| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ist vikyrefwaqis.exe ein Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.08.2012, 20:22
| #1 |
 |  Ist vikyrefwaqis.exe ein Virus? Hallo, Das Programm vikyrefwaqis.exe versucht Zugriff auf den PC über die Benutzerkontensteuerung zu bekommen. Wenn man hier auf nein klickt kommt die Meldung immer wieder. Die Datei wurde gestern erstellt, ich habe sie aber nicht bewusst heruntergeladen und auch sonst gestern und heute keine Software installiert. Handelt es sich um einen Virus, und wie werde ich den wieder los? Hier noch die erstellten Logs: OTL Code:
ATTFilter OTL logfile created on: 06.08.2012 20:13:28 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\ISA\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,12% Memory free 7,83 Gb Paging File | 5,66 Gb Available in Paging File | 72,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 187,72 Gb Free Space | 42,08% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: ISA-PC | User Name: ISA | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.06 20:11:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ISA\Desktop\OTL.exe PRC - [2012.08.05 20:52:23 | 000,089,032 | ---- | M] (IO-DATA) -- C:\Users\ISA\vikyrefwaqis.exe PRC - [2011.09.06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011.08.01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011.06.29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe PRC - [2011.06.27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.22 18:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.04.21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.04.13 17:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 15:14:19 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.14 15:14:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 15:13:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.14 15:13:56 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.05.10 12:31:05 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.05.09 15:30:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.09 15:29:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.09 15:29:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.09 15:29:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.09 15:29:08 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.09 15:29:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.07.08 21:33:51 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.06.29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe MOD - [2011.06.27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe MOD - [2011.06.27 19:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll MOD - [2011.06.24 23:32:36 | 000,323,136 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll MOD - [2011.06.24 23:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll MOD - [2011.04.22 18:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010.03.22 15:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll MOD - [2010.03.16 20:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll MOD - [2010.03.16 20:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll MOD - [2010.03.16 20:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll MOD - [2010.03.11 19:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll MOD - [2010.03.11 19:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll MOD - [2010.03.05 15:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll MOD - [2010.03.05 15:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012.07.28 19:15:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS) SRV - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.22 18:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.04.21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC) SRV - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2011.03.09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2011.03.09 00:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk) SRV - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.17 21:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.12.17 21:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2010.12.17 21:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.11.29 22:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.08.26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011.04.22 18:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.03.26 11:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.17 03:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2011.02.11 00:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.11 00:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.01.20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.22 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.12.17 19:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.15 19:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.12.13 19:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.12.12 16:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2010.12.01 12:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010.11.29 22:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 18:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.07.13 04:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt) DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AC68DAC8-FCB9-4B8C-94B6-E13D29284D15} IE:64bit: - HKLM\..\SearchScopes\{AC68DAC8-FCB9-4B8C-94B6-E13D29284D15}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{AC68DAC8-FCB9-4B8C-94B6-E13D29284D15}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com/newtab.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes,DefaultScope = {AC68DAC8-FCB9-4B8C-94B6-E13D29284D15} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..keyword.URL: "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=" FF - prefs.js..network.proxy.http: "190.0.57.98" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.06.28 10:09:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.28 19:15:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2012.04.24 19:31:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.28 19:15:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.24 19:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ISA\AppData\Roaming\mozilla\Extensions [2012.04.24 19:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ISA\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2012.08.06 19:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ISA\AppData\Roaming\mozilla\Firefox\Profiles\sj7qfd8a.default\extensions [2012.07.06 20:32:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ISA\AppData\Roaming\mozilla\Firefox\Profiles\sj7qfd8a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.06 19:47:19 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\ISA\AppData\Roaming\mozilla\Firefox\Profiles\sj7qfd8a.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.04.24 19:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ISA\AppData\Roaming\mozilla\Sunbird\Profiles\qywng9rb.default\extensions [2012.03.13 10:54:12 | 000,002,412 | ---- | M] () -- C:\Users\ISA\AppData\Roaming\Mozilla\Firefox\Profiles\sj7qfd8a.default\searchplugins\Linkury Smartbar Search.xml [2011.07.09 11:07:57 | 000,004,140 | ---- | M] () -- C:\Users\ISA\AppData\Roaming\Mozilla\Firefox\Profiles\sj7qfd8a.default\searchplugins\youtube.xml [2012.01.08 12:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.28 10:09:11 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE [2012.07.30 09:34:00 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJ7QFD8A.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.07.12 07:14:18 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJ7QFD8A.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI [2012.02.13 22:33:18 | 000,052,880 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJ7QFD8A.DEFAULT\EXTENSIONS\{A0FAA0A4-F1A7-4098-9A74-21EFC3A92372}.XPI [2012.07.28 15:14:08 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJ7QFD8A.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.28 19:15:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.20 11:47:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.20 11:47:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.20 11:47:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 11:47:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 11:47:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 11:47:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.24 21:05:31 | 000,001,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120627232251.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627232251.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [FreeFallProtection] .EXE File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found O4:64bit: - HKLM..\Run: [IntelTBRunOnce] CE.VBS" File not found O4:64bit: - HKLM..\Run: [IntelWireless] TEL WIRELESS TRAY File not found O4:64bit: - HKLM..\Run: [NVHotkey] VHOTKEY.DLL,START File not found O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] GUI64.EXE -S File not found O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4:64bit: - HKLM..\Run: [SynTPEnh] H.EXE File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKCU..\Run: [vikyrefwaqis] C:\Users\ISA\vikyrefwaqis.exe (IO-DATA) O4 - Startup: C:\Users\ISA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\ISA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ISA\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ISA\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F87BB31-88CC-452B-885B-2FC109F107BA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DAE6F3E-C63E-4E9B-B4F8-2DBCB00C0715}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.06 20:11:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ISA\Desktop\OTL.exe [2012.08.06 20:10:05 | 000,000,000 | ---D | C] -- C:\Users\ISA\Desktop\Virus [2012.08.06 19:47:25 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Roaming\QuickScan [2012.08.06 19:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.08.06 09:48:49 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{3A6AC9D6-AF9F-4C69-AB79-64C8C80F8CDD} [2012.08.06 09:48:27 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{82AE4253-216F-46DF-8B31-6A37A077F042} [2012.08.05 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{B85546C8-D5A8-4E57-BD5E-4F28D18F95E7} [2012.08.05 20:56:27 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{D24F9E3B-195A-41DF-8F16-9CC934B644D2} [2012.08.05 20:52:45 | 000,089,032 | ---- | C] (IO-DATA) -- C:\Users\ISA\vikyrefwaqis.exe [2012.08.03 07:47:14 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{0C0DC465-5F1C-40BF-8FDE-2037B5589ABD} [2012.08.03 07:46:52 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{88D07692-CF7C-4B21-A50F-3CF1737D6A38} [2012.08.02 08:15:12 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{19F4ACA8-C4B3-42DF-9865-9E78DCD2CA12} [2012.08.02 08:14:50 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{2E965939-70CF-4498-AC26-574C7DFA5C2F} [2012.08.01 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{31083329-2B1B-40CB-8931-CCB040942214} [2012.08.01 19:58:35 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{F6D98472-6AA5-40E2-9A66-16FA2735A1FF} [2012.07.31 10:11:59 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{6AA7555A-B63A-414D-853D-9FEF2FC9CF40} [2012.07.31 10:11:37 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{04BF41F8-F6AC-43FF-B00B-1E04EF5876EB} [2012.07.30 21:37:06 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{0152D5CA-4BFA-43D6-9A10-ED0C42C0A1CF} [2012.07.30 09:03:45 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{7E893A60-F8D8-4DFE-88C4-D806848EA336} [2012.07.30 09:03:23 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{04B98A8D-DFEB-4BCD-B2DA-8A73EAAB56A0} [2012.07.29 13:09:18 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{11B47EA1-6848-4C1C-B36E-B7C56849B620} [2012.07.29 13:08:57 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{D381C159-BAD2-4BEF-9125-52C35A9255E4} [2012.07.28 17:09:44 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{C94FB8A1-A65A-4CC4-AF29-E966164AE606} [2012.07.28 17:09:22 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{C58BF47E-6492-41BD-B0D2-E643ECF4574B} [2012.07.26 08:09:19 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{FFC434F1-EF92-4F12-9C4B-9CF644FE8D42} [2012.07.26 08:08:57 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{B8F8260D-EA23-421E-8E38-8A776EB1D7F4} [2012.07.22 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{CE7CB3EE-1FE9-48B0-8909-1B22005F71B8} [2012.07.20 20:10:42 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{D9DA90E4-E0C3-4ADC-B4DC-61B4DF26F156} [2012.07.20 20:10:20 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{4027515E-4148-452F-AC81-72A77B1CF952} [2012.07.16 21:31:54 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{C8B8A7CF-B3E1-4FD4-9E95-76BC58C41A12} [2012.07.16 07:22:11 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{4485AE86-FFDA-46AD-96DF-4F2670F66DB3} [2012.07.15 17:25:03 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{D6824661-8F8C-49AD-BF6A-DF25111B60D7} [2012.07.15 17:24:41 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{A1F683C5-DCB4-474E-B6E8-BC746546D313} [2012.07.14 12:28:39 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{A4BA2B3C-A469-4C5E-9C62-F8687EEF7778} [2012.07.14 12:28:16 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{2B5E30B8-CB5C-4198-BD66-05252A07F92C} [2012.07.12 20:22:57 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{AA5867C8-C7F7-4A57-ABE2-D89A0B9D533B} [2012.07.12 20:22:34 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{ED697FEF-D4CE-4215-A3D1-266A0BF11CFE} [2012.07.12 07:15:07 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{A8466A27-8D02-4DB1-A801-8C2D18823054} [2012.07.12 07:14:57 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{BE15D989-7FA5-4C1B-B55A-C21686ABE60F} [2012.07.09 20:26:03 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{66685F28-575F-4327-B306-FDFC0DF9FCDD} [2012.07.09 20:21:50 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{E5096E6C-E6FE-493F-B264-BCE9D56E3141} [2012.07.09 07:06:55 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{94EBEC66-0B2B-4809-AA16-46E4ED8628AD} [2012.07.09 07:06:29 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{526AA00E-3EC6-415C-A083-60701DD14BD2} [2012.07.08 12:27:28 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{7546DC9C-C1C6-4A54-A9FF-A8A1E0510954} [2012.07.08 12:27:18 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{FC567004-9645-4AF2-9E08-E38AE583600C} ========== Files - Modified Within 30 Days ========== [2012.08.06 20:15:02 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.06 20:11:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ISA\Desktop\OTL.exe [2012.08.06 20:07:14 | 000,000,000 | ---- | M] () -- C:\Users\ISA\defogger_reenable [2012.08.06 19:26:39 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.06 19:26:39 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.06 19:26:08 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.08.06 19:17:53 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.06 19:17:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.06 17:46:15 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys [2012.08.05 20:52:23 | 000,089,032 | ---- | M] (IO-DATA) -- C:\Users\ISA\vikyrefwaqis.exe [2012.08.01 21:26:40 | 000,873,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.01 21:26:40 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.01 21:26:40 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.01 21:26:40 | 000,027,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.01 21:26:40 | 000,014,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.28 15:12:04 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.07.12 20:19:31 | 004,906,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.06 20:07:14 | 000,000,000 | ---- | C] () -- C:\Users\ISA\defogger_reenable [2012.02.13 22:53:00 | 000,005,120 | ---- | C] () -- C:\Users\ISA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.14 23:15:26 | 000,000,432 | ---- | C] () -- C:\Users\ISA\AppData\Local\HamsterVideoConverterSettings.cfg [2012.01.11 10:30:54 | 000,002,048 | -HS- | C] () -- C:\Users\ISA\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@ [2012.01.07 16:46:07 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.12.07 09:45:18 | 000,000,000 | ---- | C] () -- C:\Users\ISA\AppData\Local\{E116000C-D61F-46F9-9BA6-706FB96C5238} [2011.12.06 09:41:35 | 000,000,000 | ---- | C] () -- C:\Users\ISA\AppData\Local\{78BE8200-1169-4EC1-BDEA-5EAC5949D064} [2011.12.02 12:14:37 | 000,000,000 | ---- | C] () -- C:\Users\ISA\AppData\Local\{944CD8C5-CF01-4934-A193-787DF9A85C4B} [2011.08.12 17:20:35 | 000,000,437 | ---- | C] () -- C:\Users\ISA\.jhh [2011.07.05 19:57:07 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.07.05 19:56:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.05 19:56:22 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.05 19:56:21 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.02.11 12:22:50 | 000,851,782 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012.03.06 20:53:28 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Canneverbe Limited [2012.07.07 17:59:47 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Canon [2011.10.04 18:18:10 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.07.06 20:34:31 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\DVDVideoSoft [2012.07.06 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.07 18:46:42 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\elsterformular [2011.07.08 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Fingertapps [2012.03.20 20:38:38 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Foxit Software [2011.12.12 22:48:55 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\FreePDF [2012.03.06 20:53:13 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\OpenCandy [2011.07.08 21:34:36 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\OpenOffice.org [2011.10.04 07:27:53 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\PACE Anti-Piracy [2011.07.16 17:43:27 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\PCDr [2012.08.06 19:47:29 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\QuickScan [2011.08.31 17:14:50 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.07.14 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Windows Live Writer [2012.07.28 15:12:04 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.06.19 17:52:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.06 19:26:08 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report > OTL Extras Code:
ATTFilter OTL Extras logfile created on: 06.08.2012 20:13:28 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\ISA\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,92 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,12% Memory free
7,83 Gb Paging File | 5,66 Gb Available in Paging File | 72,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 187,72 Gb Free Space | 42,08% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: ISA-PC | User Name: ISA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EFABC5-C7FB-4298-BEF2-1480FEA7249B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{08B8DF42-A076-4509-9377-C7E90B7E9165}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1A66A951-B0C7-41B5-AD15-CCAE7CFF7E23}" = rport=137 | protocol=17 | dir=out | app=system |
"{21DB8717-5C9F-4D32-84E1-37CA6CBFC156}" = lport=139 | protocol=6 | dir=in | app=system |
"{23173314-3763-4E20-8601-8B56049A40F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BBAAE1B-8F19-4DAC-8B3D-1DE1A902C38C}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D349972-304C-4354-9D2C-F743C59FDD19}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3CA59F9A-2068-4796-83C8-43D7CD5E1A9C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{431FF899-A67C-48C2-B393-F11CB92FDB22}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4F57AAEE-DECE-413A-9817-885CC90DA4D1}" = lport=138 | protocol=17 | dir=in | app=system |
"{4FEE3D87-60F8-44C8-A3C2-D1000AB0CCDF}" = rport=138 | protocol=17 | dir=out | app=system |
"{53D01BBB-C918-46EC-811B-0FF14F0814DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{663CBDFE-F086-477D-B03C-556D376E64C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{69A0C399-D239-45FE-B121-C5F386AD8F2E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F2A6FF9-17E2-4502-9AEC-3853F6801A9F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86300090-2DD0-4311-9E56-D360AA25EBDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DDF4545-566D-4D68-81E6-D1F77697D0B5}" = lport=137 | protocol=17 | dir=in | app=system |
"{9BA7CAD6-EE6D-4F74-857A-1A6C3612B2C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6511FA8-0432-459B-93BC-FBD44AA941D1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB2D187C-3584-440D-AF63-75B50C928432}" = rport=445 | protocol=6 | dir=out | app=system |
"{BCC16C0D-4769-4595-B2DA-C1A57CA8C9C5}" = lport=445 | protocol=6 | dir=in | app=system |
"{BE8EF3AB-4A36-4EC3-A8EA-1129272FBE0D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C36B8121-BD65-4254-842E-BFC8DEE32E60}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1D5B016-5C61-4C07-B618-7073B3D57A94}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA87587D-4DD1-42D5-8909-B5F5D5583391}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EAE2DF48-6958-4F42-99F2-35FFB3876635}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038BE921-1B24-428A-B555-2954A0E859D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{09CF3EE5-7D3A-4C47-A1E9-6761FA375FA3}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{0C7E488D-9416-47C9-B019-F53D172ECF4E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{22112B24-5AFF-42EC-9DAD-386F2B2FFAD1}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{2252256A-C43A-4AF6-8482-1071B32F532D}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{39A25F7E-E435-4E0B-B60C-071B3556DCAB}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{3A116126-1FC2-4209-9DF2-42EBD2A1DF13}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D17B5C2-63D3-4949-8100-CC198185EE2C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3F48D69D-64F6-4908-B07B-E72EB4E1710C}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{42E01806-6732-40F1-9703-901F9ABA254B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{432A5ED8-EC7E-4F83-8B3A-F5858AEFCD61}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{462ED92F-0F89-4BE0-B8EB-4F7C1985C8CA}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{4A3B8C06-547D-4954-A99F-3C2962AEB163}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5904C7DC-1003-4D78-B640-55C2719F071A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{615923B7-F985-4055-816C-52117F8F6E99}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{63C1FAE1-6E4F-4D82-A90A-375B2E27B7D1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{71706B98-B32E-47C7-87A4-980C5B5E18C2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{74FA8151-894D-42D1-AE2F-0BBFE56BCDFB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{78638671-E51C-41AC-872A-B5BF5C789B64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88556F2E-B68B-4D54-B4B0-6FB152AED289}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{9017A938-77F5-4219-9CFA-AA8CD5FE3BC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9537AD54-5B24-4C65-B898-DE50DF5BD3D6}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{95571682-3758-4BDB-8B2C-1D459105F466}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{97F02225-63D7-407C-9F3A-002A492E9E8B}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{A62B6215-1F90-4A90-9584-6619D77735A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6F0ADA5-1B63-41E7-9E79-C0FF3FF8C3B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ABA50151-6D21-49A4-8DF3-CCED8FA1E228}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B082F897-D07E-4EC3-B876-EF14F5CE34B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B35795FD-2FE9-42FA-8D2A-EB31305290B1}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{B376955F-6F0F-40D2-A1BB-9A785E3911CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7F0CB16-84A8-42BB-BC20-FA5CA12E2AD9}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{BDD3F1B5-3B2D-446B-B331-C7BC3F855CBF}" = protocol=6 | dir=out | app=system |
"{BF99E519-174E-4246-9823-17FDE04A0D5E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{C9A0137E-FEA6-4F31-8377-D82CC84E9097}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D00DC276-9DD5-4F82-8155-8111817DE7A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D365B267-C617-47EF-8C60-189C33E73A0C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DB02A7E0-A812-416D-AA11-9CF5698686A9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{E81DE237-094E-427C-94C6-2FFF13113B75}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E9B70E43-0C6C-4517-AC33-1D225CFF5188}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0593297-7BCA-47AC-A4AA-2EAC8BF59E81}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{F3ADCEEF-1774-4651-B9A6-3469641C3A89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8DF49BA-272D-4D6A-ABDE-583C3086754C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{07179D37-D5FE-4373-90D9-A25B992EFB3E}" = WD SmartWare
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}" = Microsoft Image Composite Editor
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}" = Dell MusicStage
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56A0DD94-47D9-4AC8-B5A1-8A8CA77C4B89}" = Dell Stage
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9353F6E9-13B7-43B4-8FA5-CB46CA22671B}" = Haufe Formular-Manager
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Webcam Central" = Dell Webcam Central
"dm-Fotowelt" = dm-Fotowelt
"DVDStyler_is1" = DVDStyler v2.1
"ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular-Update
"Foxit Reader_is1" = Foxit Reader 5.0
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 5.0.4.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.25.627
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"Hugin" = Hugin 2011.0.0
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"jHaushalt" = jHaushalt
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSC" = McAfee SecurityCenter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.07.2012 01:07:59 | Computer Name = ISA-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.07.2012 11:51:19 | Computer Name = ISA-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.07.2012 14:19:46 | Computer Name = ISA-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.07.2012 16:44:29 | Computer Name = ISA-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.07.2012 11:21:22 | Computer Name = ISA-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.07.2012 06:13:37 | Computer Name = ISA-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.07.2012 13:12:03 | Computer Name = ISA-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.07.2012 15:37:10 | Computer Name = ISA-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.07.2012 04:29:05 | Computer Name = ISA-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.07.2012 11:22:28 | Computer Name = ISA-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.08.2012 09:59:52 | Computer Name = ISA-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 03.08.2012 10:00:22 | Computer Name = ISA-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 05.08.2012 14:27:35 | Computer Name = ISA-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 05.08.2012 14:27:36 | Computer Name = ISA-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
WD File Management Shadow Engine erreicht.
Error - 05.08.2012 14:27:36 | Computer Name = ISA-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WD File Management Shadow Engine" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 05.08.2012 15:00:22 | Computer Name = ISA-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 06.08.2012 03:46:32 | Computer Name = ISA-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 06.08.2012 03:47:03 | Computer Name = ISA-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 06.08.2012 11:47:07 | Computer Name = ISA-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 06.08.2012 11:47:37 | Computer Name = ISA-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
|
|
11.08.2012, 22:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ist vikyrefwaqis.exe ein Virus? Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
13.08.2012, 00:13
| #3 |
| | Ist vikyrefwaqis.exe ein Virus? Danke für die Antwort, ich habe soweit alle Scans durchgeführt.
__________________Bis ich dazu gekommen bin Malwarebytes und ESET herunter zu laden, hat mein Antivirenprogramm bereits einige Dateien als Trojaner erkannt und gelöscht. Leider finde ich kein Log-File um es hier zu posten. Hier was unter Verlauf und Protokolle bei McAfee steht. Entdeckungsname Generic.dx!bfh4 (Trojaner) Datei: C:\Users\ISA\AppData\Local\Temp\msimg32.dll Prozess C:\Program Files (x86) Malwarbytes Entdeckungsname Generic.dx!bfh4 (Trojaner) Datei: C:\Users\ISA\AppData\Local\Temp\1551866.exe Prozess C:\Program Files (x86) Malwarbytes Entdeckungsname PWS-Zbot.gen.ajf(Trojaner) Datei: C:\Users\ISA\AppData\Local\Temp\1547654.exe Prozess C:\Program Files (x86) Malwarbytes\mbam.exe Entdeckungsname PWS-Zbot.gen.ajf(Trojaner) Datei: C:\Users\ISA\VIKYREFWAQIS.exe Prozess C:\Program Files (x86) Malwarbytes\mbam.exe Entdeckungsname: ZeroAccess.cj (Trojaner) Datei: C:\Users\ISA\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\n Prozess C:\Users\ISA\AppData\Local\Temp\1551866.exe Der letzte Eintrag ist der älteste (05.08.) Und hier jetzt noch die Log Dateien Malwarbytes habe ich neu installiert, es gibt keine alten Logs Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.12.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ISA :: ISA-PC [Administrator] 12.08.2012 19:35:51 mbam-log-2012-08-12 (19-35-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 454689 Laufzeit: 2 Stunde(n), 23 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\ISA\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\ISA\Downloads\SoftonicDownloader_fuer_hamster-free-video-converter.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\regedit.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=058b9e4fe96333408233709df1f680ae
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-12 10:17:09
# local_time=2012-08-13 12:17:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 5390343 10028027 0 0
# compatibility_mode=5893 16776573 100 94 9630 96432381 0 0
# compatibility_mode=8192 67108863 100 0 222 222 0 0
# scanned=255632
# found=0
# cleaned=0
# scan_time=7297
 |
|
13.08.2012, 17:02
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist vikyrefwaqis.exe ein Virus?Code:
ATTFilter C:\Users\ISA\Downloads\SoftonicDownloader_fuer_hamster-free-
 Finger weg von Softonic!!  Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.08.2012, 17:36
| #5 |
| | Ist vikyrefwaqis.exe ein Virus? Ich habe ADWCleaner heruntergeladen und laufen lassen, hier das Ergebnis: Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/13/2012 at 18:32:23
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ISA - ISA-PC
# Running from : C:\Users\ISA\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\ISA\AppData\Local\Linkury
Folder Found : C:\Users\ISA\AppData\Local\Smartbar
Folder Found : C:\Users\ISA\AppData\Local\TempDir
Folder Found : C:\Users\ISA\AppData\Roaming\OpenCandy
File Found : C:\Users\ISA\AppData\Roaming\Mozilla\Firefox\Profiles\sj7qfd8a.default\searchplugins\Linkury Smartbar Search.xml
File Found : C:\Users\Public\Desktop\eBay.lnk
***** [Registry] *****
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO
Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm
Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO
[x64] Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
[x64] Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm
[x64] Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
[x64] Key Found : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
[x64] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.linkury.com/newtab.html
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\ISA\AppData\Roaming\Mozilla\Firefox\Profiles\sj7qfd8a.default\prefs.js
Found : user_pref("keyword.URL", "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-789012693097799[...]
*************************
AdwCleaner[R1].txt - [4542 octets] - [13/08/2012 18:32:23]
########## EOF - C:\AdwCleaner[R1].txt - [4670 octets] ##########
|
|
14.08.2012, 16:21
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist vikyrefwaqis.exe ein Virus? adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ --> Ist vikyrefwaqis.exe ein Virus? |
|
14.08.2012, 18:34
| #7 |
| | Ist vikyrefwaqis.exe ein Virus? hier die Logdatei von adwCleaner nach dem Löschen. Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/14/2012 at 19:28:05
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ISA - ISA-PC
# Running from : C:\Users\ISA\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\ISA\AppData\Local\Linkury
Folder Deleted : C:\Users\ISA\AppData\Local\Smartbar
Folder Deleted : C:\Users\ISA\AppData\Local\TempDir
Folder Deleted : C:\Users\ISA\AppData\Roaming\OpenCandy
File Deleted : C:\Users\ISA\AppData\Roaming\Mozilla\Firefox\Profiles\sj7qfd8a.default\searchplugins\Linkury Smartbar Search.xml
File Deleted : C:\Users\Public\Desktop\eBay.lnk
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
[x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.linkury.com/newtab.html --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\ISA\AppData\Roaming\Mozilla\Firefox\Profiles\sj7qfd8a.default\prefs.js
Deleted : user_pref("keyword.URL", "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-789012693097799[...]
*************************
AdwCleaner[R1].txt - [4639 octets] - [13/08/2012 18:32:23]
AdwCleaner[S1].txt - [4190 octets] - [14/08/2012 19:28:05]
########## EOF - C:\AdwCleaner[S1].txt - [4318 octets] ##########
|
|
15.08.2012, 13:35
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist vikyrefwaqis.exe ein Virus? Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2012, 18:06
| #9 |
| | Ist vikyrefwaqis.exe ein Virus? Hallo, im Moment funktioniert wieder alles normal. Auch die Meldung, dass vikyrefwaqis.exe Zugriff erhalten möchte kommt nicht mehr. Ich habe den PC allerdings die letzten Tage möglichst wenig genutzt, weil ich nicht wusste was noch sicher ist. Im Startmenü vermisse ich nichts. Und es gibt auch keine leeren Ordner. |
|
16.08.2012, 08:27
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist vikyrefwaqis.exe ein Virus? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 12:13
| #11 |
| | Ist vikyrefwaqis.exe ein Virus? Habe OTL laufen lassen wie beschrieben, hier das Log File OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.08.2012 10:40:58 - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\ISA\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 68,39% Memory free 7,83 Gb Paging File | 5,72 Gb Available in Paging File | 73,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 188,51 Gb Free Space | 42,25% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: ISA-PC | User Name: ISA | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.16 10:37:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ISA\Desktop\OTL.exe PRC - [2011.09.06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011.08.01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011.06.29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe PRC - [2011.06.27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.22 18:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.04.21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.04.13 17:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 15:14:19 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.14 15:14:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 15:13:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.14 15:13:56 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.05.10 12:31:05 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.05.09 15:30:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.09 15:29:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.09 15:29:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.09 15:29:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.09 15:29:08 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.09 15:29:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.07.08 21:33:51 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.06.29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe MOD - [2011.06.27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe MOD - [2011.06.27 19:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll MOD - [2011.06.24 23:32:36 | 000,323,136 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll MOD - [2011.06.24 23:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll MOD - [2011.04.22 18:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010.03.22 15:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll MOD - [2010.03.16 20:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll MOD - [2010.03.16 20:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll MOD - [2010.03.16 20:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll MOD - [2010.03.11 19:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll MOD - [2010.03.11 19:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll MOD - [2010.03.05 15:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll MOD - [2010.03.05 15:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.28 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012.07.28 19:15:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS) SRV - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.22 18:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.04.21 19:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC) SRV - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2011.03.09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2011.03.09 00:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk) SRV - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.17 21:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.12.17 21:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2010.12.17 21:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.11.29 22:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.08.26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011.04.22 18:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.03.26 11:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.17 03:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2011.02.11 00:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.11 00:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.01.20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.22 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.12.17 19:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.15 19:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.12.13 19:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.12.12 16:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2010.12.01 12:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010.11.29 22:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 18:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.07.13 04:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt) DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AC68DAC8-FCB9-4B8C-94B6-E13D29284D15} IE:64bit: - HKLM\..\SearchScopes\{AC68DAC8-FCB9-4B8C-94B6-E13D29284D15}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{AC68DAC8-FCB9-4B8C-94B6-E13D29284D15}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1000\..\SearchScopes,DefaultScope = {AC68DAC8-FCB9-4B8C-94B6-E13D29284D15} IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1001\..\SearchScopes,DefaultScope = {AC68DAC8-FCB9-4B8C-94B6-E13D29284D15} IE - HKU\S-1-5-21-2335145282-199040909-2254114756-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..network.proxy.http: "190.0.57.98" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.06.28 10:09:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.28 19:15:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2012.04.24 19:31:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.28 19:15:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.24 19:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ISA\AppData\Roaming\mozilla\Extensions [2012.04.24 19:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ISA\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2012.08.15 19:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ISA\AppData\Roaming\mozilla\Firefox\Profiles\sj7qfd8a.default\extensions [2012.07.06 20:32:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ISA\AppData\Roaming\mozilla\Firefox\Profiles\sj7qfd8a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.06 19:47:19 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\ISA\AppData\Roaming\mozilla\Firefox\Profiles\sj7qfd8a.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.08.15 19:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ISA\AppData\Roaming\mozilla\Firefox\Profiles\sj7qfd8a.default\extensions\staged [2012.04.24 19:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ISA\AppData\Roaming\mozilla\Sunbird\Profiles\qywng9rb.default\extensions [2011.07.09 11:07:57 | 000,004,140 | ---- | M] () -- C:\Users\ISA\AppData\Roaming\Mozilla\Firefox\Profiles\sj7qfd8a.default\searchplugins\youtube.xml [2012.01.08 12:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.28 10:09:11 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE [2012.07.30 09:34:00 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJ7QFD8A.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.08.14 19:26:25 | 000,061,403 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJ7QFD8A.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI [2012.02.13 22:33:18 | 000,052,880 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJ7QFD8A.DEFAULT\EXTENSIONS\{A0FAA0A4-F1A7-4098-9A74-21EFC3A92372}.XPI [2012.07.28 15:14:08 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJ7QFD8A.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.28 19:15:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.20 11:47:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.20 11:47:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.20 11:47:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 11:47:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 11:47:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 11:47:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.24 21:05:31 | 000,001,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20120627232251.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627232251.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" File not found O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [FreeFallProtection] .EXE File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found O4:64bit: - HKLM..\Run: [IntelTBRunOnce] CE.VBS" File not found O4:64bit: - HKLM..\Run: [IntelWireless] TEL WIRELESS TRAY File not found O4:64bit: - HKLM..\Run: [NVHotkey] VHOTKEY.DLL,START File not found O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] GUI64.EXE -S File not found O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4:64bit: - HKLM..\Run: [SynTPEnh] H.EXE File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2335145282-199040909-2254114756-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2335145282-199040909-2254114756-1001..\Run: [vikyrefwaqis] C:\Users\ISA\vikyrefwaqis.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2335145282-199040909-2254114756-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\ISA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\ISA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ISA\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ISA\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F87BB31-88CC-452B-885B-2FC109F107BA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DAE6F3E-C63E-4E9B-B4F8-2DBCB00C0715}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Reg Error: Key error. ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.16 10:37:29 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\ISA\Desktop\OTL.exe [2012.08.15 18:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.08.12 22:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.08.12 22:11:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\ISA\Desktop\esetsmartinstaller_enu.exe [2012.08.12 19:33:59 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Roaming\Malwarebytes [2012.08.12 19:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.12 19:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.12 19:33:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.12 19:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.06 20:10:05 | 000,000,000 | ---D | C] -- C:\Users\ISA\Desktop\Virus [2012.08.06 19:47:25 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Roaming\QuickScan [2012.08.06 09:48:49 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{3A6AC9D6-AF9F-4C69-AB79-64C8C80F8CDD} [2012.08.06 09:48:27 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{82AE4253-216F-46DF-8B31-6A37A077F042} [2012.08.05 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{B85546C8-D5A8-4E57-BD5E-4F28D18F95E7} [2012.08.05 20:56:27 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{D24F9E3B-195A-41DF-8F16-9CC934B644D2} [2012.08.03 07:47:14 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{0C0DC465-5F1C-40BF-8FDE-2037B5589ABD} [2012.08.03 07:46:52 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{88D07692-CF7C-4B21-A50F-3CF1737D6A38} [2012.08.02 08:15:12 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{19F4ACA8-C4B3-42DF-9865-9E78DCD2CA12} [2012.08.02 08:14:50 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{2E965939-70CF-4498-AC26-574C7DFA5C2F} [2012.08.01 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{31083329-2B1B-40CB-8931-CCB040942214} [2012.08.01 19:58:35 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{F6D98472-6AA5-40E2-9A66-16FA2735A1FF} [2012.07.31 10:11:59 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{6AA7555A-B63A-414D-853D-9FEF2FC9CF40} [2012.07.31 10:11:37 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{04BF41F8-F6AC-43FF-B00B-1E04EF5876EB} [2012.07.30 21:37:06 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{0152D5CA-4BFA-43D6-9A10-ED0C42C0A1CF} [2012.07.30 09:03:45 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{7E893A60-F8D8-4DFE-88C4-D806848EA336} [2012.07.30 09:03:23 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{04B98A8D-DFEB-4BCD-B2DA-8A73EAAB56A0} [2012.07.29 13:09:18 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{11B47EA1-6848-4C1C-B36E-B7C56849B620} [2012.07.29 13:08:57 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{D381C159-BAD2-4BEF-9125-52C35A9255E4} [2012.07.28 17:09:44 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{C94FB8A1-A65A-4CC4-AF29-E966164AE606} [2012.07.28 17:09:22 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{C58BF47E-6492-41BD-B0D2-E643ECF4574B} [2012.07.26 08:09:19 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{FFC434F1-EF92-4F12-9C4B-9CF644FE8D42} [2012.07.26 08:08:57 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{B8F8260D-EA23-421E-8E38-8A776EB1D7F4} [2012.07.22 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{CE7CB3EE-1FE9-48B0-8909-1B22005F71B8} [2012.07.20 20:10:42 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{D9DA90E4-E0C3-4ADC-B4DC-61B4DF26F156} [2012.07.20 20:10:20 | 000,000,000 | ---D | C] -- C:\Users\ISA\AppData\Local\{4027515E-4148-452F-AC81-72A77B1CF952} ========== Files - Modified Within 30 Days ========== [2012.08.16 10:50:18 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.08.16 10:37:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ISA\Desktop\OTL.exe [2012.08.16 10:31:08 | 000,873,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.16 10:31:08 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.16 10:31:08 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.16 10:31:08 | 000,027,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.16 10:31:08 | 000,014,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.16 10:29:11 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.16 10:29:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.15 19:15:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.15 19:00:26 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 19:00:26 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 18:52:11 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys [2012.08.13 18:21:52 | 000,614,903 | ---- | M] () -- C:\Users\ISA\Desktop\adwcleaner.exe [2012.08.13 00:34:05 | 000,097,283 | ---- | M] () -- C:\Users\ISA\Desktop\misp .pdf [2012.08.12 22:11:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\ISA\Desktop\esetsmartinstaller_enu.exe [2012.08.12 19:33:31 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.06 20:39:02 | 000,302,592 | ---- | M] () -- C:\Users\ISA\Desktop\x77l32zt.exe [2012.08.06 20:07:14 | 000,000,000 | ---- | M] () -- C:\Users\ISA\defogger_reenable [2012.07.28 15:12:04 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job ========== Files Created - No Company Name ========== [2012.08.13 18:21:57 | 000,614,903 | ---- | C] () -- C:\Users\ISA\Desktop\adwcleaner.exe [2012.08.13 00:34:05 | 000,097,283 | ---- | C] () -- C:\Users\ISA\Desktop\misp .pdf [2012.08.12 19:33:31 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.06 20:39:02 | 000,302,592 | ---- | C] () -- C:\Users\ISA\Desktop\x77l32zt.exe [2012.08.06 20:07:14 | 000,000,000 | ---- | C] () -- C:\Users\ISA\defogger_reenable [2012.02.22 21:08:44 | 000,001,456 | ---- | C] () -- C:\Users\ISA\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.02.13 22:53:00 | 000,005,120 | ---- | C] () -- C:\Users\ISA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.14 23:15:26 | 000,000,432 | ---- | C] () -- C:\Users\ISA\AppData\Local\HamsterVideoConverterSettings.cfg [2012.01.11 10:30:54 | 000,002,048 | -HS- | C] () -- C:\Users\ISA\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@ [2012.01.07 16:46:07 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.12.07 09:45:18 | 000,000,000 | ---- | C] () -- C:\Users\ISA\AppData\Local\{E116000C-D61F-46F9-9BA6-706FB96C5238} [2011.12.06 09:41:35 | 000,000,000 | ---- | C] () -- C:\Users\ISA\AppData\Local\{78BE8200-1169-4EC1-BDEA-5EAC5949D064} [2011.12.02 12:14:37 | 000,000,000 | ---- | C] () -- C:\Users\ISA\AppData\Local\{944CD8C5-CF01-4934-A193-787DF9A85C4B} [2011.11.07 18:37:46 | 000,010,391 | ---- | C] () -- C:\Users\ISA\Isabel_elster_2048.pfx [2011.08.12 17:20:35 | 000,000,437 | ---- | C] () -- C:\Users\ISA\.jhh [2011.07.05 19:57:07 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.07.05 19:56:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.05 19:56:22 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.05 19:56:21 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.02.11 12:22:50 | 000,851,782 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012.03.06 20:53:28 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Canneverbe Limited [2012.07.07 17:59:47 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Canon [2011.10.04 18:18:10 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.07.06 20:34:31 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\DVDVideoSoft [2012.07.06 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.07 18:46:42 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\elsterformular [2011.07.08 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Fingertapps [2012.03.20 20:38:38 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Foxit Software [2011.12.12 22:48:55 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\FreePDF [2011.07.08 21:34:36 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\OpenOffice.org [2011.10.04 07:27:53 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\PACE Anti-Piracy [2011.07.16 17:43:27 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\PCDr [2012.08.13 21:16:12 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\QuickScan [2011.08.31 17:14:50 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.07.14 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Windows Live Writer [2012.07.28 15:12:04 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.06.19 17:52:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.16 10:50:18 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.13 21:50:29 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Adobe [2011.12.03 15:03:44 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Apple Computer [2012.03.06 20:53:28 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Canneverbe Limited [2012.07.07 17:59:47 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Canon [2011.10.04 18:18:10 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.07.08 19:44:18 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Creative [2011.07.08 19:44:17 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Dell [2011.07.08 19:44:17 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Dell Touch Zone [2012.07.06 20:34:31 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\DVDVideoSoft [2012.07.06 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.07 18:46:42 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\elsterformular [2011.07.08 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Fingertapps [2012.03.20 20:38:38 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Foxit Software [2011.12.12 22:48:55 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\FreePDF [2011.07.08 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Identities [2011.07.08 19:00:35 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Intel [2011.07.08 19:50:36 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Macromedia [2011.10.16 18:14:26 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Macrovision [2012.08.12 19:33:59 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Malwarebytes [2010.11.21 09:00:23 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Media Center Programs [2012.06.20 11:53:58 | 000,000,000 | --SD | M] -- C:\Users\ISA\AppData\Roaming\Microsoft [2012.04.24 19:32:07 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Mozilla [2011.10.04 07:27:51 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\NVIDIA [2011.07.08 21:34:36 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\OpenOffice.org [2011.10.04 07:27:53 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\PACE Anti-Piracy [2011.07.16 17:43:27 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\PCDr [2012.08.13 21:16:12 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\QuickScan [2012.02.21 19:23:07 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Roxio [2011.10.16 18:43:13 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Roxio Burn [2012.02.21 19:20:48 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Sonic [2011.08.31 17:14:50 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.10.16 20:09:49 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\vlc [2011.07.14 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\ISA\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > [2012.05.22 17:53:06 | 009,823,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\ISA\AppData\Roaming\elsterformular\pluginmanager\tmp\install_est11.exe [2012.05.22 17:25:42 | 012,522,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\ISA\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8623.exe [2011.11.07 18:43:55 | 006,489,448 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\ISA\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814p.exe [2011.07.24 21:18:55 | 000,038,784 | ---- | M] () -- C:\Users\ISA\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.09.13 18:33:56 | 000,043,385 | R--- | M] () -- C:\Users\ISA\AppData\Roaming\Microsoft\Installer\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}\_0CE5D65C672A59FCFADCFA.exe [2011.09.13 18:33:56 | 000,043,385 | R--- | M] () -- C:\Users\ISA\AppData\Roaming\Microsoft\Installer\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}\_112D608FD02CD87FDC7735.exe [2011.09.13 18:33:56 | 000,032,579 | R--- | M] () -- C:\Users\ISA\AppData\Roaming\Microsoft\Installer\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}\_853F67D554F05449430E7E.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Drivers\Chipset_IRST\f6flpy-x64\iaStor.sys [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
16.08.2012, 13:44
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist vikyrefwaqis.exe ein Virus? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [SynTPEnh] H.EXE File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2335145282-199040909-2254114756-1001..\Run: [vikyrefwaqis] C:\Users\ISA\vikyrefwaqis.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2335145282-199040909-2254114756-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2012, 11:24
| #13 |
| | Ist vikyrefwaqis.exe ein Virus? Hallo, Danke für deine Hilfe und dass du dir bei dem schönen Wetter so viel Zeit nimmst...  Hier die Log-Datei Code:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SynTPEnh deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2335145282-199040909-2254114756-1001\Software\Microsoft\Windows\CurrentVersion\Run\\vikyrefwaqis deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2335145282-199040909-2254114756-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ISA
->Temp folder emptied: 1349523260 bytes
->Temporary Internet Files folder emptied: 287903199 bytes
->Java cache emptied: 5698789 bytes
->FireFox cache emptied: 543794440 bytes
->Flash cache emptied: 655473 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3852680397 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 25588422974 bytes
Total Files Cleaned = 30.164,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: ISA
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.57.0 log created on 08182012_121040
Files\Folders moved on Reboot...
C:\Users\ISA\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\etilqs_DFSoEaK4mw0f5NCyVM46 not found!
File\Folder C:\Windows\temp\etilqs_PmM07MaccYDKrTofy1zm not found!
File\Folder C:\Windows\temp\etilqs_Qw3d0G44fvhjOQuFgDKf not found!
File\Folder C:\Windows\temp\etilqs_zDesNxD5UeTKiCjqrmGd not found!
PendingFileRenameOperations files...
File C:\Users\ISA\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\etilqs_DFSoEaK4mw0f5NCyVM46 not found!
File C:\Windows\temp\etilqs_PmM07MaccYDKrTofy1zm not found!
File C:\Windows\temp\etilqs_Qw3d0G44fvhjOQuFgDKf not found!
File C:\Windows\temp\etilqs_zDesNxD5UeTKiCjqrmGd not found!
Registry entries deleted on Reboot...
|
|
18.08.2012, 13:52
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist vikyrefwaqis.exe ein Virus?Zitat:
  Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.08.2012, 16:09
| #15 |
| | Ist vikyrefwaqis.exe ein Virus? Ja dann Prost... Code:
ATTFilter 17:04:41.0050 7932 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
17:04:41.0237 7932 ============================================================
17:04:41.0237 7932 Current date / time: 2012/08/18 17:04:41.0237
17:04:41.0237 7932 SystemInfo:
17:04:41.0237 7932
17:04:41.0237 7932 OS Version: 6.1.7601 ServicePack: 1.0
17:04:41.0237 7932 Product type: Workstation
17:04:41.0237 7932 ComputerName: ISA-PC
17:04:41.0237 7932 UserName: ISA
17:04:41.0237 7932 Windows directory: C:\Windows
17:04:41.0237 7932 System windows directory: C:\Windows
17:04:41.0237 7932 Running under WOW64
17:04:41.0237 7932 Processor architecture: Intel x64
17:04:41.0237 7932 Number of processors: 4
17:04:41.0237 7932 Page size: 0x1000
17:04:41.0237 7932 Boot type: Normal boot
17:04:41.0237 7932 ============================================================
17:04:41.0605 7932 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:04:41.0605 7932 ============================================================
17:04:41.0605 7932 \Device\Harddisk0\DR0:
17:04:41.0605 7932 MBR partitions:
17:04:41.0605 7932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
17:04:41.0605 7932 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830
17:04:41.0605 7932 ============================================================
17:04:41.0637 7932 C: <-> \Device\Harddisk0\DR0\Partition2
17:04:41.0637 7932 ============================================================
17:04:41.0637 7932 Initialize success
17:04:41.0637 7932 ============================================================
17:04:56.0307 6744 ============================================================
17:04:56.0307 6744 Scan started
17:04:56.0307 6744 Mode: Manual; SigCheck; TDLFS;
17:04:56.0307 6744 ============================================================
17:04:56.0946 6744 ================ Scan services =============================
17:04:57.0336 6744 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:04:57.0656 6744 1394ohci - ok
17:04:57.0682 6744 [ e0065cbf1a25c015c218457d2cd522b9 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
17:04:57.0720 6744 Acceler - ok
17:04:57.0748 6744 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:04:57.0764 6744 ACPI - ok
17:04:57.0774 6744 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:04:57.0914 6744 AcpiPmi - ok
17:04:58.0008 6744 [ 11a52cf7b265631deeb24c6149309eff ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:04:58.0023 6744 AdobeARMservice - ok
17:04:58.0055 6744 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:04:58.0101 6744 adp94xx - ok
17:04:58.0148 6744 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:04:58.0195 6744 adpahci - ok
17:04:58.0195 6744 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:04:58.0211 6744 adpu320 - ok
17:04:58.0226 6744 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:04:58.0429 6744 AeLookupSvc - ok
17:04:58.0476 6744 [ d1e343bc00136ce03c4d403194d06a80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
17:04:58.0507 6744 AERTFilters - ok
17:04:58.0566 6744 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:04:58.0661 6744 AFD - ok
17:04:58.0675 6744 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:04:58.0685 6744 agp440 - ok
17:04:58.0702 6744 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
17:04:58.0757 6744 ALG - ok
17:04:58.0771 6744 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:04:58.0780 6744 aliide - ok
17:04:58.0783 6744 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
17:04:58.0793 6744 amdide - ok
17:04:58.0810 6744 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:04:58.0826 6744 AmdK8 - ok
17:04:58.0841 6744 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:04:58.0857 6744 AmdPPM - ok
17:04:58.0873 6744 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:04:58.0888 6744 amdsata - ok
17:04:58.0904 6744 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:04:58.0919 6744 amdsbs - ok
17:04:58.0935 6744 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:04:58.0951 6744 amdxata - ok
17:04:58.0966 6744 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
17:04:59.0153 6744 AppID - ok
17:04:59.0169 6744 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:04:59.0216 6744 AppIDSvc - ok
17:04:59.0231 6744 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:04:59.0309 6744 Appinfo - ok
17:04:59.0309 6744 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
17:04:59.0325 6744 arc - ok
17:04:59.0325 6744 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:04:59.0341 6744 arcsas - ok
17:04:59.0419 6744 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:04:59.0465 6744 aspnet_state - ok
17:04:59.0481 6744 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:04:59.0548 6744 AsyncMac - ok
17:04:59.0598 6744 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
17:04:59.0623 6744 atapi - ok
17:04:59.0651 6744 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:04:59.0716 6744 AudioEndpointBuilder - ok
17:04:59.0750 6744 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:04:59.0794 6744 AudioSrv - ok
17:04:59.0829 6744 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:04:59.0938 6744 AxInstSV - ok
17:04:59.0985 6744 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:05:00.0079 6744 b06bdrv - ok
17:05:00.0110 6744 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:05:00.0172 6744 b57nd60a - ok
17:05:00.0219 6744 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:05:00.0297 6744 BDESVC - ok
17:05:00.0313 6744 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:05:00.0359 6744 Beep - ok
17:05:00.0391 6744 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
17:05:00.0500 6744 BFE - ok
17:05:00.0549 6744 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll
17:05:00.0654 6744 BITS - ok
17:05:00.0679 6744 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:05:00.0733 6744 blbdrive - ok
17:05:00.0782 6744 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:05:00.0848 6744 bowser - ok
17:05:00.0863 6744 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:05:00.0910 6744 BrFiltLo - ok
17:05:00.0910 6744 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:05:00.0926 6744 BrFiltUp - ok
17:05:00.0957 6744 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
17:05:01.0004 6744 Browser - ok
17:05:01.0019 6744 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:05:01.0129 6744 Brserid - ok
17:05:01.0129 6744 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:05:01.0175 6744 BrSerWdm - ok
17:05:01.0191 6744 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:05:01.0207 6744 BrUsbMdm - ok
17:05:01.0207 6744 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:05:01.0222 6744 BrUsbSer - ok
17:05:01.0253 6744 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:05:01.0285 6744 BTHMODEM - ok
17:05:01.0316 6744 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
17:05:01.0347 6744 bthserv - ok
17:05:01.0347 6744 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:05:01.0425 6744 cdfs - ok
17:05:01.0456 6744 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:05:01.0472 6744 cdrom - ok
17:05:01.0503 6744 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
17:05:01.0550 6744 CertPropSvc - ok
17:05:01.0582 6744 [ 274ce03459896006f7a5069266e0469e ] cfwids C:\Windows\system32\drivers\cfwids.sys
17:05:01.0592 6744 cfwids - ok
17:05:01.0605 6744 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys
17:05:01.0619 6744 circlass - ok
17:05:01.0645 6744 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
17:05:01.0664 6744 CLFS - ok
17:05:01.0712 6744 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:05:01.0735 6744 clr_optimization_v2.0.50727_32 - ok
17:05:01.0777 6744 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:05:01.0807 6744 clr_optimization_v2.0.50727_64 - ok
17:05:01.0866 6744 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:05:01.0944 6744 clr_optimization_v4.0.30319_32 - ok
17:05:01.0960 6744 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:05:01.0975 6744 clr_optimization_v4.0.30319_64 - ok
17:05:02.0007 6744 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:05:02.0053 6744 CmBatt - ok
17:05:02.0085 6744 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:05:02.0116 6744 cmdide - ok
17:05:02.0147 6744 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
17:05:02.0209 6744 CNG - ok
17:05:02.0225 6744 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:05:02.0241 6744 Compbatt - ok
17:05:02.0256 6744 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:05:02.0303 6744 CompositeBus - ok
17:05:02.0334 6744 COMSysApp - ok
17:05:02.0350 6744 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:05:02.0350 6744 crcdisk - ok
17:05:02.0397 6744 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:05:02.0506 6744 CryptSvc - ok
17:05:02.0537 6744 [ bc3d4f90978cd7c8eabd1baf3bf7873a ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:05:02.0620 6744 CtClsFlt - ok
17:05:02.0643 6744 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:05:02.0698 6744 DcomLaunch - ok
17:05:02.0738 6744 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
17:05:02.0802 6744 defragsvc - ok
17:05:02.0818 6744 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:05:02.0886 6744 DfsC - ok
17:05:02.0902 6744 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
17:05:02.0995 6744 Dhcp - ok
17:05:03.0026 6744 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
17:05:03.0104 6744 discache - ok
17:05:03.0151 6744 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
17:05:03.0151 6744 Disk - ok
17:05:03.0182 6744 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:05:03.0260 6744 Dnscache - ok
17:05:03.0276 6744 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:05:03.0338 6744 dot3svc - ok
17:05:03.0370 6744 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
17:05:03.0463 6744 DPS - ok
17:05:03.0510 6744 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:05:03.0559 6744 drmkaud - ok
17:05:03.0600 6744 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:05:03.0663 6744 DXGKrnl - ok
17:05:03.0679 6744 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:05:03.0747 6744 EapHost - ok
17:05:03.0852 6744 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:05:03.0992 6744 ebdrv - ok
17:05:04.0023 6744 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
17:05:04.0117 6744 EFS - ok
17:05:04.0179 6744 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:05:04.0304 6744 ehRecvr - ok
17:05:04.0320 6744 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
17:05:04.0367 6744 ehSched - ok
17:05:04.0413 6744 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:05:04.0491 6744 elxstor - ok
17:05:04.0507 6744 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:05:04.0538 6744 ErrDev - ok
17:05:04.0595 6744 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
17:05:04.0665 6744 EventSystem - ok
17:05:04.0753 6744 [ 8b6c9924b0d333dbf76086b8258a0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:05:04.0813 6744 EvtEng - ok
17:05:04.0830 6744 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
17:05:04.0862 6744 exfat - ok
17:05:04.0893 6744 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:05:04.0971 6744 fastfat - ok
17:05:05.0018 6744 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
17:05:05.0142 6744 Fax - ok
17:05:05.0174 6744 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
17:05:05.0205 6744 fdc - ok
17:05:05.0220 6744 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:05:05.0298 6744 fdPHost - ok
17:05:05.0330 6744 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:05:05.0392 6744 FDResPub - ok
17:05:05.0423 6744 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:05:05.0423 6744 FileInfo - ok
17:05:05.0439 6744 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:05:05.0532 6744 Filetrace - ok
17:05:05.0564 6744 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:05:05.0564 6744 flpydisk - ok
17:05:05.0598 6744 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:05:05.0614 6744 FltMgr - ok
17:05:05.0666 6744 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
17:05:05.0795 6744 FontCache - ok
17:05:05.0835 6744 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:05:05.0857 6744 FontCache3.0.0.0 - ok
17:05:05.0873 6744 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:05:05.0873 6744 FsDepends - ok
17:05:05.0904 6744 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:05:05.0935 6744 Fs_Rec - ok
17:05:05.0951 6744 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:05:05.0966 6744 fvevol - ok
17:05:05.0982 6744 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:05:05.0998 6744 gagp30kx - ok
17:05:06.0029 6744 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
17:05:06.0091 6744 gpsvc - ok
17:05:06.0169 6744 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:05:06.0200 6744 gupdate - ok
17:05:06.0200 6744 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:05:06.0216 6744 gupdatem - ok
17:05:06.0232 6744 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:05:06.0310 6744 hcw85cir - ok
17:05:06.0341 6744 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:05:06.0356 6744 HDAudBus - ok
17:05:06.0372 6744 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:05:06.0419 6744 HidBatt - ok
17:05:06.0450 6744 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:05:06.0512 6744 HidBth - ok
17:05:06.0528 6744 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:05:06.0544 6744 HidIr - ok
17:05:06.0620 6744 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
17:05:06.0674 6744 hidserv - ok
17:05:06.0738 6744 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:05:06.0750 6744 HidUsb - ok
17:05:06.0777 6744 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:05:06.0838 6744 hkmsvc - ok
17:05:06.0852 6744 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:05:06.0945 6744 HomeGroupListener - ok
17:05:06.0961 6744 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:05:07.0008 6744 HomeGroupProvider - ok
17:05:07.0023 6744 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:05:07.0039 6744 HpSAMD - ok
17:05:07.0070 6744 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:05:07.0164 6744 HTTP - ok
17:05:07.0195 6744 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:05:07.0195 6744 hwpolicy - ok
17:05:07.0210 6744 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:05:07.0226 6744 i8042prt - ok
17:05:07.0257 6744 [ d469b77687e12fe43e344806740b624d ] iaStor C:\Windows\system32\drivers\iaStor.sys
17:05:07.0288 6744 iaStor - ok
17:05:07.0320 6744 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:05:07.0351 6744 iaStorV - ok
17:05:07.0429 6744 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:05:07.0460 6744 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:05:07.0460 6744 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:05:07.0538 6744 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:05:07.0605 6744 idsvc - ok
17:05:07.0820 6744 [ 795c99dc4f574c97c03d0bb39cf099ee ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:05:08.0168 6744 igfx - ok
17:05:08.0183 6744 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:05:08.0199 6744 iirsp - ok
17:05:08.0246 6744 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
17:05:08.0371 6744 IKEEXT - ok
17:05:08.0402 6744 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
17:05:08.0480 6744 Impcd - ok
17:05:08.0573 6744 [ 8fed6428fde53d7f4c105095f22524be ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:05:08.0667 6744 IntcAzAudAddService - ok
17:05:08.0685 6744 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:05:08.0705 6744 IntcDAud - ok
17:05:08.0728 6744 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
17:05:08.0739 6744 intelide - ok
17:05:08.0764 6744 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:05:08.0817 6744 intelppm - ok
17:05:08.0865 6744 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:05:08.0923 6744 IPBusEnum - ok
17:05:08.0939 6744 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:05:08.0986 6744 IpFilterDriver - ok
17:05:09.0017 6744 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:05:09.0095 6744 iphlpsvc - ok
17:05:09.0111 6744 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:05:09.0126 6744 IPMIDRV - ok
17:05:09.0142 6744 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:05:09.0204 6744 IPNAT - ok
17:05:09.0220 6744 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:05:09.0235 6744 IRENUM - ok
17:05:09.0267 6744 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:05:09.0267 6744 isapnp - ok
17:05:09.0298 6744 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:05:09.0345 6744 iScsiPrt - ok
17:05:09.0376 6744 [ e56417c56b6a7316b6f527c890a1860d ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
17:05:09.0407 6744 JMCR - ok
17:05:09.0438 6744 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:05:09.0454 6744 kbdclass - ok
17:05:09.0485 6744 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:05:09.0501 6744 kbdhid - ok
17:05:09.0532 6744 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
17:05:09.0547 6744 KeyIso - ok
17:05:09.0563 6744 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:05:09.0579 6744 KSecDD - ok
17:05:09.0594 6744 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:05:09.0610 6744 KSecPkg - ok
17:05:09.0637 6744 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:05:09.0688 6744 ksthunk - ok
17:05:09.0730 6744 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
17:05:09.0802 6744 KtmRm - ok
17:05:09.0851 6744 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:05:09.0910 6744 LanmanServer - ok
17:05:09.0941 6744 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:05:10.0019 6744 LanmanWorkstation - ok
17:05:10.0050 6744 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:05:10.0082 6744 lltdio - ok
17:05:10.0097 6744 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:05:10.0128 6744 lltdsvc - ok
17:05:10.0144 6744 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:05:10.0191 6744 lmhosts - ok
17:05:10.0269 6744 [ 7f32d4c47a50e7223491e8fb9359907d ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:05:10.0300 6744 LMS - ok
17:05:10.0331 6744 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:05:10.0331 6744 LSI_FC - ok
17:05:10.0347 6744 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:05:10.0347 6744 LSI_SAS - ok
17:05:10.0362 6744 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:05:10.0378 6744 LSI_SAS2 - ok
17:05:10.0394 6744 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:05:10.0409 6744 LSI_SCSI - ok
17:05:10.0409 6744 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
17:05:10.0440 6744 luafv - ok
17:05:10.0503 6744 [ 9504f1dda1b67fb8d526fd4f8cc882f3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
17:05:10.0518 6744 McAWFwk - ok
17:05:10.0565 6744 [ acb01bf1a905356ab7f978c7fe852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:05:10.0581 6744 McMPFSvc - ok
17:05:10.0596 6744 [ acb01bf1a905356ab7f978c7fe852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:05:10.0612 6744 mcmscsvc - ok
17:05:10.0632 6744 [ acb01bf1a905356ab7f978c7fe852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:05:10.0641 6744 McNaiAnn - ok
17:05:10.0647 6744 [ acb01bf1a905356ab7f978c7fe852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:05:10.0657 6744 McNASvc - ok
17:05:10.0703 6744 [ dd2321925274f2902929d76ce2b0eb45 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
17:05:10.0729 6744 McODS - ok
17:05:10.0734 6744 [ acb01bf1a905356ab7f978c7fe852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:05:10.0754 6744 McOobeSv - ok
17:05:10.0760 6744 [ acb01bf1a905356ab7f978c7fe852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:05:10.0771 6744 McProxy - ok
17:05:10.0819 6744 [ e998e3b12101288d716558466cbf6ae1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:05:10.0844 6744 McShield - ok
17:05:10.0872 6744 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:05:10.0885 6744 Mcx2Svc - ok
17:05:10.0898 6744 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:05:10.0929 6744 megasas - ok
17:05:10.0944 6744 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:05:10.0991 6744 MegaSR - ok
17:05:11.0007 6744 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:05:11.0038 6744 MEIx64 - ok
17:05:11.0054 6744 [ 01884cb7655c8908b43ff5e364fe6fd2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
17:05:11.0069 6744 mfeapfk - ok
17:05:11.0085 6744 [ dab9a9cdfb04e4d68924492aa043019d ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
17:05:11.0100 6744 mfeavfk - ok
17:05:11.0116 6744 mfeavfk01 - ok
17:05:11.0132 6744 [ b26782c3d6045b4464017d7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:05:11.0147 6744 mfefire - ok
17:05:11.0178 6744 [ ce9a3680675c0907ade16404ca967b49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
17:05:11.0194 6744 mfefirek - ok
17:05:11.0241 6744 [ 60cf67458dd29cd17e77f2327b1a9a54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
17:05:11.0288 6744 mfehidk - ok
17:05:11.0303 6744 [ a8129cfb919347f8533c934b365e9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
17:05:11.0319 6744 mfenlfk - ok
17:05:11.0319 6744 [ 5041fa2bd2b3a2693b015771bfbf6dca ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
17:05:11.0334 6744 mferkdet - ok
17:05:11.0366 6744 [ 723a5eb6cef7f408c3d0f15a82a6bff8 ] mfevtp C:\Windows\system32\mfevtps.exe
17:05:11.0366 6744 mfevtp - ok
17:05:11.0381 6744 [ 919c56db14a0e1e2ab6da5d2821dc26e ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
17:05:11.0397 6744 mfewfpk - ok
17:05:11.0428 6744 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
17:05:11.0490 6744 MMCSS - ok
17:05:11.0537 6744 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:05:11.0631 6744 Modem - ok
17:05:11.0662 6744 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:05:11.0692 6744 monitor - ok
17:05:11.0712 6744 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:05:11.0741 6744 mouclass - ok
17:05:11.0753 6744 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:05:11.0764 6744 mouhid - ok
17:05:11.0783 6744 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:05:11.0794 6744 mountmgr - ok
17:05:11.0858 6744 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:05:11.0871 6744 MozillaMaintenance - ok
17:05:11.0889 6744 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:05:11.0903 6744 mpio - ok
17:05:11.0916 6744 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:05:11.0946 6744 mpsdrv - ok
17:05:11.0967 6744 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:05:12.0030 6744 MpsSvc - ok
17:05:12.0061 6744 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:05:12.0108 6744 MRxDAV - ok
17:05:12.0123 6744 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:05:12.0217 6744 mrxsmb - ok
17:05:12.0248 6744 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:05:12.0295 6744 mrxsmb10 - ok
17:05:12.0310 6744 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:05:12.0326 6744 mrxsmb20 - ok
17:05:12.0342 6744 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:05:12.0357 6744 msahci - ok
17:05:12.0373 6744 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:05:12.0388 6744 msdsm - ok
17:05:12.0404 6744 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
17:05:12.0466 6744 MSDTC - ok
17:05:12.0482 6744 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:05:12.0560 6744 Msfs - ok
17:05:12.0591 6744 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:05:12.0669 6744 mshidkmdf - ok
17:05:12.0685 6744 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:05:12.0727 6744 msisadrv - ok
17:05:12.0751 6744 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:05:12.0821 6744 MSiSCSI - ok
17:05:12.0824 6744 msiserver - ok
17:05:12.0864 6744 [ acb01bf1a905356ab7f978c7fe852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:05:12.0886 6744 MSK80Service - ok
17:05:12.0915 6744 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:05:12.0983 6744 MSKSSRV - ok
17:05:12.0986 6744 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:05:13.0020 6744 MSPCLOCK - ok
17:05:13.0036 6744 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:05:13.0067 6744 MSPQM - ok
17:05:13.0083 6744 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:05:13.0098 6744 MsRPC - ok
17:05:13.0114 6744 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:05:13.0129 6744 mssmbios - ok
17:05:13.0145 6744 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:05:13.0176 6744 MSTEE - ok
17:05:13.0192 6744 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:05:13.0192 6744 MTConfig - ok
17:05:13.0223 6744 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:05:13.0223 6744 Mup - ok
17:05:13.0254 6744 [ 6ed8935257672f4cd04a88a0f3de093d ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:05:13.0270 6744 MyWiFiDHCPDNS - ok
17:05:13.0301 6744 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
17:05:13.0363 6744 napagent - ok
17:05:13.0410 6744 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:05:13.0457 6744 NativeWifiP - ok
17:05:13.0519 6744 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:05:13.0582 6744 NDIS - ok
17:05:13.0597 6744 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:05:13.0629 6744 NdisCap - ok
17:05:13.0644 6744 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:05:13.0707 6744 NdisTapi - ok
17:05:13.0707 6744 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:05:13.0768 6744 Ndisuio - ok
17:05:13.0792 6744 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:05:13.0857 6744 NdisWan - ok
17:05:13.0890 6744 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:05:13.0949 6744 NDProxy - ok
17:05:13.0970 6744 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:05:14.0037 6744 NetBIOS - ok
17:05:14.0053 6744 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:05:14.0100 6744 NetBT - ok
17:05:14.0115 6744 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
17:05:14.0131 6744 Netlogon - ok
17:05:14.0162 6744 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
17:05:14.0240 6744 Netman - ok
17:05:14.0256 6744 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:05:14.0318 6744 NetMsmqActivator - ok
17:05:14.0334 6744 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:05:14.0334 6744 NetPipeActivator - ok
17:05:14.0365 6744 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
17:05:14.0443 6744 netprofm - ok
17:05:14.0443 6744 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:05:14.0459 6744 NetTcpActivator - ok
17:05:14.0459 6744 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:05:14.0474 6744 NetTcpPortSharing - ok
17:05:14.0677 6744 [ 5d262402b0634c998f8cbcead7dd8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
17:05:14.0923 6744 NETwNs64 - ok
17:05:14.0946 6744 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:05:14.0956 6744 nfrd960 - ok
17:05:14.0978 6744 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:05:15.0042 6744 NlaSvc - ok
17:05:15.0198 6744 [ b9b72faaaa41d59b73b88fe3dd737ed1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
17:05:15.0292 6744 NOBU - ok
17:05:15.0307 6744 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:05:15.0338 6744 Npfs - ok
17:05:15.0354 6744 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:05:15.0401 6744 nsi - ok
17:05:15.0416 6744 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:05:15.0448 6744 nsiproxy - ok
17:05:15.0510 6744 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:05:15.0604 6744 Ntfs - ok
17:05:15.0604 6744 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
17:05:15.0650 6744 Null - ok
17:05:15.0682 6744 [ 0ebc9d13cd96c15b1b18d8678a609e4b ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
17:05:15.0764 6744 nusb3hub - ok
17:05:15.0778 6744 [ 7bdec000d56d485021d9c1e63c2f81ca ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:05:15.0841 6744 nusb3xhc - ok
17:05:16.0062 6744 [ 573b0941a37aebee96085d56a103f57b ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:05:16.0405 6744 nvlddmkm - ok
17:05:16.0405 6744 [ 43af7ebeac2ab623468e32caddcb61a4 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
17:05:16.0421 6744 nvpciflt - ok
17:05:16.0452 6744 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:05:16.0483 6744 nvraid - ok
17:05:16.0499 6744 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:05:16.0514 6744 nvstor - ok
17:05:16.0545 6744 [ 9e01b716c8085f7adb1cdc10103ceef8 ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
17:05:16.0577 6744 NvStUSB - ok
17:05:16.0608 6744 [ c500760572c6059918fb0c960967695b ] NVSvc C:\Windows\system32\nvvsvc.exe
17:05:16.0655 6744 NVSvc - ok
17:05:16.0764 6744 [ f28169a7adf7b41809cf92d369e744f0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:05:16.0839 6744 nvUpdatusService - ok
17:05:16.0862 6744 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:05:16.0873 6744 nv_agp - ok
17:05:16.0891 6744 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:05:16.0926 6744 ohci1394 - ok
17:05:16.0955 6744 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:05:17.0012 6744 p2pimsvc - ok
17:05:17.0033 6744 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:05:17.0048 6744 p2psvc - ok
17:05:17.0080 6744 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:05:17.0126 6744 Parport - ok
17:05:17.0173 6744 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:05:17.0204 6744 partmgr - ok
17:05:17.0220 6744 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:05:17.0267 6744 PcaSvc - ok
17:05:17.0298 6744 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
17:05:17.0329 6744 pci - ok
17:05:17.0345 6744 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
17:05:17.0376 6744 pciide - ok
17:05:17.0392 6744 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:05:17.0407 6744 pcmcia - ok
17:05:17.0423 6744 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:05:17.0438 6744 pcw - ok
17:05:17.0454 6744 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:05:17.0563 6744 PEAUTH - ok
17:05:17.0641 6744 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:05:17.0688 6744 PerfHost - ok
17:05:17.0735 6744 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
17:05:17.0871 6744 pla - ok
17:05:17.0917 6744 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:05:18.0009 6744 PlugPlay - ok
17:05:18.0023 6744 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:05:18.0053 6744 PNRPAutoReg - ok
17:05:18.0084 6744 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:05:18.0100 6744 PNRPsvc - ok
17:05:18.0131 6744 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:05:18.0193 6744 PolicyAgent - ok
17:05:18.0240 6744 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
17:05:18.0318 6744 Power - ok
17:05:18.0349 6744 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:05:18.0443 6744 PptpMiniport - ok
17:05:18.0474 6744 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
17:05:18.0521 6744 Processor - ok
17:05:18.0552 6744 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:05:18.0661 6744 ProfSvc - ok
17:05:18.0677 6744 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:05:18.0692 6744 ProtectedStorage - ok
17:05:18.0708 6744 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:05:18.0790 6744 Psched - ok
17:05:18.0825 6744 [ 87b04878a6d59d6c79251dc960c674c1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:05:18.0855 6744 PxHlpa64 - ok
17:05:18.0880 6744 [ 0928bd20273625622722fe1de5bbde57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
17:05:18.0889 6744 qicflt - ok
17:05:18.0931 6744 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:05:18.0990 6744 ql2300 - ok
17:05:19.0005 6744 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:05:19.0016 6744 ql40xx - ok
17:05:19.0036 6744 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
17:05:19.0055 6744 QWAVE - ok
17:05:19.0055 6744 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:05:19.0102 6744 QWAVEdrv - ok
17:05:19.0102 6744 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:05:19.0149 6744 RasAcd - ok
17:05:19.0195 6744 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:05:19.0242 6744 RasAgileVpn - ok
17:05:19.0273 6744 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
17:05:19.0351 6744 RasAuto - ok
17:05:19.0367 6744 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:05:19.0445 6744 Rasl2tp - ok
17:05:19.0461 6744 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
17:05:19.0523 6744 RasMan - ok
17:05:19.0539 6744 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:05:19.0601 6744 RasPppoe - ok
17:05:19.0617 6744 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:05:19.0663 6744 RasSstp - ok
17:05:19.0679 6744 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:05:19.0710 6744 rdbss - ok
17:05:19.0726 6744 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:05:19.0741 6744 rdpbus - ok
17:05:19.0757 6744 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:05:19.0798 6744 RDPCDD - ok
17:05:19.0818 6744 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:05:19.0886 6744 RDPENCDD - ok
17:05:19.0910 6744 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:05:19.0939 6744 RDPREFMP - ok
17:05:19.0969 6744 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:05:20.0045 6744 RDPWD - ok
17:05:20.0060 6744 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:05:20.0076 6744 rdyboost - ok
17:05:20.0154 6744 [ 189c5a8d2098e0aa14fd157a954b34fc ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:05:20.0185 6744 RegSrvc - ok
17:05:20.0216 6744 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:05:20.0263 6744 RemoteAccess - ok
17:05:20.0294 6744 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:05:20.0357 6744 RemoteRegistry - ok
17:05:20.0497 6744 [ 3c957189b31c34d3ad21967b12b6aed7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
17:05:20.0544 6744 RoxMediaDB12OEM - ok
17:05:20.0575 6744 [ 2b73088cc2ca757a172b425c9398e5bc ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
17:05:20.0606 6744 RoxWatch12 - ok
17:05:20.0622 6744 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:05:20.0684 6744 RpcEptMapper - ok
17:05:20.0715 6744 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
17:05:20.0762 6744 RpcLocator - ok
17:05:20.0804 6744 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
17:05:20.0849 6744 RpcSs - ok
17:05:20.0878 6744 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:05:20.0939 6744 rspndr - ok
17:05:20.0977 6744 [ ed5873f7dfb2f96d37f13322211b6bdc ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:05:20.0993 6744 RTL8167 - ok
17:05:20.0997 6744 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
17:05:21.0007 6744 SamSs - ok
17:05:21.0026 6744 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:05:21.0037 6744 sbp2port - ok
17:05:21.0046 6744 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:05:21.0139 6744 SCardSvr - ok
17:05:21.0155 6744 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:05:21.0233 6744 scfilter - ok
17:05:21.0280 6744 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
17:05:21.0358 6744 Schedule - ok
17:05:21.0389 6744 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
17:05:21.0436 6744 SCPolicySvc - ok
17:05:21.0483 6744 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:05:21.0529 6744 sdbus - ok
17:05:21.0561 6744 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:05:21.0654 6744 SDRSVC - ok
17:05:21.0701 6744 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:05:21.0748 6744 secdrv - ok
17:05:21.0763 6744 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
17:05:21.0807 6744 seclogon - ok
17:05:21.0832 6744 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
17:05:21.0879 6744 SENS - ok
17:05:21.0898 6744 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:05:21.0975 6744 SensrSvc - ok
17:05:22.0013 6744 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
17:05:22.0062 6744 Serenum - ok
17:05:22.0067 6744 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
17:05:22.0129 6744 Serial - ok
17:05:22.0129 6744 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:05:22.0129 6744 sermouse - ok
17:05:22.0160 6744 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:05:22.0238 6744 SessionEnv - ok
17:05:22.0269 6744 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:05:22.0301 6744 sffdisk - ok
17:05:22.0301 6744 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:05:22.0316 6744 sffp_mmc - ok
17:05:22.0332 6744 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:05:22.0394 6744 sffp_sd - ok
17:05:22.0410 6744 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:05:22.0410 6744 sfloppy - ok
17:05:22.0519 6744 [ 74ec60e20516aaa573be74f31175270f ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
17:05:22.0581 6744 SftService - ok
17:05:22.0628 6744 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:05:22.0691 6744 SharedAccess - ok
17:05:22.0722 6744 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:05:22.0847 6744 ShellHWDetection - ok
17:05:22.0862 6744 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:05:22.0862 6744 SiSRaid2 - ok
17:05:22.0878 6744 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:05:22.0893 6744 SiSRaid4 - ok
17:05:22.0909 6744 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:05:22.0987 6744 Smb - ok
17:05:23.0003 6744 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:05:23.0049 6744 SNMPTRAP - ok
17:05:23.0081 6744 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:05:23.0112 6744 spldr - ok
17:05:23.0143 6744 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:05:23.0237 6744 Spooler - ok
17:05:23.0330 6744 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
17:05:23.0502 6744 sppsvc - ok
17:05:23.0533 6744 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:05:23.0564 6744 sppuinotify - ok
17:05:23.0595 6744 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
17:05:23.0673 6744 srv - ok
17:05:23.0689 6744 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:05:23.0736 6744 srv2 - ok
17:05:23.0767 6744 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:05:23.0819 6744 srvnet - ok
17:05:23.0856 6744 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:05:23.0888 6744 SSDPSRV - ok
17:05:23.0903 6744 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:05:23.0934 6744 SstpSvc - ok
17:05:23.0950 6744 [ 92e7f6666633d2dd91d527503daa7be0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
17:05:23.0959 6744 stdcfltn - ok
17:05:24.0020 6744 [ 0683504bbb3ffc0a73d9d217b63dd0e0 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:05:24.0047 6744 Stereo Service - ok
17:05:24.0063 6744 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:05:24.0074 6744 stexstor - ok
17:05:24.0105 6744 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
17:05:24.0183 6744 stisvc - ok
17:05:24.0215 6744 [ 7731f46ec0d687a931cba063e8f90ef0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:05:24.0246 6744 stllssvr - ok
17:05:24.0261 6744 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:05:24.0277 6744 swenum - ok
17:05:24.0355 6744 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:05:24.0417 6744 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:05:24.0417 6744 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:05:24.0433 6744 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
17:05:24.0527 6744 swprv - ok
17:05:24.0605 6744 [ b0c7d4dcf4800df2f2145b500d0161e8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:05:24.0683 6744 SynTP - ok
17:05:24.0714 6744 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
17:05:24.0832 6744 SysMain - ok
17:05:24.0859 6744 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:05:24.0883 6744 TabletInputService - ok
17:05:24.0904 6744 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:05:24.0953 6744 TapiSrv - ok
17:05:24.0975 6744 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
17:05:25.0006 6744 TBS - ok
17:05:25.0052 6744 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:05:25.0108 6744 Tcpip - ok
17:05:25.0186 6744 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:05:25.0201 6744 TCPIP6 - ok
17:05:25.0232 6744 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:05:25.0310 6744 tcpipreg - ok
17:05:25.0326 6744 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:05:25.0388 6744 TDPIPE - ok
17:05:25.0420 6744 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:05:25.0466 6744 TDTCP - ok
17:05:25.0482 6744 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:05:25.0544 6744 tdx - ok
17:05:25.0560 6744 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:05:25.0560 6744 TermDD - ok
17:05:25.0591 6744 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
17:05:25.0700 6744 TermService - ok
17:05:25.0716 6744 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
17:05:25.0778 6744 Themes - ok
17:05:25.0825 6744 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
17:05:25.0888 6744 THREADORDER - ok
17:05:25.0898 6744 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
17:05:25.0970 6744 TrkWks - ok
17:05:26.0024 6744 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:05:26.0089 6744 TrustedInstaller - ok
17:05:26.0112 6744 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:05:26.0174 6744 tssecsrv - ok
17:05:26.0205 6744 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:05:26.0268 6744 TsUsbFlt - ok
17:05:26.0268 6744 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:05:26.0283 6744 TsUsbGD - ok
17:05:26.0315 6744 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:05:26.0377 6744 tunnel - ok
17:05:26.0408 6744 [ fd24f98d2898be093fe926604be7db99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
17:05:26.0424 6744 TurboB - ok
17:05:26.0471 6744 [ 600b406a04d90f577fea8a88d7379f08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:05:26.0486 6744 TurboBoost - ok
17:05:26.0502 6744 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:05:26.0533 6744 uagp35 - ok
17:05:26.0549 6744 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:05:26.0595 6744 udfs - ok
17:05:26.0627 6744 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:05:26.0642 6744 UI0Detect - ok
17:05:26.0673 6744 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:05:26.0705 6744 uliagpkx - ok
17:05:26.0720 6744 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:05:26.0767 6744 umbus - ok
17:05:26.0798 6744 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys
17:05:26.0850 6744 UmPass - ok
17:05:26.0959 6744 [ 2c16648a12999ae69a9ebf41974b0ba2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:05:27.0029 6744 UNS - ok
17:05:27.0049 6744 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
17:05:27.0105 6744 upnphost - ok
17:05:27.0131 6744 [ 19ad7990c0b67e48dac5b26f99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:05:27.0209 6744 usbccgp - ok
17:05:27.0240 6744 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:05:27.0255 6744 usbcir - ok
17:05:27.0271 6744 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:05:27.0318 6744 usbehci - ok
17:05:27.0365 6744 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:05:27.0411 6744 usbhub - ok
17:05:27.0443 6744 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:05:27.0489 6744 usbohci - ok
17:05:27.0536 6744 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:05:27.0599 6744 usbprint - ok
17:05:27.0630 6744 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:05:27.0677 6744 usbscan - ok
17:05:27.0692 6744 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:05:27.0770 6744 USBSTOR - ok
17:05:27.0786 6744 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:05:27.0833 6744 usbuhci - ok
17:05:27.0869 6744 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:05:27.0915 6744 usbvideo - ok
17:05:27.0949 6744 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
17:05:28.0017 6744 UxSms - ok
17:05:28.0043 6744 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
17:05:28.0054 6744 VaultSvc - ok
17:05:28.0072 6744 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:05:28.0082 6744 vdrvroot - ok
17:05:28.0105 6744 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
17:05:28.0166 6744 vds - ok
17:05:28.0197 6744 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:05:28.0213 6744 vga - ok
17:05:28.0213 6744 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
17:05:28.0244 6744 VgaSave - ok
17:05:28.0260 6744 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:05:28.0275 6744 vhdmp - ok
17:05:28.0291 6744 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:05:28.0306 6744 viaide - ok
17:05:28.0322 6744 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:05:28.0322 6744 volmgr - ok
17:05:28.0338 6744 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:05:28.0353 6744 volmgrx - ok
17:05:28.0369 6744 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:05:28.0384 6744 volsnap - ok
17:05:28.0400 6744 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:05:28.0416 6744 vsmraid - ok
17:05:28.0447 6744 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
17:05:28.0572 6744 VSS - ok
17:05:28.0603 6744 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:05:28.0650 6744 vwifibus - ok
17:05:28.0681 6744 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:05:28.0712 6744 vwififlt - ok
17:05:28.0743 6744 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:05:28.0821 6744 vwifimp - ok
17:05:28.0864 6744 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
17:05:28.0911 6744 W32Time - ok
17:05:28.0926 6744 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:05:28.0960 6744 WacomPen - ok
17:05:28.0988 6744 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:05:29.0037 6744 WANARP - ok
17:05:29.0040 6744 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:05:29.0068 6744 Wanarpv6 - ok
17:05:29.0121 6744 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
17:05:29.0252 6744 wbengine - ok
17:05:29.0268 6744 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:05:29.0299 6744 WbioSrvc - ok
17:05:29.0330 6744 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:05:29.0393 6744 wcncsvc - ok
17:05:29.0408 6744 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:05:29.0502 6744 WcsPlugInService - ok
17:05:29.0517 6744 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
17:05:29.0549 6744 Wd - ok
17:05:29.0580 6744 [ a3d04ebf5227886029b4532f20d026f7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
17:05:29.0611 6744 WDC_SAM - ok
17:05:29.0658 6744 [ e6050fe6b60fa91188b8abdb5b1e339f ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
17:05:29.0705 6744 WDDMService ( UnsignedFile.Multi.Generic ) - warning
17:05:29.0705 6744 WDDMService - detected UnsignedFile.Multi.Generic (1)
17:05:29.0736 6744 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:05:29.0783 6744 Wdf01000 - ok
17:05:29.0845 6744 [ b83d5071b32a70bebdb3330bfa7acb80 ] WDFME C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
17:05:29.0901 6744 WDFME - ok
17:05:29.0914 6744 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:05:30.0013 6744 WdiServiceHost - ok
17:05:30.0017 6744 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:05:30.0032 6744 WdiSystemHost - ok
17:05:30.0056 6744 [ 94dc2bf6cbaaa95e369c3756d3115a76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
17:05:30.0065 6744 wdkmd - ok
17:05:30.0083 6744 [ 517de2c5568cba6b2a24a557ac60c30b ] WDSC C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
17:05:30.0099 6744 WDSC - ok
17:05:30.0124 6744 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:05:30.0170 6744 WebClient - ok
17:05:30.0202 6744 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:05:30.0280 6744 Wecsvc - ok
17:05:30.0295 6744 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:05:30.0358 6744 wercplsupport - ok
17:05:30.0389 6744 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:05:30.0404 6744 WerSvc - ok
17:05:30.0420 6744 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:05:30.0451 6744 WfpLwf - ok
17:05:30.0482 6744 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
17:05:30.0514 6744 WimFltr - ok
17:05:30.0529 6744 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:05:30.0545 6744 WIMMount - ok
17:05:30.0560 6744 WinDefend - ok
17:05:30.0560 6744 WinHttpAutoProxySvc - ok
17:05:30.0638 6744 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:05:30.0670 6744 Winmgmt - ok
17:05:30.0748 6744 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
17:05:30.0874 6744 WinRM - ok
17:05:30.0915 6744 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:05:30.0972 6744 WinUsb - ok
17:05:31.0033 6744 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
17:05:31.0077 6744 Wlansvc - ok
17:05:31.0105 6744 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:05:31.0116 6744 wlcrasvc - ok
17:05:31.0237 6744 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:05:31.0300 6744 wlidsvc - ok
17:05:31.0331 6744 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:05:31.0393 6744 WmiAcpi - ok
17:05:31.0424 6744 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:05:31.0456 6744 wmiApSrv - ok
17:05:31.0471 6744 WMPNetworkSvc - ok
17:05:31.0502 6744 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:05:31.0565 6744 WPCSvc - ok
17:05:31.0580 6744 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:05:31.0596 6744 WPDBusEnum - ok
17:05:31.0627 6744 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:05:31.0658 6744 ws2ifsl - ok
17:05:31.0690 6744 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
17:05:31.0768 6744 wscsvc - ok
17:05:31.0768 6744 WSearch - ok
17:05:31.0877 6744 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:05:31.0967 6744 wuauserv - ok
17:05:31.0979 6744 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:05:32.0023 6744 WudfPf - ok
17:05:32.0068 6744 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:05:32.0129 6744 WUDFRd - ok
17:05:32.0147 6744 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:05:32.0178 6744 wudfsvc - ok
17:05:32.0194 6744 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
17:05:32.0240 6744 WwanSvc - ok
17:05:32.0287 6744 ================ Scan global ===============================
17:05:32.0303 6744 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
17:05:32.0334 6744 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
17:05:32.0350 6744 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
17:05:32.0365 6744 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
17:05:32.0412 6744 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
17:05:32.0428 6744 [Global] - ok
17:05:32.0428 6744 ================ Scan MBR ==================================
17:05:32.0443 6744 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:05:32.0802 6744 \Device\Harddisk0\DR0 - ok
17:05:32.0802 6744 ================ Scan VBR ==================================
17:05:32.0802 6744 Boot (0x1200) (aad909c1cc90eed1e49117c9b7e9463a) \Device\Harddisk0\DR0\Partition1
17:05:32.0818 6744 \Device\Harddisk0\DR0\Partition1 - ok
17:05:32.0849 6744 Boot (0x1200) (935d9df834fa10b64d14e1f5bc549fdb) \Device\Harddisk0\DR0\Partition2
17:05:32.0849 6744 \Device\Harddisk0\DR0\Partition2 - ok
17:05:32.0849 6744 ============================================================
17:05:32.0849 6744 Scan finished
17:05:32.0849 6744 ============================================================
17:05:32.0864 6736 Detected object count: 3
17:05:32.0864 6736 Actual detected object count: 3
17:05:59.0067 6736 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:05:59.0067 6736 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:05:59.0067 6736 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:05:59.0067 6736 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:05:59.0067 6736 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
17:05:59.0067 6736 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu Ist vikyrefwaqis.exe ein Virus? |
| audiograbber, autorun, bho, converter, defender, error, firefox, flash player, format, google earth, helper, home, install.exe, logfile, mozilla, mp3, nvidia update, nvpciflt.sys, plug-in, port, programm, realtek, registry, rundll, scan, security, smartbar, software, svchost.exe, usb, virus, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
