|
Plagegeister aller Art und deren Bekämpfung: S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden abWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.07.2012, 19:47 | #16 |
| S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Hallo, Also alle Daten scheinen wieder da zu sein. Das einzige was mir aufgefallen ist, ist dass beim herunterfahren nun zwei mal das Herunterfahren erzwungen werden musste? :-( Weil ein Programm sich nicht schließen wollte, ich hatte allerdings nichts mehr offen? Grüssle, Sonja |
03.07.2012, 12:28 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ |
03.07.2012, 14:22 | #18 |
| S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Hier ist die Log von OTL:
__________________Code:
ATTFilter OTL logfile created on: 03.07.2012 14:23:00 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Sunny\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,44% Memory free 7,99 Gb Paging File | 5,80 Gb Available in Paging File | 72,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 192,16 Gb Free Space | 67,35% Space Free | Partition Type: NTFS Computer Name: SUNNY-PC | User Name: Sunny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.03 14:21:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sunny\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sunny\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.08 20:49:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:49:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 20:49:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.23 13:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2012.02.20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.14 14:03:50 | 001,378,040 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.03.22 23:29:10 | 000,610,056 | ---- | M] (Intel Corporation) -- C:\Users\Sunny\Desktop\IntelAppStore\bin\ismagent.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.07.21 10:00:00 | 004,546,560 | ---- | M] (TuneClone.COM) -- C:\Users\Sunny\Desktop\TuneClone\TuneClone.exe PRC - [2010.03.25 21:34:53 | 000,731,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe PRC - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2010.03.09 01:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2010.03.04 07:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.03.04 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.03.04 07:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.02.12 13:08:02 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2009.10.20 08:34:55 | 000,126,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe PRC - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe PRC - [2009.01.29 03:31:00 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Modules (No Company Name) ========== MOD - [2011.08.09 07:48:26 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.06.07 16:58:00 | 000,792,816 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\plugin\libpserverplugin.dll MOD - [2011.06.07 16:57:59 | 004,902,640 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\plugin\libbizlplugin.dll MOD - [2011.03.22 23:29:07 | 000,195,584 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\libgsoap.dll MOD - [2011.03.22 23:29:06 | 000,463,360 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\DeviceProfile.dll MOD - [2011.03.22 23:29:06 | 000,015,872 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\featureController.dll MOD - [2011.03.22 23:29:05 | 000,400,384 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\sqlite3.dll MOD - [2011.03.22 23:29:05 | 000,322,048 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\log4cplus.dll MOD - [2011.03.22 23:29:03 | 000,062,464 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\zlib1.dll MOD - [2010.11.02 00:30:01 | 002,281,984 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\QtCore4.dll MOD - [2010.09.10 13:11:38 | 000,911,872 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\QtNetwork4.dll MOD - [2010.09.10 13:10:02 | 000,339,456 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\QtXml4.dll MOD - [2010.07.21 10:00:00 | 000,077,824 | ---- | M] () -- C:\Users\Sunny\Desktop\TuneClone\vtblog.dll MOD - [2010.07.21 10:00:00 | 000,049,152 | ---- | M] () -- C:\Users\Sunny\Desktop\TuneClone\DL_WMAEncoder.DLL MOD - [2010.07.21 10:00:00 | 000,036,864 | ---- | M] () -- C:\Users\Sunny\Desktop\TuneClone\EncodeAndTagComm.dll MOD - [2010.07.21 10:00:00 | 000,020,480 | ---- | M] () -- C:\Users\Sunny\Desktop\TuneClone\URLLink.dll MOD - [2010.03.09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll MOD - [2009.08.11 22:18:28 | 000,497,664 | ---- | M] () -- C:\Windows\SysWOW64\ac3filter.acm MOD - [2009.05.21 00:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll MOD - [2009.01.29 03:31:00 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.03.18 08:17:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.05.08 20:49:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 20:49:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.14 14:03:50 | 001,378,040 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.09.30 23:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010.05.07 04:00:56 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.03.04 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.02.05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.10.20 08:34:55 | 000,126,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS) SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 20:49:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 20:49:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 16:52:44 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2010.09.08 14:59:42 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2010.08.12 06:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.18 11:24:24 | 006,405,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.03.18 07:21:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.02.14 02:52:02 | 002,203,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.01.28 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.12.02 04:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.10.09 04:54:10 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtsp64.sys -- (SRTSP) DRV:64bit: - [2009.10.09 04:54:10 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.08.24 03:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2010.11.04 07:51:40 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306 IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_de IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Users\Sunny\Desktop\IntelAppStore\bin\npAppUp.dll (Intel) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.21 05:19:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 21:34:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 05:19:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 05:19:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.21 05:19:19 | 000,000,000 | ---D | M] [2012.06.21 20:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\mozilla\Extensions [2011.05.12 08:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.21 21:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.19 21:17:35 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [TuneClone] C:\Users\Sunny\Desktop\TuneClone\TuneClone.exe (TuneClone.COM) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2612393954-722470898-3304857070-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-2612393954-722470898-3304857070-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKU\S-1-5-21-2612393954-722470898-3304857070-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-2612393954-722470898-3304857070-1001..\Run: [Intel AppUp(SM) center] C:\Users\Sunny\Desktop\IntelAppStore\bin\ismagent.lnk () O4 - HKU\S-1-5-21-2612393954-722470898-3304857070-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sunny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C757B393-4B92-421F-A8B9-92E21E72EE73}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6F26E766-843C-FCE8-A1DC-1F96AAAF143C} - .NET Framework ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.ac3filter - ac3filter64.acm () Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.03 14:20:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sunny\Desktop\OTL.exe [2012.06.29 21:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2012.06.29 21:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOOKcook Bücherverwaltung [2012.06.29 20:20:50 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Sunny\Desktop\unhide.exe [2012.06.27 18:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.27 18:54:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Sunny\Desktop\esetsmartinstaller_enu.exe [2012.06.21 21:07:09 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Documents\Simply Super Software [2012.06.21 21:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.06.21 21:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.06.21 21:06:53 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\Simply Super Software [2012.06.21 21:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.06.18 21:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2012.06.18 21:01:55 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2012.06.18 21:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools [2012.06.18 21:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012.06.18 20:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.06.18 20:59:49 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\TestApp [2012.06.18 20:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.06.18 19:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.18 19:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.18 18:49:10 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.06.06 14:32:30 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\Little-Hearts [2012.06.04 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\_PHILIPS ========== Files - Modified Within 30 Days ========== [2012.07.03 14:46:01 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2012.07.03 14:35:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.03 14:24:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.03 14:24:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.03 14:21:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sunny\Desktop\OTL.exe [2012.07.03 14:13:28 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.03 14:13:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.03 14:13:12 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys [2012.06.29 20:21:00 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Sunny\Desktop\unhide.exe [2012.06.27 18:54:15 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Sunny\Desktop\esetsmartinstaller_enu.exe [2012.06.21 22:44:09 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.21 21:34:49 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.21 21:06:55 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.06.21 13:40:10 | 000,000,017 | ---- | M] () -- C:\Users\Sunny\AppData\Local\resmon.resmoncfg [2012.06.20 20:13:12 | 000,365,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.20 20:05:47 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.20 20:05:47 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.20 20:05:47 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.20 20:05:47 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.20 20:05:47 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.18 20:11:16 | 000,000,160 | ---- | M] () -- C:\ProgramData\-9q4B3N3kNk5fptr [2012.06.18 20:11:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\-9q4B3N3kNk5fpt [2012.06.18 20:10:59 | 000,000,480 | ---- | M] () -- C:\ProgramData\9q4B3N3kNk5fpt [2012.06.18 08:31:57 | 000,814,294 | ---- | M] () -- C:\Users\Sunny\Desktop\Scannen0001.jpg [2012.06.15 13:38:00 | 000,015,113 | ---- | M] () -- C:\Users\Sunny\Desktop\Mama lebenslauf.odt [2012.06.15 13:23:10 | 000,015,255 | ---- | M] () -- C:\Users\Sunny\Desktop\bewerbung.odt [2012.06.12 22:51:32 | 000,012,626 | ---- | M] () -- C:\Users\Sunny\Desktop\insel rezis eingetragen.odt [2012.06.12 19:35:30 | 000,022,062 | ---- | M] () -- C:\Users\Sunny\Desktop\Autor over germany.jpg [2012.06.12 19:34:18 | 000,022,375 | ---- | M] () -- C:\Users\Sunny\Desktop\BLOG over germany.jpg [2012.06.10 22:00:10 | 000,015,680 | ---- | M] () -- C:\Users\Sunny\Desktop\Rahmen.odt [2012.06.09 23:00:56 | 000,018,959 | ---- | M] () -- C:\Users\Sunny\Desktop\Subtle Rose 3c BACKGROUND.jpg [2012.06.07 23:15:46 | 000,005,814 | ---- | M] () -- C:\Users\Sunny\Desktop\024.699.142.jpg [2012.06.06 21:48:21 | 000,110,770 | ---- | M] () -- C:\Users\Sunny\Desktop\headewr.jpg [2012.06.06 21:31:21 | 000,091,350 | ---- | M] () -- C:\Users\Sunny\Desktop\Love Letter to Spring HEADER 2.jpg [2012.06.06 14:29:18 | 000,009,266 | ---- | M] () -- C:\Users\Sunny\Desktop\Little-Hearts.zip [2012.06.05 22:31:13 | 000,030,027 | ---- | M] () -- C:\Users\Sunny\Desktop\Love Letter to Spring HEADER (1).jpg ========== Files Created - No Company Name ========== [2012.06.21 22:44:09 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.21 21:34:49 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.21 21:34:47 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.21 21:06:55 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.06.21 21:06:54 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.06.21 21:06:54 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.06.21 13:40:10 | 000,000,017 | ---- | C] () -- C:\Users\Sunny\AppData\Local\resmon.resmoncfg [2012.06.18 18:50:18 | 000,000,160 | ---- | C] () -- C:\ProgramData\-9q4B3N3kNk5fptr [2012.06.18 18:50:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\-9q4B3N3kNk5fpt [2012.06.18 18:48:22 | 000,000,480 | ---- | C] () -- C:\ProgramData\9q4B3N3kNk5fpt [2012.06.18 08:32:00 | 000,814,294 | ---- | C] () -- C:\Users\Sunny\Desktop\Scannen0001.jpg [2012.06.15 13:21:32 | 000,015,255 | ---- | C] () -- C:\Users\Sunny\Desktop\bewerbung.odt [2012.06.15 12:22:34 | 000,015,113 | ---- | C] () -- C:\Users\Sunny\Desktop\Mama lebenslauf.odt [2012.06.12 19:35:28 | 000,022,062 | ---- | C] () -- C:\Users\Sunny\Desktop\Autor over germany.jpg [2012.06.12 19:34:12 | 000,022,375 | ---- | C] () -- C:\Users\Sunny\Desktop\BLOG over germany.jpg [2012.06.09 23:00:55 | 000,018,959 | ---- | C] () -- C:\Users\Sunny\Desktop\Subtle Rose 3c BACKGROUND.jpg [2012.06.07 23:15:46 | 000,005,814 | ---- | C] () -- C:\Users\Sunny\Desktop\024.699.142.jpg [2012.06.06 21:31:21 | 000,091,350 | ---- | C] () -- C:\Users\Sunny\Desktop\Love Letter to Spring HEADER 2.jpg [2012.06.06 15:14:33 | 000,110,770 | ---- | C] () -- C:\Users\Sunny\Desktop\headewr.jpg [2012.06.06 14:29:15 | 000,009,266 | ---- | C] () -- C:\Users\Sunny\Desktop\Little-Hearts.zip [2012.06.05 22:31:11 | 000,030,027 | ---- | C] () -- C:\Users\Sunny\Desktop\Love Letter to Spring HEADER (1).jpg [2011.12.24 11:06:23 | 000,040,023 | ---- | C] () -- C:\Users\Sunny\AppData\Roaming\UserTile.png [2011.10.13 09:02:32 | 000,000,818 | ---- | C] () -- C:\Windows\wininit.ini [2011.08.19 17:31:31 | 000,231,510 | ---- | C] () -- C:\Windows\hpoins49.dat [2011.01.02 11:32:23 | 000,013,824 | ---- | C] () -- C:\Users\Sunny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:53:11 | 000,000,490 | ---- | C] () -- C:\Users\Sunny\AppData\Roaming\wklnhst.dat [2010.09.23 13:40:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat ========== LOP Check ========== [2012.04.23 12:42:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.21 05:14:18 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Adobe [2011.12.12 17:54:29 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Apple Computer [2010.09.23 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\ATI [2012.05.04 10:56:22 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Avira [2012.04.19 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Babylon [2012.06.21 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\BitTorrent [2010.09.23 15:44:16 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\DivX [2012.07.03 14:15:42 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Dropbox [2010.09.23 13:20:12 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Google [2011.08.19 17:55:05 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\HP [2012.06.15 10:03:27 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\HpUpdate [2012.06.10 21:48:26 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\ICQ [2010.09.23 13:18:57 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Identities [2012.01.02 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\InstallShield [2012.06.21 05:14:20 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Macromedia [2010.09.30 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Malwarebytes [2010.03.25 22:20:35 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Media Center Programs [2012.06.21 05:20:29 | 000,000,000 | --SD | M] -- C:\Users\Sunny\AppData\Roaming\Microsoft [2012.06.21 05:14:34 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Mozilla [2012.06.21 05:14:37 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\OpenOffice.org [2010.12.07 16:55:02 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\REINER SCT [2012.06.21 21:06:53 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Simply Super Software [2012.06.27 15:08:50 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Skype [2012.06.21 05:20:30 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\SNS [2010.10.05 07:50:26 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Template [2012.06.18 20:59:49 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\TestApp [2012.06.21 05:20:30 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Thunderbird [2012.06.21 05:14:38 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Titanium [2012.06.21 05:20:30 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Visan [2010.09.23 15:06:17 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\WildTangent [2010.10.28 19:37:30 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\WinRAR [2012.04.27 22:53:20 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\XLMSoft < %APPDATA%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sunny\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sunny\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sunny\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.08.26 18:41:55 | 000,010,134 | R--- | M] () -- C:\Users\Sunny\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe [2012.04.19 21:17:28 | 000,800,408 | ---- | M] (Solid State Networks) -- C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Templates\install_flashplayer11x64_mssd_aih.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX1\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX2\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX3\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX4\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.03.25 22:00:18 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX1\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX2\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX3\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX4\winlogon.exe [2010.03.25 22:00:18 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2010.03.25 22:00:18 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < > ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B174FAE < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.07.2012 14:23:00 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Sunny\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,44% Memory free 7,99 Gb Paging File | 5,80 Gb Available in Paging File | 72,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 192,16 Gb Free Space | 67,35% Space Free | Partition Type: NTFS Computer Name: SUNNY-PC | User Name: Sunny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2612393954-722470898-3304857070-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{004E83C7-5755-4E7F-96D9-E3B918AEA070}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{06309EF0-005A-404A-98BF-B3000D307B43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{18E99115-FE6D-4412-A6D8-09684BC43BDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1AEA2AC0-C657-4773-B19C-8AD87546ADD1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2A1292DF-3B56-4F26-83B9-01C6A612EFB0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{30DB7B9B-CB4D-4FCA-ABCD-2A6473A66A7D}" = lport=10243 | protocol=6 | dir=in | app=system | "{36AB3D8C-3BA5-42D1-94E9-A59CA0631B7F}" = lport=138 | protocol=17 | dir=in | app=system | "{38548076-8084-4FFF-8194-9A1EC2A59392}" = rport=138 | protocol=17 | dir=out | app=system | "{43FA1E39-1947-4271-9928-12AF26B7CD13}" = lport=2869 | protocol=6 | dir=in | app=system | "{48A83B3E-18A7-40E1-8BA6-17EC0F91FE3E}" = rport=445 | protocol=6 | dir=out | app=system | "{50A46764-7BD4-4E29-8FB0-364C9F69E5AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{67A4726D-43E1-4A00-8E3F-511E4C768244}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6C3E98D8-EB3C-4DD5-B279-BA645C2FB156}" = lport=445 | protocol=6 | dir=in | app=system | "{71C55F04-9E7A-4053-AA9F-0A4F27029C73}" = rport=139 | protocol=6 | dir=out | app=system | "{74AB4B48-3427-4258-A664-E7D116086EDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{74EDEDBB-348A-4BD4-8869-F6C50BADC592}" = rport=137 | protocol=17 | dir=out | app=system | "{7D3CE0AF-798F-4AE3-934B-58FD439BEAC5}" = lport=137 | protocol=17 | dir=in | app=system | "{87D47979-217B-4A21-B7A7-9856CB939255}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8CB1E1C5-59AF-4282-A008-C3479A721B1C}" = rport=10243 | protocol=6 | dir=out | app=system | "{8EED1D43-A634-43CF-852B-E375016C2C06}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{9DB59715-9358-4721-A5E0-8926EEEA7133}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A24FBC47-27E4-4AE4-A06E-930D15A45AEA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AA2E0182-0A75-4E5B-BA0F-A619E689B932}" = lport=139 | protocol=6 | dir=in | app=system | "{CCE6A596-8867-45F3-AB71-1FF5678D5B20}" = lport=2869 | protocol=6 | dir=in | app=system | "{DA3F0E5C-6C26-4C76-A1C7-FFBF37F174D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F5B26D26-5E0F-44ED-96CE-BBA709FE946D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07381219-957F-440C-B59C-4766C93993C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0E16AFC9-4F77-4285-B5F6-C9D7FD767F86}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0E9C1500-76C4-46AF-A019-9D9D283EA508}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0F09BB68-F700-4CB9-AE92-393DED0D13BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1347D6E2-5345-4B5C-87EE-6C8DE89C59C9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1520371D-82CE-42E5-8662-B0BE3D491D36}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{15AFDA31-74F3-4463-AAD4-2F560FA88896}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{1904C4BA-812B-4F40-A612-7C1071C6B75E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{191524D1-4490-447E-A0F8-B014A558E654}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{260E6582-8C1A-4DFB-B33A-EE5771FB13D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{279F2380-08C1-44CD-8B14-C5F706FB1D11}" = protocol=6 | dir=in | app=c:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe | "{2C5A764F-9E67-4A76-811E-9285887710C1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{2FFF2802-C121-4287-A037-4BED26A64D8E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{34509CD8-7809-4B50-9F31-E772C26F1A46}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{3C7F624C-FFBA-459A-9533-E3C793562DD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{420E52D1-6885-4AB1-B9FB-467577891F05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{46B63796-0EC9-4F57-9A47-0D902CAABEA7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{50405FDD-B181-44CF-8052-7836E8AA12D7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{54F23E3C-82EF-4544-B417-6AB620EC7265}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{57CA7A55-7ABB-4925-8C74-AB583A0F847A}" = dir=in | app=d:\setup\hpznui40.exe | "{5FB3EA17-35E1-4299-B4CA-564180097059}" = protocol=6 | dir=out | app=system | "{6357A5F8-B3E4-44FE-B5DF-F30729F94178}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{65734536-1B69-4420-98E3-5DC3E98B33EA}" = protocol=17 | dir=in | app=c:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe | "{65FBE0A0-C33C-4090-B590-D0B9BD6BB2BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6AF60DB1-2500-49D0-8A2A-427A6E3F798F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6D2E1970-DF56-441C-BBDE-1DA003F61ADA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{70758C55-4143-4C8F-8BD0-4CD28A5F56BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{70FC2FC7-BC4E-4F13-B543-419F8A541232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{71DC21C3-FD6B-4549-A9F5-538904874E13}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{77F3CE0E-C911-4D4A-8BE5-717791B1997E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{7C7BFCCD-AE67-472B-B7FD-360C168DDDC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{8EC67B1A-46B5-47D4-AE0D-A340F7913924}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{8F1F84EC-1AC0-4D44-B0A7-ABD7CCFF0882}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{962AD0F3-81AF-42D5-A222-52329F8CA6E3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{9E35CE48-A948-4205-A7DD-61703ED7CD15}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A4454ED6-8B61-47BC-AE7A-E82B4B67B60B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{AD5A8ED3-44CE-4477-9518-C080CA731588}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B0D12BAB-D0F5-4286-A600-EB7784589E15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{BF451EEF-9711-4EAA-858B-27C540C16763}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CAFF80B3-8E36-4A34-9A6F-3BEA7D8C49C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{CC576F6C-7996-40EF-8646-591D611CDFB5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CF1461A5-C911-4593-87A2-003D53BC6598}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{D389DBA6-F7C7-4C29-83AF-7FD33A585000}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D6E3FC11-3293-4774-B10E-6BC0B7B6DB60}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{E1211472-974A-4975-AE02-F5E5C030B69A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E5C5AB10-D9FE-42F0-8602-EA402A274E3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E5DFA9F1-750F-4231-B689-43A66B8EBB1F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{EC2AA143-A811-42F1-85CE-9973107E763A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{FA2087E8-5811-4395-BE8D-14153AB1E594}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{FA765B7B-8E01-40F5-ABA5-587D75064539}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{1F99F4B5-D9EA-4319-8E1F-F1E322560389}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "TCP Query User{61A2C8DE-5851-4EBA-98D5-F0459389723A}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "TCP Query User{70064C90-9AE4-4236-AB1E-0E21DF7648D7}C:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{8380DDAF-0FCC-4091-BE69-9C252BB1F023}C:\users\sunny\desktop\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\users\sunny\desktop\intelappstore\bin\ismagent.exe | "TCP Query User{A062544C-46CB-4F0B-955C-56E7D084522D}C:\users\sunny\desktop\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\users\sunny\desktop\intelappstore\bin\ismagent.exe | "TCP Query User{A5976AF6-E2CB-467A-B0AD-A3A931BBFE02}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{0689ECE4-EA43-49D2-B3EF-C6137B0BD3FC}C:\users\sunny\desktop\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\users\sunny\desktop\intelappstore\bin\ismagent.exe | "UDP Query User{29386807-7BEB-44A3-9DCC-17B90F042BA9}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "UDP Query User{80A6E6F9-C97F-44D3-86DD-39C5AFBD019F}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "UDP Query User{AC7FB499-E55E-46FF-B6D4-E18DA493EC14}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{B58112C9-B331-4CD2-99BE-5B26105D8DC6}C:\users\sunny\desktop\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\users\sunny\desktop\intelappstore\bin\ismagent.exe | "UDP Query User{B70395F8-FE41-4779-A4BA-6552B08AD9A3}C:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{42281103-DF49-8A45-C960-977096F29F45}" = ccc-utility64 "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4E484899-4F93-4086-88BA-56BDDF47A776}" = HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6F43CF39-8B2F-546B-57E3-4803E935C465}" = ATI Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{15424D99-B708-54FD-94EC-997BE1976918}" = CCC Help Japanese "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{1DCEE28F-CEDA-ADBA-DE41-1377ADD42DD3}" = CCC Help Finnish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2552055A-7121-346E-F287-C0E7CC1BB36E}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{327AD686-FD94-F270-C0C9-D379ACC3CCA3}" = CCC Help Russian "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3CABCB73-0ABE-9578-A11C-6888ECF5D6D7}" = CCC Help Portuguese "{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management "{3DCF232A-B152-4375-B840-F19D866A316D}" = Catalyst Control Center Graphics Full New "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3F34DE3B-887D-72A9-FCFE-2676B2EDBE67}" = CCC Help Thai "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{582BA1F1-FAB4-41AD-A5E3-4A9535343461}" = PS_AIO_07_C310_SW_Min "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{5B30D670-AA94-3DAC-965D-CA8FED631DA3}" = Catalyst Control Center Graphics Previews Common "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5F65AB3C-FCF3-E10B-3203-26F3C133F036}" = CCC Help Chinese Standard "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{64CFDAC9-C358-88FE-E0E3-B33ED5C8AB2C}" = CCC Help Norwegian "{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{702A9675-C93C-6914-7B90-8056525349A7}" = Catalyst Control Center Graphics Light "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7661AFE4-1F7A-8B5C-D395-3A8B682F106A}" = CCC Help Korean "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77D3B22B-CB40-19AE-5A7D-9256E9862010}" = Catalyst Control Center Core Implementation "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A555AD4-057E-EB0B-3C2D-82658AA1B190}" = CCC Help English "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{81FC1368-171E-4151-E3E1-D63C8CF1F150}" = CCC Help Polish "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{85DD738D-6572-53AA-E570-50D0D0842722}" = Catalyst Control Center Graphics Full Existing "{86141D3B-58F6-D4E9-809E-05032F1C09BE}" = CCC Help Swedish "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{97DA45B6-451C-A4B8-897F-106E2B3B6E2F}" = CCC Help Dutch "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A26840C5-95D5-BB10-700A-304AA9F4AF92}" = CCC Help Greek "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A385939C-3DE9-5568-D8B0-3972BA293DC7}" = CCC Help German "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{B284EA3C-8391-5648-BFC4-800A44D01ADA}" = ccc-core-static "{B2F1B278-B685-1112-F051-AD05C5946C0D}" = CCC Help French "{B3A0945A-1A84-BD5C-D33A-F4DC811FCCCC}" = CCC Help Chinese Traditional "{B4060669-4633-038A-8A50-E05D1F54929E}" = CCC Help Czech "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC171806-3828-33E5-289C-9609C5BC59DF}" = Catalyst Control Center Localization All "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BDE26FB2-E880-BFF9-3A85-18D70FC44D8D}" = Catalyst Control Center InstallProxy "{C31501D8-8267-A455-D269-85FBDBE2BFC3}" = CCC Help Italian "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C75A193A-D403-5707-7D32-166DF4EA47DD}" = CCC Help Spanish "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D4905980-7A59-8CE0-1336-EBC0338DAC1B}" = CCC Help Hungarian "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F98098D2-8822-1B1D-6771-945669046216}" = CCC Help Danish "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding "{FE651900-D014-482F-AEBC-2928F57D1FB0}" = C310 "AC3Filter_is1" = AC3Filter 1.63b "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "AudibleDownloadManager" = Audible Download Manager "Avira AntiVir Desktop" = Avira Free Antivirus "ESET Online Scanner" = ESET Online Scanner v3 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Photo Creations" = HP Photo Creations "Identity Card" = Identity Card "InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader "InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup "Intel AppUp(SM) center 24354" = Intel AppUp(SM) center "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Metaboli" = Metaboli "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0) "NIS" = Norton Internet Security "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "Packard Bell Game Console" = Packard Bell Game Console "Packard Bell InfoCentre" = Packard Bell InfoCentre "Packard Bell Registration" = Packard Bell Registration "Packard Bell Screensaver" = Packard Bell ScreenSaver "Packard Bell Welcome Center" = Welcome Center "Trojan Remover_is1" = Trojan Remover 6.8.4 "TuneClone_is1" = TuneClone 1.40 "WildTangent packardbell Master Uninstall" = Packard Bell Games "WinLiveSuite_Wave3" = Windows Live Essentials "WT078791" = Bejeweled 2 Deluxe "WT078806" = Insaniquarium Deluxe "WT078833" = Zuma Deluxe "WT078960" = Blasterball 3 "WT078964" = Bob the Builder Can-Do-Zoo "WT079020" = Faerie Solitaire "WT079024" = FATE - The Traitor Soul "WT079064" = Jewel Quest "WT079068" = Jewel Quest Solitaire 3 "WT079108" = Penguins! "WT079116" = Polar Bowler "WT079120" = Polar Golfer "WT079124" = Polar Pool "WT079177" = Virtual Villagers - A New Home "WT079184" = Yahtzee "WT079363" = Build-a-lot 2 "WT079366" = Chicken Invaders 3 - Revenge of the Yolk "WT079395" = Escape Rosecliff Island "WT079397" = Mahjongg Artifacts "WT079421" = Virtual Families "WTA-d7e9cae7-8f78-4d94-9076-d4f1d6be5392" = BloodTies ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2612393954-722470898-3304857070-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.06.2012 09:09:19 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.06.2012 09:09:19 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.06.2012 09:09:19 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.06.2012 09:09:19 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.06.2012 03:07:24 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 18.06.2012 03:09:18 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 18.06.2012 03:09:59 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.06.2012 03:09:59 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.06.2012 03:10:00 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.06.2012 03:10:00 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 28.06.2012 08:25:56 | Computer Name = Sunny-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SRTSP Error - 29.06.2012 14:14:23 | Computer Name = Sunny-PC | Source = SRTSP | ID = 524293 Description = Error loading Symantec real time Anti-Virus driver. Error - 29.06.2012 14:14:50 | Computer Name = Sunny-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\athExt.dll Fehlercode: 126 Error - 29.06.2012 14:15:15 | Computer Name = Sunny-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SRTSP Error - 29.06.2012 14:17:04 | Computer Name = Sunny-PC | Source = DCOM | ID = 10016 Description = Error - 29.06.2012 15:32:00 | Computer Name = Sunny-PC | Source = DCOM | ID = 10010 Description = Error - 03.07.2012 08:13:08 | Computer Name = Sunny-PC | Source = SRTSP | ID = 524293 Description = Error loading Symantec real time Anti-Virus driver. Error - 03.07.2012 08:13:18 | Computer Name = Sunny-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\athExt.dll Fehlercode: 126 Error - 03.07.2012 08:13:52 | Computer Name = Sunny-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SRTSP Error - 03.07.2012 08:14:36 | Computer Name = Sunny-PC | Source = DCOM | ID = 10016 Description = < End of report > |
03.07.2012, 14:24 | #19 |
| S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Sorry 2 x gepostet Geändert von SumSi27 (03.07.2012 um 14:28 Uhr) Grund: Sorry 2 x gepostet |
03.07.2012, 15:21 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd [2012.04.19 21:17:35 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2012.06.18 20:11:16 | 000,000,160 | ---- | M] () -- C:\ProgramData\-9q4B3N3kNk5fptr [2012.06.18 20:11:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\-9q4B3N3kNk5fpt [2012.06.18 20:10:59 | 000,000,480 | ---- | M] () -- C:\ProgramData\9q4B3N3kNk5fpt @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B174FAE :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
03.07.2012, 19:09 | #21 |
| S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Ok ich habs eingegeben und musste neu starten. Beim Hochfahren kam dann folgendes: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-2612393954-722470898-3304857070-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ deleted successfully. C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. C:\ProgramData\-9q4B3N3kNk5fptr moved successfully. C:\ProgramData\-9q4B3N3kNk5fpt moved successfully. C:\ProgramData\9q4B3N3kNk5fpt moved successfully. ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully. ADS C:\ProgramData\Temp:0B174FAE deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Sunny ->Temp folder emptied: 1030782894 bytes ->Temporary Internet Files folder emptied: 2426220235 bytes ->Java cache emptied: 2745959 bytes ->FireFox cache emptied: 101701271 bytes ->Apple Safari cache emptied: 85175296 bytes ->Flash cache emptied: 1076 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 515672741 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 62529609 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.029,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Sunny ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.53.1 log created on 07032012_185045 Files\Folders moved on Reboot... C:\Users\Sunny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. PendingFileRenameOperations files... File C:\Users\Sunny\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! [2012.07.03 19:58:13 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5 Registry entries deleted on Reboot... |
04.07.2012, 16:16 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
04.07.2012, 16:48 | #23 |
| S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Hab ich gemacht, das ging ja richtig flott Code:
ATTFilter 17:36:21.0568 5616 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 17:36:21.0599 5616 ============================================================ 17:36:21.0599 5616 Current date / time: 2012/07/04 17:36:21.0599 17:36:21.0599 5616 SystemInfo: 17:36:21.0599 5616 17:36:21.0599 5616 OS Version: 6.1.7600 ServicePack: 0.0 17:36:21.0599 5616 Product type: Workstation 17:36:21.0599 5616 ComputerName: SUNNY-PC 17:36:21.0599 5616 UserName: Sunny 17:36:21.0599 5616 Windows directory: C:\Windows 17:36:21.0599 5616 System windows directory: C:\Windows 17:36:21.0599 5616 Running under WOW64 17:36:21.0599 5616 Processor architecture: Intel x64 17:36:21.0599 5616 Number of processors: 2 17:36:21.0599 5616 Page size: 0x1000 17:36:21.0599 5616 Boot type: Normal boot 17:36:21.0599 5616 ============================================================ 17:36:22.0707 5616 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:36:22.0707 5616 ============================================================ 17:36:22.0707 5616 \Device\Harddisk0\DR0: 17:36:22.0707 5616 MBR partitions: 17:36:22.0707 5616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000 17:36:22.0707 5616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x23A97AB0 17:36:22.0707 5616 ============================================================ 17:36:22.0738 5616 C: <-> \Device\Harddisk0\DR0\Partition1 17:36:22.0738 5616 ============================================================ 17:36:22.0738 5616 Initialize success 17:36:22.0738 5616 ============================================================ 17:36:35.0702 5528 ============================================================ 17:36:35.0702 5528 Scan started 17:36:35.0702 5528 Mode: Manual; SigCheck; TDLFS; 17:36:35.0702 5528 ============================================================ 17:36:36.0685 5528 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 17:36:36.0778 5528 1394ohci - ok 17:36:36.0825 5528 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 17:36:36.0841 5528 ACPI - ok 17:36:36.0856 5528 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 17:36:36.0887 5528 AcpiPmi - ok 17:36:37.0028 5528 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe 17:36:37.0059 5528 AdobeActiveFileMonitor8.0 - ok 17:36:37.0168 5528 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:36:37.0184 5528 AdobeARMservice - ok 17:36:37.0262 5528 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 17:36:37.0277 5528 adp94xx - ok 17:36:37.0324 5528 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 17:36:37.0340 5528 adpahci - ok 17:36:37.0355 5528 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 17:36:37.0371 5528 adpu320 - ok 17:36:37.0402 5528 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 17:36:37.0465 5528 AeLookupSvc - ok 17:36:37.0558 5528 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 17:36:37.0621 5528 AFD - ok 17:36:37.0667 5528 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 17:36:37.0699 5528 agp440 - ok 17:36:37.0730 5528 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 17:36:37.0761 5528 ALG - ok 17:36:37.0777 5528 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 17:36:37.0792 5528 aliide - ok 17:36:37.0855 5528 AMD External Events Utility (53e74b13eef0e3ed256f4b8028f91274) C:\Windows\system32\atiesrxx.exe 17:36:37.0901 5528 AMD External Events Utility - ok 17:36:37.0933 5528 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 17:36:37.0933 5528 amdide - ok 17:36:37.0948 5528 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 17:36:37.0995 5528 AmdK8 - ok 17:36:38.0354 5528 amdkmdag (09a3d41550116e898c4c6f2b941e6d07) C:\Windows\system32\DRIVERS\atipmdag.sys 17:36:38.0603 5528 amdkmdag - ok 17:36:38.0759 5528 amdkmdap (5e9d3213040458690ebb61c37ec685ba) C:\Windows\system32\DRIVERS\atikmpag.sys 17:36:38.0822 5528 amdkmdap - ok 17:36:38.0869 5528 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 17:36:38.0915 5528 AmdPPM - ok 17:36:38.0978 5528 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 17:36:39.0009 5528 amdsata - ok 17:36:39.0040 5528 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 17:36:39.0071 5528 amdsbs - ok 17:36:39.0103 5528 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 17:36:39.0118 5528 amdxata - ok 17:36:39.0149 5528 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS 17:36:39.0196 5528 AmUStor - ok 17:36:39.0305 5528 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 17:36:39.0337 5528 AntiVirSchedulerService - ok 17:36:39.0368 5528 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 17:36:39.0383 5528 AntiVirService - ok 17:36:39.0430 5528 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 17:36:39.0461 5528 AppID - ok 17:36:39.0508 5528 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 17:36:39.0586 5528 AppIDSvc - ok 17:36:39.0602 5528 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 17:36:39.0649 5528 Appinfo - ok 17:36:39.0758 5528 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:36:39.0789 5528 Apple Mobile Device - ok 17:36:39.0805 5528 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 17:36:39.0820 5528 arc - ok 17:36:39.0836 5528 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 17:36:39.0851 5528 arcsas - ok 17:36:39.0867 5528 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 17:36:39.0929 5528 AsyncMac - ok 17:36:39.0961 5528 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 17:36:39.0976 5528 atapi - ok 17:36:40.0163 5528 athr (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys 17:36:40.0241 5528 athr - ok 17:36:40.0397 5528 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys 17:36:40.0460 5528 AtiHdmiService - ok 17:36:40.0507 5528 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys 17:36:40.0553 5528 AtiPcie - ok 17:36:40.0631 5528 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 17:36:40.0694 5528 AudioEndpointBuilder - ok 17:36:40.0709 5528 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 17:36:40.0756 5528 AudioSrv - ok 17:36:40.0834 5528 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 17:36:40.0865 5528 avgntflt - ok 17:36:40.0943 5528 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 17:36:40.0959 5528 avipbb - ok 17:36:40.0975 5528 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 17:36:40.0975 5528 avkmgr - ok 17:36:41.0006 5528 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 17:36:41.0053 5528 AxInstSV - ok 17:36:41.0131 5528 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 17:36:41.0177 5528 b06bdrv - ok 17:36:41.0224 5528 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 17:36:41.0255 5528 b57nd60a - ok 17:36:41.0365 5528 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 17:36:41.0427 5528 BCM43XX - ok 17:36:41.0458 5528 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 17:36:41.0474 5528 BDESVC - ok 17:36:41.0536 5528 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 17:36:41.0614 5528 Beep - ok 17:36:41.0708 5528 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 17:36:41.0770 5528 BFE - ok 17:36:41.0848 5528 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 17:36:41.0926 5528 BITS - ok 17:36:41.0989 5528 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 17:36:42.0035 5528 blbdrive - ok 17:36:42.0191 5528 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 17:36:42.0223 5528 Bonjour Service - ok 17:36:42.0269 5528 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 17:36:42.0332 5528 bowser - ok 17:36:42.0379 5528 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:36:42.0425 5528 BrFiltLo - ok 17:36:42.0425 5528 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:36:42.0441 5528 BrFiltUp - ok 17:36:42.0488 5528 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 17:36:42.0550 5528 Browser - ok 17:36:42.0581 5528 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 17:36:42.0613 5528 Brserid - ok 17:36:42.0613 5528 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 17:36:42.0644 5528 BrSerWdm - ok 17:36:42.0675 5528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 17:36:42.0706 5528 BrUsbMdm - ok 17:36:42.0722 5528 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 17:36:42.0737 5528 BrUsbSer - ok 17:36:42.0737 5528 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 17:36:42.0769 5528 BTHMODEM - ok 17:36:42.0815 5528 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 17:36:42.0862 5528 bthserv - ok 17:36:42.0925 5528 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 17:36:42.0971 5528 cdfs - ok 17:36:43.0003 5528 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 17:36:43.0034 5528 cdrom - ok 17:36:43.0081 5528 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 17:36:43.0112 5528 CertPropSvc - ok 17:36:43.0127 5528 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 17:36:43.0159 5528 circlass - ok 17:36:43.0221 5528 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 17:36:43.0268 5528 CLFS - ok 17:36:43.0330 5528 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:36:43.0346 5528 clr_optimization_v2.0.50727_32 - ok 17:36:43.0393 5528 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:36:43.0408 5528 clr_optimization_v2.0.50727_64 - ok 17:36:43.0533 5528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:36:43.0595 5528 clr_optimization_v4.0.30319_32 - ok 17:36:43.0627 5528 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:36:43.0642 5528 clr_optimization_v4.0.30319_64 - ok 17:36:43.0658 5528 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 17:36:43.0689 5528 CmBatt - ok 17:36:43.0720 5528 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 17:36:43.0736 5528 cmdide - ok 17:36:43.0783 5528 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 17:36:43.0814 5528 CNG - ok 17:36:43.0829 5528 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 17:36:43.0845 5528 Compbatt - ok 17:36:43.0861 5528 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 17:36:43.0892 5528 CompositeBus - ok 17:36:43.0923 5528 COMSysApp - ok 17:36:43.0939 5528 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 17:36:43.0954 5528 crcdisk - ok 17:36:44.0001 5528 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 17:36:44.0032 5528 CryptSvc - ok 17:36:44.0095 5528 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 17:36:44.0157 5528 DcomLaunch - ok 17:36:44.0219 5528 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 17:36:44.0282 5528 defragsvc - ok 17:36:44.0329 5528 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 17:36:44.0360 5528 DfsC - ok 17:36:44.0407 5528 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 17:36:44.0453 5528 Dhcp - ok 17:36:44.0485 5528 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 17:36:44.0578 5528 discache - ok 17:36:44.0625 5528 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 17:36:44.0625 5528 Disk - ok 17:36:44.0687 5528 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 17:36:44.0734 5528 Dnscache - ok 17:36:44.0781 5528 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 17:36:44.0859 5528 dot3svc - ok 17:36:44.0890 5528 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 17:36:44.0937 5528 DPS - ok 17:36:44.0984 5528 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 17:36:45.0015 5528 drmkaud - ok 17:36:45.0140 5528 DsiWMIService (61e894fe1e9cc720c909e6e343351794) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 17:36:45.0171 5528 DsiWMIService - ok 17:36:45.0265 5528 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 17:36:45.0296 5528 DXGKrnl - ok 17:36:45.0327 5528 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 17:36:45.0389 5528 EapHost - ok 17:36:45.0592 5528 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 17:36:45.0686 5528 ebdrv - ok 17:36:45.0811 5528 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 17:36:45.0842 5528 EFS - ok 17:36:45.0982 5528 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 17:36:46.0013 5528 ehRecvr - ok 17:36:46.0060 5528 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 17:36:46.0091 5528 ehSched - ok 17:36:46.0185 5528 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 17:36:46.0216 5528 elxstor - ok 17:36:46.0419 5528 ePowerSvc (49eef52bfb986a2b5d70f4ec12637d7b) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe 17:36:46.0466 5528 ePowerSvc - ok 17:36:46.0591 5528 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 17:36:46.0637 5528 ErrDev - ok 17:36:46.0700 5528 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 17:36:46.0747 5528 EventSystem - ok 17:36:46.0778 5528 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 17:36:46.0840 5528 exfat - ok 17:36:46.0856 5528 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 17:36:46.0918 5528 fastfat - ok 17:36:46.0981 5528 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 17:36:47.0027 5528 Fax - ok 17:36:47.0059 5528 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 17:36:47.0074 5528 fdc - ok 17:36:47.0121 5528 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 17:36:47.0152 5528 fdPHost - ok 17:36:47.0183 5528 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 17:36:47.0246 5528 FDResPub - ok 17:36:47.0277 5528 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 17:36:47.0293 5528 FileInfo - ok 17:36:47.0308 5528 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 17:36:47.0355 5528 Filetrace - ok 17:36:47.0464 5528 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 17:36:47.0495 5528 FLEXnet Licensing Service - ok 17:36:47.0511 5528 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 17:36:47.0542 5528 flpydisk - ok 17:36:47.0620 5528 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 17:36:47.0636 5528 FltMgr - ok 17:36:47.0729 5528 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 17:36:47.0761 5528 FontCache - ok 17:36:47.0839 5528 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:36:47.0870 5528 FontCache3.0.0.0 - ok 17:36:47.0917 5528 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 17:36:47.0948 5528 FsDepends - ok 17:36:47.0979 5528 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 17:36:47.0995 5528 Fs_Rec - ok 17:36:48.0057 5528 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 17:36:48.0088 5528 fvevol - ok 17:36:48.0119 5528 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 17:36:48.0119 5528 gagp30kx - ok 17:36:48.0307 5528 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe 17:36:48.0338 5528 GameConsoleService - ok 17:36:48.0369 5528 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:36:48.0385 5528 GEARAspiWDM - ok 17:36:48.0447 5528 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 17:36:48.0494 5528 gpsvc - ok 17:36:48.0665 5528 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe 17:36:48.0681 5528 Greg_Service - ok 17:36:48.0790 5528 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:36:48.0806 5528 gupdate - ok 17:36:48.0837 5528 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:36:48.0853 5528 gupdatem - ok 17:36:48.0993 5528 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 17:36:49.0040 5528 hcw85cir - ok 17:36:49.0087 5528 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 17:36:49.0133 5528 HdAudAddService - ok 17:36:49.0180 5528 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 17:36:49.0211 5528 HDAudBus - ok 17:36:49.0243 5528 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 17:36:49.0274 5528 HidBatt - ok 17:36:49.0274 5528 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 17:36:49.0305 5528 HidBth - ok 17:36:49.0321 5528 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 17:36:49.0367 5528 HidIr - ok 17:36:49.0399 5528 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 17:36:49.0492 5528 hidserv - ok 17:36:49.0539 5528 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 17:36:49.0586 5528 HidUsb - ok 17:36:49.0633 5528 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 17:36:49.0679 5528 hkmsvc - ok 17:36:49.0711 5528 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 17:36:49.0726 5528 HomeGroupListener - ok 17:36:49.0757 5528 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 17:36:49.0789 5528 HomeGroupProvider - ok 17:36:49.0945 5528 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 17:36:49.0991 5528 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 17:36:49.0991 5528 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 17:36:50.0023 5528 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 17:36:50.0069 5528 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 17:36:50.0069 5528 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 17:36:50.0116 5528 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 17:36:50.0132 5528 HpSAMD - ok 17:36:50.0257 5528 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 17:36:50.0303 5528 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 17:36:50.0303 5528 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 17:36:50.0366 5528 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 17:36:50.0428 5528 HTTP - ok 17:36:50.0459 5528 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 17:36:50.0459 5528 hwpolicy - ok 17:36:50.0491 5528 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 17:36:50.0506 5528 i8042prt - ok 17:36:50.0584 5528 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 17:36:50.0615 5528 iaStorV - ok 17:36:50.0725 5528 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:36:50.0756 5528 idsvc - ok 17:36:51.0130 5528 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 17:36:51.0317 5528 igfx - ok 17:36:51.0458 5528 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 17:36:51.0489 5528 iirsp - ok 17:36:51.0583 5528 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 17:36:51.0645 5528 IKEEXT - ok 17:36:51.0848 5528 IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\Windows\system32\drivers\RTKVHD64.sys 17:36:51.0910 5528 IntcAzAudAddService - ok 17:36:52.0051 5528 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 17:36:52.0082 5528 intelide - ok 17:36:52.0097 5528 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 17:36:52.0129 5528 intelppm - ok 17:36:52.0191 5528 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 17:36:52.0238 5528 IPBusEnum - ok 17:36:52.0253 5528 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:36:52.0285 5528 IpFilterDriver - ok 17:36:52.0331 5528 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 17:36:52.0378 5528 iphlpsvc - ok 17:36:52.0394 5528 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 17:36:52.0409 5528 IPMIDRV - ok 17:36:52.0441 5528 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 17:36:52.0503 5528 IPNAT - ok 17:36:52.0706 5528 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 17:36:52.0737 5528 iPod Service - ok 17:36:52.0753 5528 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 17:36:52.0768 5528 IRENUM - ok 17:36:52.0799 5528 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 17:36:52.0815 5528 isapnp - ok 17:36:52.0846 5528 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 17:36:52.0862 5528 iScsiPrt - ok 17:36:52.0862 5528 k57nd60a - ok 17:36:52.0893 5528 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 17:36:52.0893 5528 kbdclass - ok 17:36:52.0909 5528 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 17:36:52.0955 5528 kbdhid - ok 17:36:52.0987 5528 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 17:36:53.0002 5528 KeyIso - ok 17:36:53.0018 5528 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 17:36:53.0033 5528 KSecDD - ok 17:36:53.0049 5528 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 17:36:53.0065 5528 KSecPkg - ok 17:36:53.0080 5528 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 17:36:53.0127 5528 ksthunk - ok 17:36:53.0174 5528 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 17:36:53.0236 5528 KtmRm - ok 17:36:53.0267 5528 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys 17:36:53.0283 5528 L1E - ok 17:36:53.0314 5528 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll 17:36:53.0345 5528 LanmanServer - ok 17:36:53.0377 5528 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 17:36:53.0439 5528 LanmanWorkstation - ok 17:36:53.0642 5528 Lavasoft Ad-Aware Service (bd1e59ffeb8d84dc592a92497d823322) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe 17:36:53.0673 5528 Lavasoft Ad-Aware Service - ok 17:36:53.0720 5528 Lavasoft Kernexplorer (ad134c8802355be1b24606fca8a4a50d) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys 17:36:53.0751 5528 Lavasoft Kernexplorer - ok 17:36:53.0876 5528 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys 17:36:53.0907 5528 Lbd - ok 17:36:53.0954 5528 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 17:36:54.0016 5528 lltdio - ok 17:36:54.0079 5528 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 17:36:54.0141 5528 lltdsvc - ok 17:36:54.0172 5528 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 17:36:54.0203 5528 lmhosts - ok 17:36:54.0235 5528 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 17:36:54.0250 5528 LSI_FC - ok 17:36:54.0266 5528 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 17:36:54.0281 5528 LSI_SAS - ok 17:36:54.0281 5528 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:36:54.0297 5528 LSI_SAS2 - ok 17:36:54.0297 5528 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:36:54.0313 5528 LSI_SCSI - ok 17:36:54.0344 5528 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 17:36:54.0406 5528 luafv - ok 17:36:54.0453 5528 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 17:36:54.0484 5528 MBAMProtector - ok 17:36:54.0578 5528 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 17:36:54.0593 5528 MBAMService - ok 17:36:54.0640 5528 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 17:36:54.0671 5528 Mcx2Svc - ok 17:36:54.0703 5528 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 17:36:54.0718 5528 megasas - ok 17:36:54.0734 5528 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 17:36:54.0765 5528 MegaSR - ok 17:36:54.0796 5528 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 17:36:54.0859 5528 MMCSS - ok 17:36:54.0859 5528 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 17:36:54.0905 5528 Modem - ok 17:36:54.0937 5528 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 17:36:54.0968 5528 monitor - ok 17:36:55.0015 5528 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 17:36:55.0030 5528 mouclass - ok 17:36:55.0061 5528 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 17:36:55.0108 5528 mouhid - ok 17:36:55.0139 5528 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 17:36:55.0171 5528 mountmgr - ok 17:36:55.0186 5528 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 17:36:55.0202 5528 mpio - ok 17:36:55.0217 5528 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 17:36:55.0249 5528 mpsdrv - ok 17:36:55.0311 5528 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 17:36:55.0373 5528 MpsSvc - ok 17:36:55.0405 5528 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 17:36:55.0420 5528 MRxDAV - ok 17:36:55.0467 5528 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:36:55.0498 5528 mrxsmb - ok 17:36:55.0561 5528 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:36:55.0592 5528 mrxsmb10 - ok 17:36:55.0623 5528 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:36:55.0639 5528 mrxsmb20 - ok 17:36:55.0685 5528 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 17:36:55.0717 5528 msahci - ok 17:36:55.0732 5528 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 17:36:55.0748 5528 msdsm - ok 17:36:55.0779 5528 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 17:36:55.0826 5528 MSDTC - ok 17:36:55.0857 5528 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 17:36:55.0888 5528 Msfs - ok 17:36:55.0904 5528 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 17:36:55.0935 5528 mshidkmdf - ok 17:36:55.0951 5528 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 17:36:55.0951 5528 msisadrv - ok 17:36:55.0982 5528 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 17:36:56.0044 5528 MSiSCSI - ok 17:36:56.0044 5528 msiserver - ok 17:36:56.0091 5528 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 17:36:56.0122 5528 MSKSSRV - ok 17:36:56.0122 5528 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 17:36:56.0185 5528 MSPCLOCK - ok 17:36:56.0200 5528 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 17:36:56.0247 5528 MSPQM - ok 17:36:56.0309 5528 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 17:36:56.0325 5528 MsRPC - ok 17:36:56.0341 5528 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 17:36:56.0356 5528 mssmbios - ok 17:36:56.0387 5528 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 17:36:56.0434 5528 MSTEE - ok 17:36:56.0434 5528 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 17:36:56.0465 5528 MTConfig - ok 17:36:56.0497 5528 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 17:36:56.0512 5528 Mup - ok 17:36:56.0559 5528 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 17:36:56.0668 5528 napagent - ok 17:36:56.0746 5528 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 17:36:56.0777 5528 NativeWifiP - ok 17:36:56.0809 5528 NAVENG - ok 17:36:56.0809 5528 NAVEX15 - ok 17:36:56.0871 5528 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 17:36:56.0902 5528 NDIS - ok 17:36:56.0918 5528 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 17:36:56.0949 5528 NdisCap - ok 17:36:56.0980 5528 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 17:36:57.0027 5528 NdisTapi - ok 17:36:57.0074 5528 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 17:36:57.0121 5528 Ndisuio - ok 17:36:57.0167 5528 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 17:36:57.0199 5528 NdisWan - ok 17:36:57.0214 5528 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 17:36:57.0277 5528 NDProxy - ok 17:36:57.0370 5528 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll 17:36:57.0401 5528 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 17:36:57.0401 5528 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 17:36:57.0433 5528 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 17:36:57.0511 5528 NetBIOS - ok 17:36:57.0542 5528 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 17:36:57.0573 5528 NetBT - ok 17:36:57.0604 5528 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 17:36:57.0620 5528 Netlogon - ok 17:36:57.0682 5528 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 17:36:57.0760 5528 Netman - ok 17:36:57.0807 5528 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 17:36:57.0869 5528 netprofm - ok 17:36:57.0916 5528 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:36:57.0932 5528 NetTcpPortSharing - ok 17:36:57.0963 5528 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 17:36:57.0979 5528 nfrd960 - ok 17:36:58.0072 5528 NIS (ea212858f303cf715775c6b86a7cbbc4) C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe 17:36:58.0103 5528 NIS - ok 17:36:58.0150 5528 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 17:36:58.0213 5528 NlaSvc - ok 17:36:58.0259 5528 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 17:36:58.0337 5528 Npfs - ok 17:36:58.0353 5528 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 17:36:58.0431 5528 nsi - ok 17:36:58.0462 5528 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 17:36:58.0525 5528 nsiproxy - ok 17:36:58.0649 5528 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 17:36:58.0696 5528 Ntfs - ok 17:36:58.0790 5528 NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe 17:36:58.0837 5528 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning 17:36:58.0837 5528 NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1) 17:36:58.0977 5528 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 17:36:59.0008 5528 NTIDrvr - ok 17:36:59.0024 5528 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 17:36:59.0071 5528 Null - ok 17:36:59.0102 5528 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 17:36:59.0117 5528 nvraid - ok 17:36:59.0164 5528 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 17:36:59.0180 5528 nvstor - ok 17:36:59.0195 5528 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 17:36:59.0211 5528 nv_agp - ok 17:36:59.0336 5528 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:36:59.0367 5528 odserv - ok 17:36:59.0398 5528 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 17:36:59.0430 5528 ohci1394 - ok 17:36:59.0492 5528 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:36:59.0523 5528 ose - ok 17:36:59.0570 5528 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 17:36:59.0601 5528 p2pimsvc - ok 17:36:59.0648 5528 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 17:36:59.0664 5528 p2psvc - ok 17:36:59.0695 5528 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 17:36:59.0710 5528 Parport - ok 17:36:59.0757 5528 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 17:36:59.0788 5528 partmgr - ok 17:36:59.0804 5528 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 17:36:59.0835 5528 PcaSvc - ok 17:36:59.0882 5528 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 17:36:59.0882 5528 pci - ok 17:36:59.0898 5528 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 17:36:59.0913 5528 pciide - ok 17:36:59.0944 5528 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 17:36:59.0960 5528 pcmcia - ok 17:36:59.0976 5528 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 17:36:59.0991 5528 pcw - ok 17:37:00.0038 5528 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 17:37:00.0100 5528 PEAUTH - ok 17:37:00.0194 5528 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 17:37:00.0241 5528 PerfHost - ok 17:37:00.0366 5528 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 17:37:00.0444 5528 pla - ok 17:37:00.0490 5528 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 17:37:00.0537 5528 PlugPlay - ok 17:37:00.0600 5528 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll 17:37:00.0631 5528 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 17:37:00.0631 5528 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 17:37:00.0662 5528 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 17:37:00.0693 5528 PNRPAutoReg - ok 17:37:00.0740 5528 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 17:37:00.0756 5528 PNRPsvc - ok 17:37:00.0802 5528 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 17:37:00.0865 5528 PolicyAgent - ok 17:37:00.0912 5528 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 17:37:00.0958 5528 Power - ok 17:37:01.0036 5528 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 17:37:01.0130 5528 PptpMiniport - ok 17:37:01.0146 5528 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 17:37:01.0208 5528 Processor - ok 17:37:01.0239 5528 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 17:37:01.0270 5528 ProfSvc - ok 17:37:01.0302 5528 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 17:37:01.0317 5528 ProtectedStorage - ok 17:37:01.0348 5528 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 17:37:01.0395 5528 Psched - ok 17:37:01.0426 5528 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 17:37:01.0442 5528 PxHlpa64 - ok 17:37:01.0536 5528 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 17:37:01.0582 5528 ql2300 - ok 17:37:01.0723 5528 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 17:37:01.0754 5528 ql40xx - ok 17:37:01.0785 5528 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 17:37:01.0816 5528 QWAVE - ok 17:37:01.0848 5528 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 17:37:01.0863 5528 QWAVEdrv - ok 17:37:01.0879 5528 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 17:37:01.0926 5528 RasAcd - ok 17:37:01.0972 5528 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 17:37:02.0019 5528 RasAgileVpn - ok 17:37:02.0035 5528 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 17:37:02.0066 5528 RasAuto - ok 17:37:02.0082 5528 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:37:02.0144 5528 Rasl2tp - ok 17:37:02.0191 5528 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 17:37:02.0253 5528 RasMan - ok 17:37:02.0284 5528 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 17:37:02.0331 5528 RasPppoe - ok 17:37:02.0362 5528 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 17:37:02.0425 5528 RasSstp - ok 17:37:02.0456 5528 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 17:37:02.0487 5528 rdbss - ok 17:37:02.0518 5528 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 17:37:02.0550 5528 rdpbus - ok 17:37:02.0565 5528 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:37:02.0612 5528 RDPCDD - ok 17:37:02.0628 5528 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 17:37:02.0674 5528 RDPENCDD - ok 17:37:02.0690 5528 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 17:37:02.0737 5528 RDPREFMP - ok 17:37:02.0768 5528 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 17:37:02.0815 5528 RDPWD - ok 17:37:02.0877 5528 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 17:37:02.0908 5528 rdyboost - ok 17:37:02.0940 5528 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 17:37:02.0986 5528 RemoteAccess - ok 17:37:03.0033 5528 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 17:37:03.0127 5528 RemoteRegistry - ok 17:37:03.0142 5528 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 17:37:03.0174 5528 RpcEptMapper - ok 17:37:03.0189 5528 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 17:37:03.0220 5528 RpcLocator - ok 17:37:03.0283 5528 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 17:37:03.0314 5528 RpcSs - ok 17:37:03.0361 5528 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 17:37:03.0408 5528 rspndr - ok 17:37:03.0454 5528 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 17:37:03.0470 5528 SamSs - ok 17:37:03.0501 5528 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 17:37:03.0517 5528 sbp2port - ok 17:37:03.0548 5528 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 17:37:03.0610 5528 SCardSvr - ok 17:37:03.0642 5528 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 17:37:03.0688 5528 scfilter - ok 17:37:03.0798 5528 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 17:37:03.0813 5528 Schedule - ok 17:37:03.0860 5528 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 17:37:03.0891 5528 SCPolicySvc - ok 17:37:03.0922 5528 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 17:37:03.0954 5528 SDRSVC - ok 17:37:04.0016 5528 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 17:37:04.0094 5528 secdrv - ok 17:37:04.0110 5528 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 17:37:04.0203 5528 seclogon - ok 17:37:04.0234 5528 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 17:37:04.0297 5528 SENS - ok 17:37:04.0328 5528 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 17:37:04.0359 5528 SensrSvc - ok 17:37:04.0390 5528 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 17:37:04.0406 5528 Serenum - ok 17:37:04.0422 5528 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 17:37:04.0453 5528 Serial - ok 17:37:04.0453 5528 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 17:37:04.0484 5528 sermouse - ok 17:37:04.0515 5528 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 17:37:04.0562 5528 SessionEnv - ok 17:37:04.0562 5528 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 17:37:04.0593 5528 sffdisk - ok 17:37:04.0593 5528 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 17:37:04.0624 5528 sffp_mmc - ok 17:37:04.0624 5528 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 17:37:04.0640 5528 sffp_sd - ok 17:37:04.0687 5528 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 17:37:04.0734 5528 sfloppy - ok 17:37:04.0796 5528 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 17:37:04.0874 5528 SharedAccess - ok 17:37:04.0921 5528 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 17:37:04.0936 5528 ShellHWDetection - ok 17:37:04.0936 5528 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:37:04.0952 5528 SiSRaid2 - ok 17:37:04.0968 5528 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 17:37:04.0968 5528 SiSRaid4 - ok 17:37:04.0983 5528 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 17:37:05.0046 5528 Smb - ok 17:37:05.0077 5528 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 17:37:05.0124 5528 SNMPTRAP - ok 17:37:05.0155 5528 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 17:37:05.0170 5528 spldr - ok 17:37:05.0248 5528 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 17:37:05.0295 5528 Spooler - ok 17:37:05.0560 5528 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 17:37:05.0638 5528 sppsvc - ok 17:37:05.0763 5528 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 17:37:05.0857 5528 sppuinotify - ok 17:37:05.0982 5528 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1101000.013\SRTSP64.SYS 17:37:05.0997 5528 SRTSP - ok 17:37:06.0013 5528 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1101000.013\SRTSPX64.SYS 17:37:06.0028 5528 SRTSPX - ok 17:37:06.0091 5528 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 17:37:06.0106 5528 srv - ok 17:37:06.0138 5528 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 17:37:06.0153 5528 srv2 - ok 17:37:06.0200 5528 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 17:37:06.0231 5528 srvnet - ok 17:37:06.0278 5528 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 17:37:06.0340 5528 SSDPSRV - ok 17:37:06.0356 5528 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 17:37:06.0418 5528 SstpSvc - ok 17:37:06.0450 5528 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 17:37:06.0465 5528 stexstor - ok 17:37:06.0496 5528 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 17:37:06.0528 5528 StillCam - ok 17:37:06.0606 5528 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 17:37:06.0637 5528 stisvc - ok 17:37:06.0652 5528 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 17:37:06.0668 5528 swenum - ok 17:37:06.0715 5528 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 17:37:06.0762 5528 swprv - ok 17:37:06.0824 5528 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys 17:37:06.0840 5528 SynTP - ok 17:37:06.0949 5528 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 17:37:07.0011 5528 SysMain - ok 17:37:07.0136 5528 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 17:37:07.0198 5528 TabletInputService - ok 17:37:07.0245 5528 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 17:37:07.0308 5528 TapiSrv - ok 17:37:07.0417 5528 tbhsd (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys 17:37:07.0448 5528 tbhsd - ok 17:37:07.0479 5528 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 17:37:07.0557 5528 TBS - ok 17:37:07.0682 5528 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 17:37:07.0729 5528 Tcpip - ok 17:37:07.0994 5528 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 17:37:08.0072 5528 TCPIP6 - ok 17:37:08.0212 5528 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 17:37:08.0275 5528 tcpipreg - ok 17:37:08.0290 5528 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 17:37:08.0290 5528 TDPIPE - ok 17:37:08.0337 5528 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 17:37:08.0368 5528 TDTCP - ok 17:37:08.0400 5528 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 17:37:08.0446 5528 tdx - ok 17:37:08.0478 5528 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 17:37:08.0493 5528 TermDD - ok 17:37:08.0540 5528 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 17:37:08.0602 5528 TermService - ok 17:37:08.0634 5528 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 17:37:08.0665 5528 Themes - ok 17:37:08.0712 5528 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 17:37:08.0743 5528 THREADORDER - ok 17:37:08.0774 5528 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 17:37:08.0836 5528 TrkWks - ok 17:37:08.0899 5528 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 17:37:08.0930 5528 TrustedInstaller - ok 17:37:08.0961 5528 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:37:09.0055 5528 tssecsrv - ok 17:37:09.0117 5528 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 17:37:09.0195 5528 tunnel - ok 17:37:09.0211 5528 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 17:37:09.0226 5528 uagp35 - ok 17:37:09.0258 5528 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 17:37:09.0273 5528 UBHelper - ok 17:37:09.0304 5528 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 17:37:09.0367 5528 udfs - ok 17:37:09.0398 5528 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 17:37:09.0414 5528 UI0Detect - ok 17:37:09.0429 5528 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 17:37:09.0445 5528 uliagpkx - ok 17:37:09.0476 5528 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 17:37:09.0523 5528 umbus - ok 17:37:09.0538 5528 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 17:37:09.0554 5528 UmPass - ok 17:37:09.0694 5528 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe 17:37:09.0726 5528 Updater Service - ok 17:37:09.0757 5528 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 17:37:09.0819 5528 upnphost - ok 17:37:09.0882 5528 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 17:37:09.0928 5528 USBAAPL64 - ok 17:37:09.0975 5528 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys 17:37:10.0022 5528 usbccgp - ok 17:37:10.0069 5528 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 17:37:10.0100 5528 usbcir - ok 17:37:10.0131 5528 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys 17:37:10.0162 5528 usbehci - ok 17:37:10.0209 5528 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys 17:37:10.0225 5528 usbfilter - ok 17:37:10.0287 5528 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys 17:37:10.0318 5528 usbhub - ok 17:37:10.0350 5528 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys 17:37:10.0396 5528 usbohci - ok 17:37:10.0443 5528 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 17:37:10.0474 5528 usbprint - ok 17:37:10.0506 5528 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 17:37:10.0521 5528 usbscan - ok 17:37:10.0568 5528 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:37:10.0599 5528 USBSTOR - ok 17:37:10.0630 5528 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys 17:37:10.0662 5528 usbuhci - ok 17:37:10.0708 5528 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 17:37:10.0755 5528 usbvideo - ok 17:37:10.0786 5528 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 17:37:10.0818 5528 UxSms - ok 17:37:10.0864 5528 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 17:37:10.0896 5528 VaultSvc - ok 17:37:10.0896 5528 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 17:37:10.0911 5528 vdrvroot - ok 17:37:10.0958 5528 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 17:37:10.0989 5528 vds - ok 17:37:11.0036 5528 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 17:37:11.0067 5528 vga - ok 17:37:11.0083 5528 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 17:37:11.0161 5528 VgaSave - ok 17:37:11.0192 5528 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 17:37:11.0208 5528 vhdmp - ok 17:37:11.0208 5528 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 17:37:11.0223 5528 viaide - ok 17:37:11.0239 5528 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 17:37:11.0254 5528 volmgr - ok 17:37:11.0286 5528 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 17:37:11.0301 5528 volmgrx - ok 17:37:11.0332 5528 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 17:37:11.0348 5528 volsnap - ok 17:37:11.0364 5528 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 17:37:11.0379 5528 vsmraid - ok 17:37:11.0488 5528 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 17:37:11.0535 5528 VSS - ok 17:37:11.0676 5528 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 17:37:11.0707 5528 vwifibus - ok 17:37:11.0722 5528 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 17:37:11.0754 5528 vwififlt - ok 17:37:11.0769 5528 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 17:37:11.0785 5528 vwifimp - ok 17:37:11.0816 5528 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 17:37:11.0863 5528 W32Time - ok 17:37:11.0878 5528 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 17:37:11.0925 5528 WacomPen - ok 17:37:11.0956 5528 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 17:37:12.0050 5528 WANARP - ok 17:37:12.0050 5528 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 17:37:12.0081 5528 Wanarpv6 - ok 17:37:12.0190 5528 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 17:37:12.0237 5528 wbengine - ok 17:37:12.0378 5528 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 17:37:12.0409 5528 WbioSrvc - ok 17:37:12.0471 5528 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 17:37:12.0502 5528 wcncsvc - ok 17:37:12.0534 5528 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 17:37:12.0549 5528 WcsPlugInService - ok 17:37:12.0580 5528 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 17:37:12.0596 5528 Wd - ok 17:37:12.0643 5528 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 17:37:12.0658 5528 Wdf01000 - ok 17:37:12.0674 5528 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 17:37:12.0721 5528 WdiServiceHost - ok 17:37:12.0721 5528 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 17:37:12.0736 5528 WdiSystemHost - ok 17:37:12.0783 5528 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 17:37:12.0799 5528 WebClient - ok 17:37:12.0830 5528 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 17:37:12.0892 5528 Wecsvc - ok 17:37:12.0908 5528 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 17:37:12.0955 5528 wercplsupport - ok 17:37:12.0970 5528 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 17:37:13.0033 5528 WerSvc - ok 17:37:13.0095 5528 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 17:37:13.0158 5528 WfpLwf - ok 17:37:13.0173 5528 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 17:37:13.0173 5528 WIMMount - ok 17:37:13.0204 5528 WinDefend - ok 17:37:13.0220 5528 WinHttpAutoProxySvc - ok 17:37:13.0282 5528 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 17:37:13.0360 5528 Winmgmt - ok 17:37:13.0501 5528 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 17:37:13.0579 5528 WinRM - ok 17:37:13.0750 5528 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys 17:37:13.0797 5528 WinUsb - ok 17:37:13.0906 5528 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 17:37:13.0969 5528 Wlansvc - ok 17:37:14.0218 5528 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:37:14.0296 5528 wlidsvc - ok 17:37:14.0406 5528 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 17:37:14.0452 5528 WmiAcpi - ok 17:37:14.0530 5528 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 17:37:14.0593 5528 wmiApSrv - ok 17:37:14.0655 5528 WMPNetworkSvc - ok 17:37:14.0702 5528 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 17:37:14.0733 5528 WPCSvc - ok 17:37:14.0749 5528 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 17:37:14.0764 5528 WPDBusEnum - ok 17:37:14.0796 5528 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 17:37:14.0874 5528 ws2ifsl - ok 17:37:14.0905 5528 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll 17:37:14.0920 5528 wscsvc - ok 17:37:14.0967 5528 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys 17:37:15.0030 5528 WSDPrintDevice - ok 17:37:15.0030 5528 WSearch - ok 17:37:15.0201 5528 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 17:37:15.0264 5528 wuauserv - ok 17:37:15.0373 5528 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 17:37:15.0435 5528 WudfPf - ok 17:37:15.0466 5528 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:37:15.0498 5528 WUDFRd - ok 17:37:15.0529 5528 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 17:37:15.0591 5528 wudfsvc - ok 17:37:15.0622 5528 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 17:37:15.0654 5528 WwanSvc - ok 17:37:15.0700 5528 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 17:37:16.0044 5528 \Device\Harddisk0\DR0 - ok 17:37:16.0044 5528 Boot (0x1200) (2ebc792c3b4b064864f6f57f6d8eae7c) \Device\Harddisk0\DR0\Partition0 17:37:16.0044 5528 \Device\Harddisk0\DR0\Partition0 - ok 17:37:16.0090 5528 Boot (0x1200) (52b01421a2250f970de68f817c3754c0) \Device\Harddisk0\DR0\Partition1 17:37:16.0090 5528 \Device\Harddisk0\DR0\Partition1 - ok 17:37:16.0090 5528 ============================================================ 17:37:16.0090 5528 Scan finished 17:37:16.0090 5528 ============================================================ 17:37:16.0106 5560 Detected object count: 6 17:37:16.0106 5560 Actual detected object count: 6 17:39:26.0538 5560 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 17:39:26.0538 5560 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:39:26.0553 5560 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:39:26.0553 5560 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:39:26.0553 5560 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 17:39:26.0553 5560 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:39:26.0553 5560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 17:39:26.0553 5560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:39:26.0553 5560 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:39:26.0553 5560 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:39:26.0553 5560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 17:39:26.0553 5560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
05.07.2012, 09:16 | #24 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
05.07.2012, 19:18 | #25 |
| S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Ist erledigt Combofix Logfile: Code:
ATTFilter ComboFix 12-07-05.03 - Sunny 05.07.2012 19:55:30.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4094.2586 [GMT 2:00] ausgeführt von:: c:\users\Sunny\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6} AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe c:\users\Sunny\AppData\Roaming\Microsoft\Windows\Templates\install_flashplayer11x64_mssd_aih.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-05 bis 2012-07-05 )))))))))))))))))))))))))))))) . . 2012-07-05 18:04 . 2012-07-05 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-03 16:48 . 2012-07-03 16:48 -------- d-----w- C:\_OTL 2012-06-27 16:54 . 2012-06-27 16:54 -------- d-----w- c:\program files (x86)\ESET 2012-06-21 19:06 . 2003-02-02 17:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll 2012-06-21 19:06 . 2002-03-05 22:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll 2012-06-21 19:06 . 2012-06-21 19:07 -------- d-----w- c:\program files (x86)\Trojan Remover 2012-06-21 19:06 . 2012-06-21 19:06 -------- d-----w- c:\users\Sunny\AppData\Roaming\Simply Super Software 2012-06-21 19:06 . 2012-06-21 19:06 -------- d-----w- c:\programdata\Simply Super Software 2012-06-21 13:17 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-06-21 13:17 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll 2012-06-21 13:17 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-21 13:16 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-06-21 13:16 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-21 13:16 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-21 13:16 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-21 13:16 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-21 13:16 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-21 13:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 13:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 13:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 13:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 13:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 13:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 13:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 13:06 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 13:06 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-20 17:46 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-20 17:46 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-20 17:46 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-20 17:45 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-20 17:45 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-20 17:45 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-20 17:45 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys 2012-06-20 17:45 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-18 19:01 . 2012-05-11 09:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys 2012-06-18 19:01 . 2012-06-18 19:01 -------- d-----w- c:\program files (x86)\PC Tools 2012-06-18 19:00 . 2012-06-21 02:38 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-06-18 18:59 . 2012-06-18 19:01 -------- d-----w- c:\programdata\PC Tools 2012-06-18 18:59 . 2012-06-18 18:59 -------- d-----w- c:\users\Sunny\AppData\Roaming\TestApp 2012-06-18 18:22 . 2012-07-05 17:47 -------- d-----w- c:\programdata\boost_interprocess 2012-06-18 17:35 . 2012-06-21 20:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-31 04:04 . 2012-07-03 12:26 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FC26551-06A2-4055-982E-C6271C8E629C}\mpengine.dll 2012-05-11 19:00 . 2012-05-11 19:00 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-11 19:00 . 2011-12-08 13:25 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-08 18:49 . 2012-05-04 08:50 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-08 18:49 . 2012-05-04 08:50 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Intel AppUp(SM) center"="c:\users\Sunny\Desktop\IntelAppStore\bin\ismagent.lnk" [2011-06-25 968] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-03-08 258560] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-17 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-04 1300560] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-02-12 600688] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "TuneClone"="c:\users\Sunny\Desktop\TuneClone\TuneClone.exe" [2010-07-21 4546560] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-06-21 1240848] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Sunny\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\users\Sunny\Desktop\Audible\Bin\AudibleDownloadHelper.exe [N/A] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 136176] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 136176] R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-08 69152] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-18 202752] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-04 325200] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-02-05 865824] S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-04-14 1378040] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [2009-10-20 126392] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-08 250368] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-18 6405120] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-18 188928] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2010-11-04 17440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - LAVASOFT_KERNEXPLORER *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners . 2012-07-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-08 12:03] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 08:54] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 08:54] . 2012-07-05 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-09-08 09:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584] "PLFSetI"="c:\windows\PLFSetI.exe" [2009-01-29 206208] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-02-05 860192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 FF - ProfilePath - c:\users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\mdztwswr.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKLM-Run-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-AudibleDownloadManager - c:\users\Sunny\Desktop\Audible\Bin\AudibleDM_iTunesSetup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe c:\users\Sunny\Desktop\IntelAppStore\bin\ismagent.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.bin c:\program files (x86)\Launch Manager\LMworker.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-07-05 20:14:56 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-07-05 18:14 . Vor Suchlauf: 13 Verzeichnis(se), 210.241.527.808 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 210.130.395.136 Bytes frei . - - End Of File - - 5AB4F12F69DBA6AC54784047E4FFC7FA Grüssle, Sonja |
05.07.2012, 20:30 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden abCode:
ATTFilter AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6} AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} Wenn ja würde ich umgehend Ad-Aware und Norton IS deinstallieren
__________________ Logfiles bitte immer in CODE-Tags posten |
05.07.2012, 20:47 | #27 |
| S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Ich muss zu meiner Schande gestehen doch :-( Aber ich habe Norton und Ad-Aware gerade deinstalliert. Das wäre nämlich meine Frage zum Schluss gewesen, was davon benötige ich wirklich und was ist am Besten. Jetzt ist nur noch Avira drauf. =) Grüssle, Sonja |
05.07.2012, 21:06 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
06.07.2012, 13:47 | #29 |
| S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Huhu neuer Tag, neue Logs: OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 14:12:07 on 06.07.2012 OS: Windows 7 Home Premium Edition (Build 7600), 64-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Ad-Aware Update (Weekly).job" - ? - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (File not found) "HP Photo Creations Communicator.job" - ? - C:\ProgramData\HP Photo Creations\MessageCheck.exe (File found, but it contains no detailed information) "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0" (k57nd60a) - ? - C:\Windows\system32\drivers\k57nd60a.sys (File not found) "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys "PxHlpa64" (PxHlpa64) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHlpa64.sys "Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\Windows\System32\drivers\tbhsd.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - ? - C:\Users\Sunny\Desktop\Audible\Bin\AudibleExt.dll (File not found) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - ? - C:\Users\Sunny\Desktop\Audible\Bin\AudibleExt.dll (File not found) {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\Users\Sunny\Desktop\FREEM4~1\m4a_menu.dll (File not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll "ICQ7.5" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.5\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Sunny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "OpenOffice.org 3.3.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Audible Download Manager.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk (Shortcut exists | File not found) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Intel AppUp(SM) center" - ? - "C:\Users\Sunny\Desktop\IntelAppStore\bin\ismagent.lnk" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k "Camera Assistant Software" - "Chicony" - "C:\Program Files (x86)\Video Web Camera\traybar.exe" "HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "TuneClone" - "TuneClone.COM" - C:\Users\Sunny\Desktop\TuneClone\TuneClone.exe /silence [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GRegService" (Greg_Service) - "Acer Incorporated" - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR: aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-07-06 14:17:08 ----------------------------- 14:17:08.330 OS Version: Windows x64 6.1.7600 14:17:08.330 Number of processors: 2 586 0x603 14:17:08.330 ComputerName: SUNNY-PC UserName: Sunny 14:17:09.968 Initialize success 14:17:39.423 AVAST engine defs: 12070600 14:17:45.772 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 14:17:45.787 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC60F Size: 305245MB BusType: 11 14:17:45.803 Disk 0 MBR read successfully 14:17:45.803 Disk 0 MBR scan 14:17:45.819 Disk 0 Windows VISTA default MBR code 14:17:45.819 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048 14:17:45.850 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048 14:17:45.865 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292143 MB offset 26830848 14:17:45.881 Disk 0 scanning C:\Windows\system32\drivers 14:17:56.208 Service scanning 14:18:29.093 Modules scanning 14:18:29.109 Disk 0 trace - called modules: 14:18:29.140 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 14:18:29.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd5410] 14:18:29.155 3 CLASSPNP.SYS[fffff8800190c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049b1060] 14:18:30.341 AVAST engine scan C:\Windows 14:18:35.005 AVAST engine scan C:\Windows\system32 14:21:49.866 AVAST engine scan C:\Windows\system32\drivers 14:22:02.315 AVAST engine scan C:\Users\Sunny 14:38:20.456 AVAST engine scan C:\ProgramData 14:42:50.134 Scan finished successfully 14:43:54.547 Disk 0 MBR has been saved successfully to "C:\Users\Sunny\Desktop\MBR.dat" 14:43:54.547 The log file has been saved successfully to "C:\Users\Sunny\Desktop\aswMBR.txt" GMER brachte mir nur die Meldung dass nichts gefunden wurde? Ich finde allerdings den Log Text dazu nicht? Grüssle, Sonja |
08.07.2012, 18:22 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab |
100%, absolut, alureon, antivir, besser, bricht, frage, hallo zusammen, laptop, liebe, lieben, maleware, neuaufsetzen, neustart, packard bell, schaltet, stunde, stunden, stürzt, troja, trojaner, windows, windows 7, würde, würdet, zusammen |