29:08.0614 3148 ============================================================
18:29:08.0835 3148 ================ Scan system memory ========================
18:29:08.0835 3148 System memory - ok
18:29:08.0836 3148 ================ Scan services =============================
18:29:08.0913 3148 .EsetTrialReset - ok
18:29:08.0993 3148 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:29:09.0113 3148 1394ohci - ok
18:29:09.0150 3148 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:29:09.0184 3148 ACPI - ok
18:29:09.0195 3148 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:29:09.0297 3148 AcpiPmi - ok
18:29:09.0439 3148 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:29:09.0474 3148 AdobeFlashPlayerUpdateSvc - ok
18:29:09.0517 3148 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:29:09.0598 3148 adp94xx - ok
18:29:09.0611 3148 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:29:09.0655 3148 adpahci - ok
18:29:09.0667 3148 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:29:09.0683 3148 adpu320 - ok
18:29:09.0704 3148 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:29:09.0834 3148 AeLookupSvc - ok
18:29:09.0886 3148 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:29:09.0991 3148 AFD - ok
18:29:10.0006 3148 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:29:10.0047 3148 agp440 - ok
18:29:10.0062 3148 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:29:10.0098 3148 ALG - ok
18:29:10.0109 3148 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:29:10.0129 3148 aliide - ok
18:29:10.0176 3148 [ F687D4976EFF550FB0BE45A5CB19F18F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:29:10.0248 3148 AMD External Events Utility - ok
18:29:10.0274 3148 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:29:10.0305 3148 amdide - ok
18:29:10.0324 3148 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:29:10.0406 3148 AmdK8 - ok
18:29:10.0556 3148 [ 74687C33C4AD25A975BBB1EA1E8B3884 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:29:10.0706 3148 amdkmdag - ok
18:29:10.0727 3148 [ C7F56ED86327A78E7F8A5CC503A98BD6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:29:10.0744 3148 amdkmdap - ok
18:29:10.0765 3148 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:29:10.0801 3148 AmdPPM - ok
18:29:10.0832 3148 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:29:10.0894 3148 amdsata - ok
18:29:10.0913 3148 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:29:10.0936 3148 amdsbs - ok
18:29:10.0949 3148 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:29:10.0967 3148 amdxata - ok
18:29:11.0002 3148 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:29:11.0142 3148 AppID - ok
18:29:11.0167 3148 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:29:11.0218 3148 AppIDSvc - ok
18:29:11.0239 3148 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:29:11.0301 3148 Appinfo - ok
18:29:11.0384 3148 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:29:11.0416 3148 Apple Mobile Device - ok
18:29:11.0436 3148 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:29:11.0463 3148 arc - ok
18:29:11.0479 3148 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:29:11.0492 3148 arcsas - ok
18:29:11.0515 3148 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:11.0600 3148 AsyncMac - ok
18:29:11.0635 3148 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:29:11.0679 3148 atapi - ok
18:29:11.0753 3148 [ A42A4052A7DC86E3A01DFAE97FFE2ED1 ] athur C:\Windows\system32\DRIVERS\athurx.sys
18:29:11.0832 3148 athur - ok
18:29:11.0876 3148 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
18:29:11.0907 3148 AtiHdmiService - ok
18:29:11.0938 3148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:29:12.0001 3148 AudioEndpointBuilder - ok
18:29:12.0010 3148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:29:12.0040 3148 AudioSrv - ok
18:29:12.0082 3148 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:29:12.0154 3148 AxInstSV - ok
18:29:12.0187 3148 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:29:12.0227 3148 b06bdrv - ok
18:29:12.0244 3148 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:29:12.0293 3148 b57nd60a - ok
18:29:12.0316 3148 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:29:12.0339 3148 BDESVC - ok
18:29:12.0357 3148 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:29:12.0408 3148 Beep - ok
18:29:12.0456 3148 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:29:12.0490 3148 BFE - ok
18:29:12.0513 3148 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:29:12.0567 3148 BITS - ok
18:29:12.0582 3148 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:29:12.0611 3148 blbdrive - ok
18:29:12.0681 3148 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:29:12.0692 3148 Bonjour Service - ok
18:29:12.0743 3148 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:29:12.0791 3148 bowser - ok
18:29:12.0806 3148 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:29:12.0872 3148 BrFiltLo - ok
18:29:12.0888 3148 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:29:12.0905 3148 BrFiltUp - ok
18:29:12.0935 3148 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:29:12.0958 3148 Browser - ok
18:29:12.0970 3148 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:29:13.0041 3148 Brserid - ok
18:29:13.0054 3148 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:29:13.0093 3148 BrSerWdm - ok
18:29:13.0107 3148 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:29:13.0140 3148 BrUsbMdm - ok
18:29:13.0157 3148 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:29:13.0167 3148 BrUsbSer - ok
18:29:13.0177 3148 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:29:13.0208 3148 BTHMODEM - ok
18:29:13.0233 3148 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:29:13.0269 3148 bthserv - ok
18:29:13.0283 3148 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:29:13.0316 3148 cdfs - ok
18:29:13.0338 3148 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:29:13.0369 3148 cdrom - ok
18:29:13.0399 3148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:29:13.0462 3148 CertPropSvc - ok
18:29:13.0478 3148 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:29:13.0496 3148 circlass - ok
18:29:13.0528 3148 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:29:13.0601 3148 CLFS - ok
18:29:13.0639 3148 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:13.0654 3148 clr_optimization_v2.0.50727_32 - ok
18:29:13.0700 3148 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:29:13.0712 3148 clr_optimization_v2.0.50727_64 - ok
18:29:13.0781 3148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:29:13.0830 3148 clr_optimization_v4.0.30319_32 - ok
18:29:13.0858 3148 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:29:13.0871 3148 clr_optimization_v4.0.30319_64 - ok
18:29:13.0895 3148 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:29:13.0930 3148 CmBatt - ok
18:29:13.0945 3148 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:29:13.0976 3148 cmdide - ok
18:29:14.0017 3148 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:29:14.0056 3148 CNG - ok
18:29:14.0068 3148 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:29:14.0088 3148 Compbatt - ok
18:29:14.0120 3148 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:29:14.0137 3148 CompositeBus - ok
18:29:14.0151 3148 COMSysApp - ok
18:29:14.0167 3148 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:29:14.0176 3148 crcdisk - ok
18:29:14.0208 3148 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:29:14.0248 3148 CryptSvc - ok
18:29:14.0291 3148 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
18:29:14.0328 3148 dc3d - ok
18:29:14.0365 3148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:29:14.0451 3148 DcomLaunch - ok
18:29:14.0490 3148 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:29:14.0531 3148 defragsvc - ok
18:29:14.0578 3148 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:29:14.0664 3148 DfsC - ok
18:29:14.0746 3148 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:29:14.0793 3148 Dhcp - ok
18:29:14.0806 3148 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:29:14.0870 3148 discache - ok
18:29:14.0893 3148 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:29:14.0912 3148 Disk - ok
18:29:14.0942 3148 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:29:15.0015 3148 Dnscache - ok
18:29:15.0049 3148 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:29:15.0099 3148 dot3svc - ok
18:29:15.0125 3148 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:29:15.0162 3148 DPS - ok
18:29:15.0183 3148 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:29:15.0205 3148 drmkaud - ok
18:29:15.0252 3148 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:29:15.0292 3148 DXGKrnl - ok
18:29:15.0324 3148 [ 72A1AA3C6C79B928D02A6FAD387B1349 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
18:29:15.0354 3148 eamonm - ok
18:29:15.0384 3148 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:29:15.0439 3148 EapHost - ok
18:29:15.0530 3148 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:29:15.0628 3148 ebdrv - ok
18:29:15.0648 3148 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:29:15.0671 3148 EFS - ok
18:29:15.0691 3148 [ E99457900012B53B2226F146ECAF9136 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
18:29:15.0739 3148 ehdrv - ok
18:29:15.0790 3148 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:29:15.0880 3148 ehRecvr - ok
18:29:15.0901 3148 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:29:15.0966 3148 ehSched - ok
18:29:16.0004 3148 [ 0A38BD2C9589910C634B10E644D5759C ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
18:29:16.0033 3148 EhttpSrv - ok
18:29:16.0083 3148 [ E6A6E6D58A8DCB64A0FFBC43863D0A80 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
18:29:16.0144 3148 ekrn - ok
18:29:16.0191 3148 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:29:16.0218 3148 elxstor - ok
18:29:16.0236 3148 [ A2AF094DCBE8BFF7E898D327750506A0 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
18:29:16.0257 3148 epfwwfpr - ok
18:29:16.0281 3148 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:29:16.0307 3148 ErrDev - ok
18:29:16.0350 3148 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:29:16.0391 3148 EventSystem - ok
18:29:16.0414 3148 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:29:16.0478 3148 exfat - ok
18:29:16.0493 3148 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:29:16.0553 3148 fastfat - ok
18:29:16.0610 3148 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:29:16.0667 3148 Fax - ok
18:29:16.0685 3148 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:29:16.0724 3148 fdc - ok
18:29:16.0746 3148 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:29:16.0787 3148 fdPHost - ok
18:29:16.0799 3148 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:29:16.0840 3148 FDResPub - ok
18:29:16.0853 3148 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:29:16.0873 3148 FileInfo - ok
18:29:16.0885 3148 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:29:16.0947 3148 Filetrace - ok
18:29:16.0974 3148 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:29:17.0014 3148 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:29:17.0014 3148 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:29:17.0032 3148 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:29:17.0057 3148 flpydisk - ok
18:29:17.0071 3148 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:29:17.0105 3148 FltMgr - ok
18:29:17.0156 3148 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:29:17.0207 3148 FontCache - ok
18:29:17.0266 3148 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:29:17.0291 3148 FontCache3.0.0.0 - ok
18:29:17.0307 3148 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:29:17.0339 3148 FsDepends - ok
18:29:17.0361 3148 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:29:17.0381 3148 fssfltr - ok
18:29:17.0456 3148 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:29:17.0511 3148 fsssvc - ok
18:29:17.0529 3148 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:29:17.0548 3148 Fs_Rec - ok
18:29:17.0573 3148 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:29:17.0586 3148 fvevol - ok
18:29:17.0600 3148 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:29:17.0641 3148 gagp30kx - ok
18:29:17.0685 3148 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:29:17.0708 3148 GEARAspiWDM - ok
18:29:17.0756 3148 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:29:17.0828 3148 gpsvc - ok
18:29:17.0841 3148 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:29:17.0876 3148 hcw85cir - ok
18:29:17.0916 3148 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:29:17.0964 3148 HdAudAddService - ok
18:29:17.0999 3148 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:29:18.0032 3148 HDAudBus - ok
18:29:18.0056 3148 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:29:18.0108 3148 HidBatt - ok
18:29:18.0122 3148 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:29:18.0146 3148 HidBth - ok
18:29:18.0159 3148 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:29:18.0200 3148 HidIr - ok
18:29:18.0226 3148 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:29:18.0291 3148 hidserv - ok
18:29:18.0313 3148 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:29:18.0345 3148 HidUsb - ok
18:29:18.0369 3148 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:29:18.0413 3148 hkmsvc - ok
18:29:18.0446 3148 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:29:18.0502 3148 HomeGroupListener - ok
18:29:18.0522 3148 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:29:18.0555 3148 HomeGroupProvider - ok
18:29:18.0582 3148 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:29:18.0598 3148 HpSAMD - ok
18:29:18.0628 3148 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:29:18.0674 3148 HTTP - ok
18:29:18.0698 3148 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:29:18.0717 3148 hwpolicy - ok
18:29:18.0736 3148 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:29:18.0757 3148 i8042prt - ok
18:29:18.0781 3148 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:29:18.0809 3148 iaStorV - ok
18:29:18.0848 3148 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:29:18.0865 3148 idsvc - ok
18:29:18.0877 3148 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:29:18.0887 3148 iirsp - ok
18:29:18.0909 3148 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:29:18.0949 3148 IKEEXT - ok
18:29:18.0963 3148 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:29:18.0972 3148 intelide - ok
18:29:18.0988 3148 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:29:19.0021 3148 intelppm - ok
18:29:19.0042 3148 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:29:19.0071 3148 IPBusEnum - ok
18:29:19.0096 3148 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:19.0124 3148 IpFilterDriver - ok
18:29:19.0161 3148 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:29:19.0196 3148 iphlpsvc - ok
18:29:19.0219 3148 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:29:19.0230 3148 IPMIDRV - ok
18:29:19.0240 3148 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:29:19.0299 3148 IPNAT - ok
18:29:19.0340 3148 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:29:19.0357 3148 iPod Service - ok
18:29:19.0381 3148 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:29:19.0438 3148 IRENUM - ok
18:29:19.0452 3148 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:29:19.0478 3148 isapnp - ok
18:29:19.0496 3148 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:29:19.0521 3148 iScsiPrt - ok
18:29:19.0590 3148 [ CF9BA304B8047B9582D72D9BFEF42EAE ] jswpsapi C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
18:29:19.0642 3148 jswpsapi - ok
18:29:19.0681 3148 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys
18:29:19.0809 3148 JSWPSLWF - ok
18:29:19.0837 3148 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:19.0863 3148 kbdclass - ok
18:29:19.0872 3148 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:19.0888 3148 kbdhid - ok
18:29:19.0904 3148 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:29:19.0912 3148 KeyIso - ok
18:29:19.0939 3148 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:29:19.0950 3148 KSecDD - ok
18:29:19.0982 3148 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:29:20.0014 3148 KSecPkg - ok
18:29:20.0024 3148 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:29:20.0101 3148 ksthunk - ok
18:29:20.0127 3148 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:29:20.0167 3148 KtmRm - ok
18:29:20.0198 3148 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:29:20.0230 3148 LanmanServer - ok
18:29:20.0257 3148 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:29:20.0283 3148 LanmanWorkstation - ok
18:29:20.0319 3148 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:29:20.0366 3148 lltdio - ok
18:29:20.0390 3148 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:29:20.0421 3148 lltdsvc - ok
18:29:20.0429 3148 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:29:20.0456 3148 lmhosts - ok
18:29:20.0478 3148 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:29:20.0499 3148 LSI_FC - ok
18:29:20.0504 3148 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:29:20.0525 3148 LSI_SAS - ok
18:29:20.0529 3148 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:29:20.0549 3148 LSI_SAS2 - ok
18:29:20.0562 3148 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:29:20.0584 3148 LSI_SCSI - ok
18:29:20.0599 3148 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:29:20.0638 3148 luafv - ok
18:29:20.0664 3148 lxbk_device - ok
18:29:20.0700 3148 [ 1B4DBCAA0321BBB76255983148051F09 ] massfilter C:\Windows\system32\drivers\massfilter.sys
18:29:20.0766 3148 massfilter - ok
18:29:20.0817 3148 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:29:20.0848 3148 MBAMProtector - ok
18:29:20.0897 3148 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:29:20.0930 3148 MBAMScheduler - ok
18:29:20.0955 3148 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:29:20.0973 3148 MBAMService - ok
18:29:20.0996 3148 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:29:21.0019 3148 Mcx2Svc - ok
18:29:21.0023 3148 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:29:21.0053 3148 megasas - ok
18:29:21.0071 3148 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:29:21.0097 3148 MegaSR - ok
18:29:21.0159 3148 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:29:21.0188 3148 Microsoft Office Groove Audit Service - ok
18:29:21.0218 3148 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:29:21.0290 3148 MMCSS - ok
18:29:21.0323 3148 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:29:21.0386 3148 Modem - ok
18:29:21.0395 3148 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:29:21.0414 3148 monitor - ok
18:29:21.0430 3148 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:29:21.0440 3148 mouclass - ok
18:29:21.0449 3148 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:29:21.0459 3148 mouhid - ok
18:29:21.0483 3148 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:29:21.0492 3148 mountmgr - ok
18:29:21.0547 3148 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:29:21.0581 3148 MozillaMaintenance - ok
18:29:21.0605 3148 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:29:21.0649 3148 mpio - ok
18:29:21.0675 3148 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:29:21.0729 3148 mpsdrv - ok
18:29:21.0764 3148 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:29:21.0810 3148 MpsSvc - ok
18:29:21.0835 3148 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:29:21.0865 3148 MRxDAV - ok
18:29:21.0883 3148 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:21.0926 3148 mrxsmb - ok
18:29:21.0961 3148 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:22.0025 3148 mrxsmb10 - ok
18:29:22.0070 3148 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:22.0091 3148 mrxsmb20 - ok
18:29:22.0104 3148 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:29:22.0123 3148 msahci - ok
18:29:22.0148 3148 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:29:22.0169 3148 msdsm - ok
18:29:22.0184 3148 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:29:22.0202 3148 MSDTC - ok
18:29:22.0215 3148 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:29:22.0242 3148 Msfs - ok
18:29:22.0288 3148 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:29:22.0359 3148 mshidkmdf - ok
18:29:22.0367 3148 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:29:22.0391 3148 msisadrv - ok
18:29:22.0421 3148 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:29:22.0457 3148 MSiSCSI - ok
18:29:22.0461 3148 msiserver - ok
18:29:22.0476 3148 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:29:22.0546 3148 MSKSSRV - ok
18:29:22.0559 3148 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:22.0595 3148 MSPCLOCK - ok
18:29:22.0606 3148 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:29:22.0658 3148 MSPQM - ok
18:29:22.0693 3148 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:29:22.0708 3148 MsRPC - ok
18:29:22.0740 3148 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:29:22.0748 3148 mssmbios - ok
18:29:22.0756 3148 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:29:22.0811 3148 MSTEE - ok
18:29:22.0826 3148 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:29:22.0836 3148 MTConfig - ok
18:29:22.0885 3148 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
18:29:22.0947 3148 MTsensor - ok
18:29:22.0961 3148 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:29:23.0002 3148 Mup - ok
18:29:23.0033 3148 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:29:23.0105 3148 napagent - ok
18:29:23.0143 3148 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:29:23.0198 3148 NativeWifiP - ok
18:29:23.0234 3148 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:29:23.0257 3148 NDIS - ok
18:29:23.0261 3148 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:29:23.0299 3148 NdisCap - ok
18:29:23.0317 3148 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:23.0345 3148 NdisTapi - ok
18:29:23.0381 3148 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:23.0407 3148 Ndisuio - ok
18:29:23.0431 3148 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:23.0476 3148 NdisWan - ok
18:29:23.0489 3148 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:29:23.0552 3148 NDProxy - ok
18:29:23.0592 3148 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:29:23.0677 3148 NetBIOS - ok
18:29:23.0692 3148 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:29:23.0730 3148 NetBT - ok
18:29:23.0745 3148 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:29:23.0754 3148 Netlogon - ok
18:29:23.0790 3148 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:29:23.0857 3148 Netman - ok
18:29:23.0866 3148 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:29:23.0906 3148 netprofm - ok
18:29:23.0931 3148 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:29:23.0939 3148 NetTcpPortSharing - ok
18:29:23.0952 3148 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:29:23.0982 3148 nfrd960 - ok
18:29:23.0996 3148 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:29:24.0019 3148 NlaSvc - ok
18:29:24.0031 3148 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:29:24.0069 3148 Npfs - ok
18:29:24.0112 3148 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:29:24.0189 3148 nsi - ok
18:29:24.0199 3148 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:29:24.0272 3148 nsiproxy - ok
18:29:24.0325 3148 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:29:24.0371 3148 Ntfs - ok
18:29:24.0417 3148 [ 4C08A14D04E62963E96E0BB57BBC953B ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
18:29:24.0459 3148 NuidFltr - ok
18:29:24.0469 3148 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:29:24.0524 3148 Null - ok
18:29:24.0560 3148 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
18:29:24.0613 3148 NVENETFD - ok
18:29:24.0667 3148 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:29:24.0740 3148 nvraid - ok
18:29:24.0776 3148 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:29:24.0791 3148 nvstor - ok
18:29:24.0851 3148 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:29:24.0922 3148 nv_agp - ok
18:29:25.0030 3148 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:29:25.0059 3148 odserv - ok
18:29:25.0074 3148 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:29:25.0119 3148 ohci1394 - ok
18:29:25.0156 3148 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:25.0171 3148 ose - ok
18:29:25.0203 3148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:29:25.0250 3148 p2pimsvc - ok
18:29:25.0268 3148 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:29:25.0290 3148 p2psvc - ok
18:29:25.0298 3148 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:29:25.0319 3148 Parport - ok
18:29:25.0342 3148 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:29:25.0363 3148 partmgr - ok
18:29:25.0375 3148 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:29:25.0399 3148 PcaSvc - ok
18:29:25.0409 3148 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:29:25.0420 3148 pci - ok
18:29:25.0445 3148 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:29:25.0463 3148 pciide - ok
18:29:25.0478 3148 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:29:25.0502 3148 pcmcia - ok
18:29:25.0523 3148 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:29:25.0543 3148 pcw - ok
18:29:25.0562 3148 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:29:25.0627 3148 PEAUTH - ok
18:29:25.0722 3148 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:29:25.0777 3148 PerfHost - ok
18:29:25.0847 3148 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:29:25.0913 3148 pla - ok
18:29:25.0941 3148 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:29:25.0979 3148 PlugPlay - ok
18:29:25.0998 3148 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:29:26.0037 3148 PNRPAutoReg - ok
18:29:26.0053 3148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:29:26.0079 3148 PNRPsvc - ok
18:29:26.0101 3148 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
18:29:26.0131 3148 Point64 - ok
18:29:26.0149 3148 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:29:26.0195 3148 PolicyAgent - ok
18:29:26.0212 3148 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:29:26.0255 3148 Power - ok
18:29:26.0297 3148 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:29:26.0364 3148 PptpMiniport - ok
18:29:26.0368 3148 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:29:26.0399 3148 Processor - ok
18:29:26.0446 3148 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:29:26.0499 3148 ProfSvc - ok
18:29:26.0511 3148 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:29:26.0539 3148 ProtectedStorage - ok
18:29:26.0575 3148 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:29:26.0635 3148 Psched - ok
18:29:26.0691 3148 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:29:26.0789 3148 ql2300 - ok
18:29:26.0796 3148 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:29:26.0813 3148 ql40xx - ok
18:29:26.0837 3148 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:29:26.0862 3148 QWAVE - ok
18:29:26.0875 3148 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:29:26.0904 3148 QWAVEdrv - ok
18:29:26.0908 3148 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:29:26.0945 3148 RasAcd - ok
18:29:26.0974 3148 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:27.0001 3148 RasAgileVpn - ok
18:29:27.0011 3148 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:29:27.0048 3148 RasAuto - ok
18:29:27.0060 3148 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:27.0120 3148 Rasl2tp - ok
18:29:27.0151 3148 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:29:27.0192 3148 RasMan - ok
18:29:27.0205 3148 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:27.0246 3148 RasPppoe - ok
18:29:27.0261 3148 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:29:27.0299 3148 RasSstp - ok
18:29:27.0325 3148 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:29:27.0386 3148 rdbss - ok
18:29:27.0391 3148 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:29:27.0437 3148 rdpbus - ok
18:29:27.0448 3148 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:27.0475 3148 RDPCDD - ok
18:29:27.0497 3148 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:29:27.0525 3148 RDPENCDD - ok
18:29:27.0536 3148 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:29:27.0562 3148 RDPREFMP - ok
18:29:27.0589 3148 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:29:27.0624 3148 RDPWD - ok
18:29:27.0655 3148 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:29:27.0689 3148 rdyboost - ok
18:29:27.0706 3148 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:29:27.0761 3148 RemoteAccess - ok
18:29:27.0767 3148 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:29:27.0817 3148 RemoteRegistry - ok
18:29:27.0840 3148 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:29:27.0876 3148 RpcEptMapper - ok
18:29:27.0894 3148 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:29:27.0916 3148 RpcLocator - ok
18:29:27.0943 3148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:29:27.0973 3148 RpcSs - ok
18:29:28.0007 3148 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:29:28.0053 3148 rspndr - ok
18:29:28.0057 3148 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:29:28.0066 3148 SamSs - ok
18:29:28.0097 3148 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:29:28.0118 3148 sbp2port - ok
18:29:28.0150 3148 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:29:28.0182 3148 SCardSvr - ok
18:29:28.0207 3148 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:29:28.0240 3148 scfilter - ok
18:29:28.0278 3148 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:29:28.0327 3148 Schedule - ok
18:29:28.0353 3148 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
18:29:28.0373 3148 SCMNdisP - ok
18:29:28.0402 3148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:29:28.0427 3148 SCPolicySvc - ok
18:29:28.0455 3148 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:29:28.0491 3148 SDRSVC - ok
18:29:28.0505 3148 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:29:28.0586 3148 secdrv - ok
18:29:28.0613 3148 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:29:28.0673 3148 seclogon - ok
18:29:28.0682 3148 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:29:28.0709 3148 SENS - ok
18:29:28.0716 3148 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:29:28.0737 3148 SensrSvc - ok
18:29:28.0758 3148 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:29:28.0778 3148 Serenum - ok
18:29:28.0802 3148 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:29:28.0850 3148 Serial - ok
18:29:28.0874 3148 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:29:28.0904 3148 sermouse - ok
18:29:28.0936 3148 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:29:28.0995 3148 SessionEnv - ok
18:29:29.0010 3148 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:29:29.0043 3148 sffdisk - ok
18:29:29.0053 3148 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:29:29.0089 3148 sffp_mmc - ok
18:29:29.0100 3148 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:29:29.0116 3148 sffp_sd - ok
18:29:29.0124 3148 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:29:29.0144 3148 sfloppy - ok
18:29:29.0166 3148 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:29:29.0198 3148 SharedAccess - ok
18:29:29.0226 3148 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:29:29.0256 3148 ShellHWDetection - ok
18:29:29.0268 3148 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:29:29.0298 3148 SiSRaid2 - ok
18:29:29.0303 3148 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:29:29.0323 3148 SiSRaid4 - ok
18:29:29.0329 3148 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:29:29.0357 3148 Smb - ok
18:29:29.0381 3148 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:29:29.0391 3148 SNMPTRAP - ok
18:29:29.0463 3148 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
18:29:29.0490 3148 Sony PC Companion - ok
18:29:29.0512 3148 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:29:29.0542 3148 spldr - ok
18:29:29.0575 3148 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:29:29.0607 3148 Spooler - ok
18:29:29.0671 3148 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:29:29.0742 3148 sppsvc - ok
18:29:29.0759 3148 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:29:29.0796 3148 sppuinotify - ok
18:29:29.0826 3148 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:29:29.0878 3148 srv - ok
18:29:29.0906 3148 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:29:29.0976 3148 srv2 - ok
18:29:29.0990 3148 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:29:30.0014 3148 srvnet - ok
18:29:30.0061 3148 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:29:30.0120 3148 SSDPSRV - ok
18:29:30.0131 3148 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:29:30.0164 3148 SstpSvc - ok
18:29:30.0168 3148 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:29:30.0178 3148 stexstor - ok
18:29:30.0221 3148 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:29:30.0279 3148 stisvc - ok
18:29:30.0306 3148 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:29:30.0334 3148 swenum - ok
18:29:30.0355 3148 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:29:30.0396 3148 swprv - ok
18:29:30.0441 3148 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:29:30.0487 3148 SysMain - ok
18:29:30.0514 3148 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:29:30.0535 3148 TabletInputService - ok
18:29:30.0551 3148 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:29:30.0588 3148 TapiSrv - ok
18:29:30.0617 3148 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:29:30.0705 3148 TBS - ok
18:29:30.0753 3148 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:29:30.0809 3148 Tcpip - ok
18:29:30.0835 3148 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:29:30.0865 3148 TCPIP6 - ok
18:29:30.0891 3148 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:29:30.0912 3148 tcpipreg - ok
18:29:30.0918 3148 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:29:30.0952 3148 TDPIPE - ok
18:29:30.0983 3148 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:29:31.0017 3148 TDTCP - ok
18:29:31.0051 3148 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:29:31.0098 3148 tdx - ok
18:29:31.0113 3148 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:29:31.0132 3148 TermDD - ok
18:29:31.0166 3148 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:29:31.0232 3148 TermService - ok
18:29:31.0241 3148 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:29:31.0268 3148 Themes - ok
18:29:31.0285 3148 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:29:31.0312 3148 THREADORDER - ok
18:29:31.0322 3148 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:29:31.0353 3148 TrkWks - ok
18:29:31.0388 3148 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:29:31.0424 3148 TrustedInstaller - ok
18:29:31.0456 3148 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:31.0482 3148 tssecsrv - ok
18:29:31.0502 3148 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:29:31.0565 3148 TsUsbFlt - ok
18:29:31.0606 3148 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:29:31.0702 3148 tunnel - ok
18:29:31.0718 3148 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:29:31.0739 3148 uagp35 - ok
18:29:31.0770 3148 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:29:31.0845 3148 udfs - ok
18:29:31.0879 3148 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:29:31.0891 3148 UI0Detect - ok
18:29:31.0927 3148 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:29:31.0971 3148 uliagpkx - ok
18:29:32.0012 3148 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:29:32.0076 3148 umbus - ok
18:29:32.0096 3148 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:29:32.0128 3148 UmPass - ok
18:29:32.0155 3148 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:29:32.0186 3148 upnphost - ok
18:29:32.0211 3148 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:29:32.0240 3148 USBAAPL64 - ok
18:29:32.0272 3148 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:29:32.0314 3148 usbccgp - ok
18:29:32.0337 3148 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:29:32.0350 3148 usbcir - ok
18:29:32.0365 3148 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:29:32.0385 3148 usbehci - ok
18:29:32.0397 3148 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:29:32.0430 3148 usbhub - ok
18:29:32.0441 3148 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:29:32.0470 3148 usbohci - ok
18:29:32.0486 3148 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:29:32.0529 3148 usbprint - ok
18:29:32.0555 3148 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:29:32.0567 3148 usbscan - ok
18:29:32.0585 3148 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
18:29:32.0616 3148 usbser - ok
18:29:32.0627 3148 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:32.0669 3148 USBSTOR - ok
18:29:32.0683 3148 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:29:32.0693 3148 usbuhci - ok
18:29:32.0707 3148 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:29:32.0739 3148 UxSms - ok
18:29:32.0754 3148 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:29:32.0762 3148 VaultSvc - ok
18:29:32.0774 3148 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:29:32.0804 3148 vdrvroot - ok
18:29:32.0821 3148 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:29:32.0861 3148 vds - ok
18:29:32.0865 3148 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:32.0877 3148 vga - ok
18:29:32.0885 3148 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:29:32.0935 3148 VgaSave - ok
18:29:32.0945 3148 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:29:32.0968 3148 vhdmp - ok
18:29:32.0998 3148 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:29:33.0064 3148 viaide - ok
18:29:33.0079 3148 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:29:33.0128 3148 volmgr - ok
18:29:33.0222 3148 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:29:33.0267 3148 volmgrx - ok
18:29:33.0279 3148 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:29:33.0315 3148 volsnap - ok
18:29:33.0368 3148 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:29:33.0414 3148 vsmraid - ok
18:29:33.0478 3148 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:29:33.0547 3148 VSS - ok
18:29:33.0560 3148 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:29:33.0588 3148 vwifibus - ok
18:29:33.0605 3148 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:29:33.0618 3148 vwififlt - ok
18:29:33.0650 3148 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:29:33.0680 3148 W32Time - ok
18:29:33.0687 3148 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:29:33.0709 3148 WacomPen - ok
18:29:33.0741 3148 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:29:33.0789 3148 WANARP - ok
18:29:33.0792 3148 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:29:33.0818 3148 Wanarpv6 - ok
18:29:33.0854 3148 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:29:33.0883 3148 WatAdminSvc - ok
18:29:33.0947 3148 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:29:33.0999 3148 wbengine - ok
18:29:34.0021 3148 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:29:34.0037 3148 WbioSrvc - ok
18:29:34.0066 3148 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:29:34.0095 3148 wcncsvc - ok
18:29:34.0102 3148 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:29:34.0113 3148 WcsPlugInService - ok
18:29:34.0124 3148 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:29:34.0133 3148 Wd - ok
18:29:34.0167 3148 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:29:34.0227 3148 Wdf01000 - ok
18:29:34.0245 3148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:29:34.0323 3148 WdiServiceHost - ok
18:29:34.0327 3148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:29:34.0348 3148 WdiSystemHost - ok
18:29:34.0375 3148 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:29:34.0405 3148 WebClient - ok
18:29:34.0421 3148 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:29:34.0459 3148 Wecsvc - ok
18:29:34.0468 3148 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:29:34.0495 3148 wercplsupport - ok
18:29:34.0515 3148 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:29:34.0544 3148 WerSvc - ok
18:29:34.0553 3148 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:29:34.0589 3148 WfpLwf - ok
18:29:34.0600 3148 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:29:34.0620 3148 WIMMount - ok
18:29:34.0630 3148 WinDefend - ok
18:29:34.0635 3148 WinHttpAutoProxySvc - ok
18:29:34.0684 3148 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:29:34.0741 3148 Winmgmt - ok
18:29:34.0798 3148 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:29:34.0856 3148 WinRM - ok
18:29:35.0067 3148 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:29:35.0183 3148 WinUsb - ok
18:29:35.0234 3148 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:29:35.0281 3148 Wlansvc - ok
18:29:35.0323 3148 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:29:35.0346 3148 wlcrasvc - ok
18:29:35.0433 3148 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:29:35.0475 3148 wlidsvc - ok
18:29:35.0502 3148 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:29:35.0522 3148 WmiAcpi - ok
18:29:35.0543 3148 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:29:35.0569 3148 wmiApSrv - ok
18:29:35.0590 3148 WMPNetworkSvc - ok
18:29:35.0603 3148 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:29:35.0619 3148 WPCSvc - ok
18:29:35.0647 3148 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:29:35.0659 3148 WPDBusEnum - ok
18:29:35.0687 3148 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:29:35.0737 3148 ws2ifsl - ok
18:29:35.0753 3148 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:29:35.0776 3148 wscsvc - ok
18:29:35.0779 3148 WSearch - ok
18:29:35.0822 3148 [ FA09E0D44E35DEF68A56E0A2FA35E427 ] WSWNA1100 C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
18:29:35.0859 3148 WSWNA1100 - ok
18:29:35.0922 3148 [ 86293B6785260309606B0B0B46E42252 ] WTGService C:\Program Files (x86)\3DataManager\WTGService.exe
18:29:35.0961 3148 WTGService - ok
18:29:36.0031 3148 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:29:36.0095 3148 wuauserv - ok
18:29:36.0130 3148 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:29:36.0176 3148 WudfPf - ok
18:29:36.0205 3148 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:29:36.0249 3148 WUDFRd - ok
18:29:36.0284 3148 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:29:36.0326 3148 wudfsvc - ok
18:29:36.0357 3148 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:29:36.0383 3148 WwanSvc - ok
18:29:36.0427 3148 [ 9284028CE534910467B83A5ED80B9A32 ] zebrbus C:\Windows\system32\DRIVERS\zebrbus.sys
18:29:36.0465 3148 zebrbus - ok
18:29:36.0493 3148 [ 0CE6A2593FCD0D5BA4241706A03E5A2C ] zebrceb C:\Windows\system32\DRIVERS\zebrceb.sys
18:29:36.0526 3148 zebrceb - ok
18:29:36.0543 3148 [ D5BDF3689B845629FE1DF8B19411C365 ] zebrmdfl C:\Windows\system32\DRIVERS\zebrmdfl.sys
18:29:36.0589 3148 zebrmdfl - ok
18:29:36.0606 3148 [ 5EDFD1C634E9371F2F5E4FDFD438EBF1 ] zebrmdm C:\Windows\system32\DRIVERS\zebrmdm.sys
18:29:36.0647 3148 zebrmdm - ok
18:29:36.0662 3148 [ F0834018F32833C32A201B8A234784ED ] zebrmdmc C:\Windows\system32\DRIVERS\zebrmdmc.sys
18:29:36.0695 3148 zebrmdmc - ok
18:29:36.0707 3148 [ 86A1DA0D04DC177C0D2B3B81777B8BEE ] zebrsce C:\Windows\system32\DRIVERS\zebrsce.sys
18:29:36.0729 3148 zebrsce - ok
18:29:36.0743 3148 [ 9313FE79FF3240FA0A73FBE6015B6887 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:29:36.0771 3148 ZTEusbmdm6k - ok
18:29:36.0788 3148 [ 9313FE79FF3240FA0A73FBE6015B6887 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:29:36.0801 3148 ZTEusbnmea - ok
18:29:36.0810 3148 [ 9313FE79FF3240FA0A73FBE6015B6887 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:29:36.0823 3148 ZTEusbser6k - ok
18:29:36.0844 3148 ================ Scan global ===============================
18:29:36.0869 3148 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:29:36.0910 3148 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:29:36.0929 3148 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:29:36.0957 3148 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:29:37.0005 3148 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:29:37.0015 3148 [Global] - ok
18:29:37.0016 3148 ================ Scan MBR ==================================
18:29:37.0031 3148 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:29:37.0247 3148 \Device\Harddisk0\DR0 - ok
18:29:37.0248 3148 ================ Scan VBR ==================================
18:29:37.0251 3148 [ D95BD8DB3A1A4C7195F51ADAF10496F6 ] \Device\Harddisk0\DR0\Partition1
18:29:37.0253 3148 \Device\Harddisk0\DR0\Partition1 - ok
18:29:37.0273 3148 [ DE90612708CBF2CCAE81D38B991274D7 ] \Device\Harddisk0\DR0\Partition2
18:29:37.0275 3148 \Device\Harddisk0\DR0\Partition2 - ok
18:29:37.0290 3148 [ 28AF1A8F529365387DAD6355408B4E42 ] \Device\Harddisk0\DR0\Partition3
18:29:37.0292 3148 \Device\Harddisk0\DR0\Partition3 - ok
18:29:37.0292 3148 ============================================================
18:29:37.0292 3148 Scan finished
18:29:37.0292 3148 ============================================================
18:29:37.0306 2388 Detected object count: 1
18:29:37.0306 2388 Actual detected object count: 1
18:29:55.0559 2388 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:29:55.0559 2388 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 24.01.2013 22:49
hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

juergen21186 24.01.2013 23:48
Combofix Logfile:
Code:
ComboFix 13-01-24.02 - Maria 24.01.2013  23:16:09.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.4095.3096 [GMT 1:00]
ausgeführt von:: c:\users\Maria\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-24 bis 2013-01-24  ))))))))))))))))))))))))))))))
.
.
2013-01-24 22:43 . 2013-01-24 22:43        --------        d-----w-        c:\users\Katharina\AppData\Local\temp
2013-01-24 22:43 . 2013-01-24 22:43        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-24 22:20 . 2013-01-24 22:20        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E0A6F78-4FED-44C9-85B5-053C721143B2}\offreg.dll
2013-01-22 18:43 . 2013-01-08 05:32        9161176        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E0A6F78-4FED-44C9-85B5-053C721143B2}\mpengine.dll
2013-01-21 20:27 . 2013-01-21 20:27        --------        d-----w-        c:\users\Maria\AppData\Roaming\TeamViewer
2013-01-21 20:03 . 2013-01-21 20:03        --------        d-----w-        c:\users\Maria\AppData\Roaming\Malwarebytes
2013-01-21 20:03 . 2013-01-21 20:03        --------        d-----w-        c:\programdata\Malwarebytes
2013-01-21 20:03 . 2013-01-21 20:03        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-21 20:03 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-01-21 20:02 . 2013-01-21 20:02        --------        d-----w-        c:\users\Maria\AppData\Local\Programs
2013-01-15 17:53 . 2013-01-04 15:53        9060864        ----a-w-        c:\windows\system32\mshtml.dll
2013-01-09 11:03 . 2012-11-09 05:45        750592        ----a-w-        c:\windows\system32\win32spl.dll
2013-01-09 11:03 . 2012-11-09 04:43        492032        ----a-w-        c:\windows\SysWow64\win32spl.dll
2013-01-09 11:03 . 2012-11-01 05:43        2002432        ----a-w-        c:\windows\system32\msxml6.dll
2013-01-09 11:03 . 2012-11-01 05:43        1882624        ----a-w-        c:\windows\system32\msxml3.dll
2013-01-09 11:03 . 2012-11-01 04:47        1389568        ----a-w-        c:\windows\SysWow64\msxml6.dll
2013-01-09 11:03 . 2012-11-01 04:47        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll
2012-12-29 22:41 . 2012-12-29 22:41        --------        d-----w-        c:\users\Maria\AppData\Local\Funcom
2012-12-29 22:41 . 2012-12-29 22:41        --------        d-----w-        c:\programdata\media center programs
2012-12-28 16:42 . 2012-12-28 16:42        --------        d-----w-        c:\users\Maria\AppData\Roaming\Wargaming.net
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 18:39 . 2010-12-27 17:47        67599240        ----a-w-        c:\windows\system32\MRT.exe
2013-01-09 13:56 . 2012-07-31 06:51        697864        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 13:56 . 2011-06-25 16:29        74248        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-23 13:41 . 2012-12-23 13:41        135168        ----a-w-        c:\windows\system32\drivers\ZTEusbnet.sys
2012-12-23 13:41 . 2012-12-23 13:41        12800        ----a-w-        c:\windows\system32\drivers\massfilter.sys
2012-12-23 13:41 . 2012-12-23 13:41        121344        ----a-w-        c:\windows\system32\drivers\ZTEusbser6k.sys
2012-12-23 13:41 . 2012-12-23 13:41        121344        ----a-w-        c:\windows\system32\drivers\ZTEusbnmea.sys
2012-12-23 13:41 . 2012-12-23 13:41        121344        ----a-w-        c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-12-16 17:11 . 2012-12-21 22:33        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 22:33        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:33        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:33        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 11:02        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-11-12 12:28 . 2012-12-12 19:38        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-12 11:52 . 2012-12-12 19:38        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 19:39        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 19:39        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-11-02 14:38 . 2012-11-02 14:38        862664        ----a-w-        c:\windows\SysWow64\msvcr110.dll
2012-11-02 14:38 . 2012-11-02 14:38        828872        ----a-w-        c:\windows\system32\msvcr110.dll
2012-11-02 14:38 . 2012-11-02 14:38        661448        ----a-w-        c:\windows\system32\msvcp110.dll
2012-11-02 14:38 . 2012-11-02 14:38        534480        ----a-w-        c:\windows\SysWow64\msvcp110.dll
2012-11-02 14:38 . 2012-11-02 14:38        50856        ----a-w-        c:\windows\system32\drivers\point64.sys
2012-11-02 14:38 . 2012-11-02 14:38        354264        ----a-w-        c:\windows\system32\vccorlib110.dll
2012-11-02 14:38 . 2012-11-02 14:38        251864        ----a-w-        c:\windows\SysWow64\vccorlib110.dll
2012-11-02 05:59 . 2012-12-12 19:38        478208        ----a-w-        c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 19:38        376832        ----a-w-        c:\windows\SysWow64\dpnet.dll
2012-11-01 20:52 . 2012-11-01 20:52        75928        ----a-w-        c:\windows\system32\drivers\dc3d.sys
2012-11-01 20:52 . 2012-11-01 20:52        1795952        ----a-w-        c:\windows\system32\WdfCoInstaller01011.dll
2012-10-27 06:26 . 2012-12-12 19:38        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-10-27 05:51 . 2012-12-12 19:38        1188864        ----a-w-        c:\windows\system32\wininet.dll
2012-10-27 05:51 . 2012-12-12 19:38        1494528        ----a-w-        c:\windows\system32\urlmon.dll
2012-10-27 05:51 . 2012-12-12 19:38        134144        ----a-w-        c:\windows\system32\url.dll
2012-10-27 05:49 . 2012-12-12 19:38        97792        ----a-w-        c:\windows\system32\mshtmled.dll
2012-10-27 05:49 . 2012-12-12 19:38        735744        ----a-w-        c:\windows\system32\msfeeds.dll
2012-10-27 05:49 . 2012-12-12 19:38        64512        ----a-w-        c:\windows\system32\jsproxy.dll
2012-10-27 05:49 . 2012-12-12 19:38        247808        ----a-w-        c:\windows\system32\ieui.dll
2012-10-27 05:49 . 2012-12-12 19:38        2453504        ----a-w-        c:\windows\system32\iertutil.dll
2012-10-27 05:49 . 2012-12-12 19:38        12295680        ----a-w-        c:\windows\system32\ieframe.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mRouterConfig"="c:\program files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"PC Suite for Smartphones"="c:\program files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files (x86)\3DataManager\3DataManager_Launcher.exe [2012-12-23 484816]
NETGEAR WNA1100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2012-4-29 4573664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2009-07-14 10240]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-03-09 1849856]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-22 960992]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-12-23 12800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 203264]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-04 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 565928]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-03-22 268768]
S2 WTGService;WTGService;c:\program files (x86)\3DataManager\WTGService.exe [2010-07-08 333264]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-01 75928]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 52975612
*NewlyCreated* - 86553199
*Deregistered* - 52975612
*Deregistered* - 86553199
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 13:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2919168]
"lxbkbmgr.exe"="c:\program files (x86)\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\rrbor1vp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - ExtSQL: 2012-12-17 17:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\rrbor1vp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-21 23:28; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\rrbor1vp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-01-24 19:12; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\rrbor1vp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-TaskTray - (no file)
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNA1100\jswtrayutil.exe
AddRemove-Age of Conan_is1 - d:\age of conan\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-24  23:45:18
ComboFix-quarantined-files.txt  2013-01-24 22:45
.
Vor Suchlauf: 6.369.583.104 Bytes frei
Nach Suchlauf: 8.361.889.792 Bytes frei
.
- - End Of File - - CB55BAB917295351A8E0840E4DF1641C
--- --- ---

markusg 25.01.2013 16:35
hi

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

juergen21186 26.01.2013 11:57
hi hir hast du die liste vom cc cleaner!


3DataManager 3DataManager 23.12.2012 3.0 notwendig
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch Adobe Systems 27.12.2010 9.0.0 notwendig
Adobe Acrobat 9 Pro Extended 64-bit Add-On Adobe Systems Incorporated 27.12.2010 38,0KB 9.0.0 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 notwendig
Age of Conan: Unchained Funcom 29.12.2012 unnotwendig
Apple Application Support Apple Inc. 15.12.2011 61,2MB 2.1.6 notwendig
Apple Mobile Device Support Apple Inc. 15.12.2011 24,8MB 4.0.0.97 notwendig
Apple Software Update Apple Inc. 15.12.2011 2,38MB 2.1.3.127 notwendig
ATI Catalyst Install Manager ATI Technologies, Inc. 27.12.2010 22,3MB 3.0.778.0 notwendig
Bonjour Apple Inc. 15.12.2011 2,00MB 3.0.0.10 notwendig
CCleaner Piriform 23.01.2013 3.27 notwendig
Driver Genius Professional Edition Driver-Soft Inc. 21.04.2012 11,0MB 10.0 unbekannt
ESET NOD32 Antivirus ESET, spol. s r.o. 27.12.2010 57,8MB 4.2.67.10 notwendig
iTunes Apple Inc. 15.12.2011 172MB 10.5.2.11 notwendig
Lexmark X1100 Series Lexmark International, Inc. 28.12.2010 unnotwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 21.01.2013 18,4MB 1.70.0.1100 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.02.2011 38,8MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.02.2011 2,93MB 4.0.30319 notwendig
Microsoft Office Enterprise 2007 Microsoft Corporation 06.02.2012 12.0.6612.1000 notwendig
Microsoft Office File Validation Add-In Microsoft Corporation 18.09.2011 7,95MB 14.0.5130.5003 notwendig
Microsoft Office Live Add-in 1.5 Microsoft Corporation 14.08.2012 508KB 2.0.4024.1 notwendig
Microsoft Office Outlook Connector Microsoft Corporation 07.02.2011 3,36MB 14.0.5118.5000 notwendig
Microsoft Silverlight Microsoft Corporation 11.05.2012 180MB 4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 07.02.2011 1,69MB 3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 23.03.2011 260KB 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 23.03.2011 252KB 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.61001 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 16.06.2011 572KB 8.0.61000 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 17.12.2012 252KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 27.12.2010 788KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 788KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 26.12.2012 596KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 27.12.2012 600KB 9.0.30729.6161 notwendig
Microsoft-Maus- und Tastatur-Center Microsoft Corporation 25.12.2012 2.0.162.0 notwendig
Mozilla Firefox 18.0.1 (x86 de) Mozilla 19.01.2013 43,6MB 18.0.1 notwendig
Mozilla Maintenance Service Mozilla 19.01.2013 330KB 18.0.1 notwendig
NETGEAR WNA1100 wireless USB 2.0 adapter NETGEAR 29.04.2012 1.0.0.133 notwendig
PC Suite for Sony Ericsson 23.03.2011 1.6.0 unnotwendig
Sony Ericsson Symbian 9 Drivers 23.03.2011 unnotwendig
Sony PC Companion 2.10.079 Sony 15.07.2012 19,3MB 2.10.079 unnotwendig
StarCraft II Blizzard Entertainment 16.01.2013 1.5.4.24540 notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 17.12.2012 3.0.6 notwendig
Windows Live Essentials Microsoft Corporation 14.07.2012 15.4.3555.0308 notwendig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 07.02.2011 5,57MB 15.4.5722.2 unbekannt
Windows Media Player Firefox Plugin Microsoft Corp 16.04.2011 296KB 1.0.0.8 unnotwendig
World of Tanks Wargaming.net 26.12.2012 16,5MB notwendig
World of Warcraft Blizzard Entertainment 31.12.2012 5.1.0.16357 notwendig

markusg 29.01.2013 13:02
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
deinstaliere:
Age
Driver
ESET : ist ja komplett veraltet.
http://www.chip.de/downloads/Eset-Sm..._51702870.html
upgrade auf version 6
deinstaliere:
Lexmark
PC Suite

öffne CCleaner, analysieren, starten, pc neustarten
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

juergen21186 02.02.2013 14:26
sry dass ichs erst jetzt erledigt hab war ein wenig stressig diese woche
hab alles deinstaliert bzw auf die neueste version gebrachtAdwCleaner Logfile:
Code:
# AdwCleaner v2.109 - Datei am 02/02/2013 um 14:22:23 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Maria - HELMS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Maria\Desktop\adwcleaner2.109.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\rrbor1vp.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\xu9tw83g.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [984 octets] - [02/02/2013 14:19:23]
AdwCleaner[R2].txt - [1043 octets] - [02/02/2013 14:19:59]
AdwCleaner[R3].txt - [974 octets] - [02/02/2013 14:22:23]

########## EOF - C:\AdwCleaner[R3].txt - [1033 octets] ##########
--- --- ---

markusg 04.02.2013 13:05
hi
noch Probleme festzustellen?
falls nein:
öffne OTL, bereinigen, remover und otl werden nach Neustart gelöscht.
Lösche übrig gebliebene Remover, Setups, Logs, leere den Papierkorb.
PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132