| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.09.2012, 12:46
| #1 | |
 |  Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Ich war abei meinen Systemstart malwieder in ordnung zu bringen und stoß auf eine datei namens thbcn womit ich nichts anfangen konnte. Ich hab daraufhin versucht mich in google schlau zu machen und fand ein Thema hier im Forum mit etwa den ähnlichen geschielderten Problemen. Hab dann auch direkt den Malwarrebytes Quickscan durchegführt und es wurden 42 infizierte Datein gefunden unter anderem jede menge PUP.Blappers ( was auch immer das ist ) und ein Triojan.Hoaxsms. Ich hoffe mir kann jemand weiter helfen und schonmal danke im Vorraus. Ich bin auch gerade dabei ein kompletten Scan von Avira-Antivirus durchzuführen vllt findet der ja auch was obwohl ich das eigentlich regelmäsig mache! Hier die log-datei vom Quick scan : Zitat:
OTl-text OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.09.2012 14:03:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Semmel3\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,85% Memory free 15,92 Gb Paging File | 13,45 Gb Available in Paging File | 84,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,92 Gb Total Space | 1432,34 Gb Free Space | 76,89% Space Free | Partition Type: NTFS Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Semmel3\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Users\Semmel3\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\program files (x86)\avira\antivir desktop\avscan.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Semmel3\AppData\Roaming\BrowserCompanion\tbhcn.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Semmel3\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Users\Semmel3\AppData\Roaming\BrowserCompanion\tbhcn.exe () MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Gizmo Central) -- C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KORGUMDS) -- C:\Windows\SysNative\drivers\KORGUM64.SYS (KORG INC.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (GizmoDrv) -- C:\Windows\SysNative\drivers\gizmodrv.sys (Arainia Solutions LLC) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 1E 10 43 96 49 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = hxxp://starwebsearch.com/index.php?from=4&q={searchTerms} IE - HKCU\..\SearchScopes\{FCBEBBEA-AD82-4B47-8174-B91EEF715793}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchplusnetwork.com/?sp=vit4" FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://www.searchplusnetwork.com/?sp=vit4&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.25 19:31:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 11:10:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.18 15:37:57 | 000,000,000 | ---D | M] [2011.01.08 20:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Extensions [2012.09.15 19:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions [2011.04.19 16:00:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.21 11:38:37 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e} [2012.07.16 14:02:47 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com [2012.09.15 19:17:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\ich@maltegoetz.de [2011.08.28 13:19:22 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\youtube2mp3@mondayx.de.xpi [2012.08.07 14:29:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.18 20:46:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2012.09.02 15:17:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire [2012.09.11 01:11:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire [2012.09.28 13:33:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2012.09.28 13:33:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire [2012.08.13 00:13:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire [2012.08.17 11:31:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire [2012.09.28 13:17:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire [2012.08.28 13:09:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire [2012.09.25 16:56:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2012.09.28 13:33:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire [2012.09.04 21:30:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire [2012.09.28 13:56:09 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire [2012.07.24 20:11:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire [2012.09.04 19:33:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire [2012.09.28 13:17:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire [2012.08.19 19:43:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9803c283e94e743374151c4bbe60a5df_expire [2012.09.28 13:17:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2012.09.28 13:33:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire [2012.09.20 12:55:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire [2012.08.27 22:32:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b5bc7084382de95cb69790e5d10db338_expire [2012.09.28 13:33:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2012.07.24 20:11:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c1c44ca1d695da7ece0f59471a8950a1_expire [2012.08.19 19:43:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire [2012.08.13 01:42:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd14651_expire [2012.08.18 14:04:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire [2012.09.20 12:55:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire [2012.08.23 01:26:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire [2012.09.28 13:33:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2012.09.28 13:33:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire [2012.09.28 13:33:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2012.09.25 16:56:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2012.09.25 16:56:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2011.08.05 13:18:02 | 000,002,125 | ---- | M] () -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\searchplugins\GoogleFeed.xml [2012.07.16 14:02:48 | 000,002,792 | ---- | M] () -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\searchplugins\Plusnetwork.xml [2012.05.15 15:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.08 11:10:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.13 16:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 20:08:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.13 16:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 16:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 16:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 16:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll File not found O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll File not found O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E8E9CFC-3CD5-464C-9C0A-C8674660156B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AACA96B-FDA6-4FD6-BE38-B7A3B95D772A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3E2BEF1-762D-4321-B489-A8635273DA18}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.06.27 00:29:39 | 000,000,022 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell - "" = AutoRun O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell\AutoRun\command - "" = E:\Launch.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.28 13:59:31 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.09.28 13:25:08 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\AppData\Roaming\Malwarebytes [2012.09.28 13:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.28 13:24:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.26 12:35:22 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.22 14:24:30 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.22 14:24:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.22 14:24:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.22 14:24:29 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.22 14:24:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.22 14:24:29 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.22 14:24:29 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.20 16:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2012.09.20 16:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2012.09.20 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Guild Wars 2 [2012.09.12 13:04:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 13:04:02 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 13:04:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 13:04:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.08.30 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Games for Windows - LIVE Demos [2012.08.30 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Spartan [2012.08.30 03:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Wonderful End of the World Trial [2012.08.30 02:55:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.28 13:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.28 13:24:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.28 13:24:12 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.28 13:24:12 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.28 13:22:39 | 001,541,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.28 13:22:39 | 000,669,456 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.28 13:22:39 | 000,628,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.28 13:22:39 | 000,137,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.28 13:22:39 | 000,112,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.28 13:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.28 13:16:37 | 2115,280,895 | -HS- | M] () -- C:\hiberfil.sys [2012.09.20 16:10:52 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.09.10 02:42:27 | 000,435,725 | ---- | M] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.28 13:24:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 16:10:52 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.09.10 02:41:34 | 000,435,725 | ---- | C] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt [2012.08.30 02:55:03 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012.04.09 23:07:33 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2012.04.08 22:37:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.04.08 22:37:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.04.08 22:37:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.25 05:41:08 | 000,007,597 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\Resmon.ResmonCfg [2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll [2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2011.01.19 12:07:17 | 000,000,095 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\fusioncache.dat [2011.01.18 08:15:22 | 001,540,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.18 08:12:35 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.01.18 08:12:33 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.01.18 08:12:31 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.01.17 18:45:14 | 000,000,600 | ---- | C] () -- C:\Users\Semmel3\AppData\Roaming\winscp.rnd [2011.01.08 20:27:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.01.08 19:57:20 | 000,027,504 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.01.08 19:56:10 | 000,019,533 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.01.08 19:56:10 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Otl-Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.09.2012 14:03:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Semmel3\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,85% Memory free
15,92 Gb Paging File | 13,45 Gb Available in Paging File | 84,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1432,34 Gb Free Space | 76,89% Space Free | Partition Type: NTFS
Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D89D08-76C7-437F-8061-2218A66A6BCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{04A5FF94-E827-48BF-B14E-F95B15AF5774}" = lport=138 | protocol=17 | dir=in | app=system |
"{0C5CA600-5847-4EAC-ACF2-AD51F93986D4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0ED68441-E2BB-412B-AE60-BB2C46B7EBEA}" = rport=137 | protocol=17 | dir=out | app=system |
"{168E2F66-B90D-45DE-8DCF-82F614CC0313}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{289483AB-06BD-41FA-85EB-DD4E326EF51A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{298CF00C-9ABA-4CE4-B648-A9EC39FB8E8E}" = lport=139 | protocol=6 | dir=in | app=system |
"{2B79A649-7AD2-46C4-ABF5-D57EA3BBF4E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2EFDB6D1-8CE8-4853-BD7F-B3AA3ACF899F}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface |
"{2F44BCC5-BC13-4AAB-A782-E0F3A77620C3}" = rport=2869 | protocol=6 | dir=out | app=system |
"{442AB8F5-8D04-4252-A35D-38FE1A62473C}" = rport=445 | protocol=6 | dir=out | app=system |
"{48EB8F4D-37D4-458C-88DB-0B783695834D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D5DA65E-7F51-40BA-BE6B-955009B2EE4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65097C6C-A337-40E0-9E08-4ECED3F820B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F62DFE7-4177-4C3E-92D5-78D239CDE950}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FD666CF-C087-4D88-8E09-8121B7B39402}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{702D77F1-7D87-421D-97B8-28062361C9DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75D71D67-CD46-4C0C-955F-A8DEFCF3452F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87D3A8EF-A493-4720-827D-05332F152405}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A2EDED2-4748-44D4-B6E4-49AAB74C0C5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8BA8EC31-8549-49D2-9409-21D110A9FE5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B429D87-9F66-4AB3-8D4B-8F072F0170B0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9F95ED39-CBFE-4A70-AF92-7F3494A882CE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A6A19C95-0AF3-4A31-B4FA-326CEEB3B9D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB7D3CC5-F113-4EA9-BDCE-B50AEAC77845}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7A59223-BD9C-4A53-BF77-7DDC7DE6B14B}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA40648F-6BFE-4452-A214-9965DCBE0395}" = lport=137 | protocol=17 | dir=in | app=system |
"{D693F4FA-7A32-427D-8301-FBC4CB8D61C9}" = rport=139 | protocol=6 | dir=out | app=system |
"{D6A69205-67ED-4E11-8C1D-87330448C510}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC1D6C78-CDF7-4A7E-8669-AE475B30D4A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF50F3F9-B392-4CE5-8D8C-56012292325C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E03AC141-0602-421B-83E0-D5C1C390AC65}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FF266D2B-7CF5-48B6-89F3-DB6D162E94B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E7DFA-E039-4FBE-AE12-1A8ED924A7D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe |
"{01DCB31E-28CF-4F69-BE48-3A636FB95B97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{02DF55F6-A590-45F2-8FBA-D727A0849359}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe |
"{17FE9864-EB12-4313-A356-54736DCB7CED}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{1F0B4EE5-998F-416A-9ABC-5860758BA037}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe |
"{21ACC931-BD3B-4235-B48B-846A65DAA4E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{261228B9-79B5-4D50-B3BF-2E803EF65CB3}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe |
"{28DF8BD9-2BF0-451D-9DB7-309ECEE92925}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2A0FB448-974D-4C13-BDD5-FE10BD88A5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2C8CB090-7317-4F67-9951-2E7616A13B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"{2DEC89C9-F931-4504-9136-566581529314}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{2E6BC299-95C0-44C9-B0CF-1F13C1DB57B6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{32FC71EB-BC3E-495A-9914-AC3C1334FC02}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3327864F-7518-4BCC-81FE-A72C20BD5030}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3371047D-8F44-4806-A723-AF4F9044C32C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34001BB9-C9D4-441E-A3B1-69DBDAAF3B03}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{34F2F701-A54F-47E7-B80A-A66C043836FD}" = dir=out | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe |
"{3DAC82E0-0CF2-4A6A-8655-1E4389680F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{3DAF56D8-1C8B-4D5C-8343-C4522737B079}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{422C7F1F-642C-42CD-AD6C-BD950A8C3A43}" = dir=out | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe |
"{4569CEF6-0B7C-459D-8600-A1C307209F08}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4B5817BD-DC1C-401C-9260-C4EECD167806}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{4C0BA5C5-C186-424A-ABCE-4E668D1E4DEC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{55EBB7A0-751C-47DD-ABD6-AFB6055622FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{58F8A5AD-F819-4CBB-AC22-072E07CAFA70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C971D68-FEB1-4392-88AC-B1C774FDE96F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6330180B-4586-4FE0-A04E-17466155463B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65C734C7-615E-4438-9CE9-C170BBC1585D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6757E155-B5E4-4748-AEFB-E96A6341304A}" = dir=out | app=%programfiles%\native instruments\reaktor 5\reaktor5.exe |
"{6A51DDB3-9494-4140-A4D8-B27E816F2EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe |
"{6BD32769-3A93-43AA-A6D8-90BA0D2A286B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{6EBB6EE0-91F2-4680-AF9B-E0D8E885307E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{6F15A31A-9F99-4519-8302-C566723E23F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7064779A-0ABE-4BC5-A4DD-04F020047003}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{728E728E-B6B9-47D7-9F27-D0373FD48326}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{73EF78C8-F550-41F3-B6BA-D20F94DA022C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{7B23F193-88A5-40CB-95C8-B65B43074179}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C1FD9F9-7C13-4F91-8639-1548BE5C5C82}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7D2F7435-9471-4FF3-A6CA-A1BD136AE8AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7E1F5B54-AD24-433F-9F24-305AF53FF1A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E96EF0E-EE3C-4E26-B7F4-8DDD8F650859}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe |
"{8113BE97-2ED9-42C0-9DD1-4A18ED10EC25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{82A02444-7EBD-4500-BECF-A588DA71F250}" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"{845B7CFA-FD50-4BE3-8C1D-39FEAFEDC103}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{8C4CB877-771A-4CE7-AD9E-3E869B965DFD}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe |
"{8E330D6E-04C7-4510-B7CA-CC104731661E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F3AC6DE-ADD3-4FD2-9201-B12264B954F2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{8F78629F-4686-4631-8061-36F6B4933D46}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{9CA29403-EE7B-4D35-B5E6-7CC214B94BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{A4ADDAAE-C62E-4864-838F-F94363EEEFA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A6E4640D-431B-40E1-ABA2-44DEFA051E83}" = dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{A7B133E6-9153-46EF-80CD-890E79743E4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{A88E3071-9214-4E19-9EB9-EEC10C3EC0F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A8E15104-9B7A-4763-9FB7-3CB2E3D3D587}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{A8F14CDA-D3E0-49B8-B400-D1AA3FDCCECD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B229312B-FBF9-46CA-B9DA-197150D9093C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{B3469B3F-83C4-4394-B030-2B1D54BC533A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{B3F0851E-EB6A-4B58-B6B2-1E6C656B03B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B7C93736-8A85-4D43-8AAE-AABE4374C2D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDCAA190-6FEA-4EB0-9B25-CDFF8010CD75}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{C395F7AD-AF9D-47D0-9D79-D8196FD1DBF1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C4482D10-9D9B-4EF5-BEC2-6AE5B1837AE9}" = dir=in | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe |
"{C6518FB6-635E-44DC-BCF5-5C9B263FDB3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe |
"{CDD7517F-7532-41F1-9CB9-9A82D31E201F}" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"{CF7E1DCD-33A8-4C1B-B6EA-0BA4957CE895}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe |
"{D157192D-4512-47F0-BE76-229950D9DC46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe |
"{D8708315-2EF8-4910-8859-F6E44A8F8B1E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{DDF15E72-F345-42EF-A491-9F26A3E9B315}" = protocol=6 | dir=out | app=system |
"{E03FFC84-8678-4B4B-BE28-9B07B29393BF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{E2E6AD6E-366F-469E-8882-F0BDA9E08627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E420B9D9-B609-4A31-8AFF-4A7294D513DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{E9D970F2-7628-4F20-A057-DC1A649AFD8D}" = dir=in | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe |
"{EA636CA8-5B82-4E63-AF83-B67FC317B1FE}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe |
"{EE444846-1B82-443C-967B-37B21CD7041C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe |
"{F3670743-85E8-41CD-8F81-12DF95937434}" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"{F567067A-522A-436D-8D18-14AFFA54F38F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{F6550485-E251-4C51-8B1B-4F556F4D56E5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{F7979907-8D14-4549-B410-A52FEC061BFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FF0519E5-EFC7-4792-B708-3CDE278C5440}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"TCP Query User{06A4D315-D932-4EA5-8BCD-0F44D1F50DC7}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{0ABB63E0-BACF-4065-A686-EAC9A531BA0D}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat |
"TCP Query User{0AECF25A-D03D-4166-8D08-6D5B723A9B62}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{25FE0EB9-6785-43BD-BE95-159190BC7892}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe |
"TCP Query User{2A14BF8F-7052-4586-AF0E-6DECAA7A486A}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe |
"TCP Query User{310EC278-9CA6-463A-82BA-3A8D6F967EA6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe |
"TCP Query User{37F940C5-F7C0-40B2-A2A7-99E9EA6DB03A}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{4314FCE3-2D1B-403D-9F12-3F6FAAB04564}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{4E26B57E-2DAB-49C0-9472-3B0428DA8F61}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |
"TCP Query User{74BEB245-C2B0-4475-AB16-9A7B135AB5AD}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe |
"TCP Query User{77C8A727-1195-4E3A-94C1-6741E3814BFC}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{7C695C05-029E-4092-8EF5-4775028636B5}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe |
"TCP Query User{956CDBDE-2F32-413B-87D4-7F99E011C527}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe |
"TCP Query User{AC551760-E41B-49A2-93B6-A3B7566C3BB9}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe |
"TCP Query User{B5D8E2AA-7FE2-485E-8BDC-F8A6571309E4}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"TCP Query User{BA266FE6-E0C4-482F-B7D6-DC9A96C39F8A}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe |
"TCP Query User{C339BDCE-C350-4563-AE8F-59720E5248A3}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=6 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe |
"TCP Query User{CF95CF45-BD46-4407-94DF-4084540069B6}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe |
"TCP Query User{D11C0AD1-5038-4D67-B7C5-9EDFA41C041B}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"TCP Query User{D70AA586-AB0B-4074-BECF-EC4C3BB7E9F6}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"TCP Query User{DE121CE7-A433-4EFD-8D23-C2E0FA4E4DD4}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe |
"TCP Query User{E5746666-6631-4E1A-8F59-79A75F2EB617}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{F02F160F-6A38-4630-9EDD-DFDE21C23202}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{F3BE3F8F-D78B-492D-AE54-4369A91D68B1}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{FDD9264B-55AE-4207-A3A4-CAF460A15081}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe |
"TCP Query User{FFB03BEC-5704-49E0-B8D5-C57C08130E2F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{0077A4C1-42B2-4CEC-BB14-D99D8E8CABF9}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe |
"UDP Query User{0096B6F4-1115-46D0-B347-B33C881EBE7C}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe |
"UDP Query User{04816270-EF81-4A16-90D4-8D097BA3C543}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"UDP Query User{0A33625F-9A19-42D4-A492-BBB8F8D29CD3}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe |
"UDP Query User{113A8EA1-7C69-4BDF-8F73-FFFB0CB7DF10}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe |
"UDP Query User{138C4001-8B85-4293-AB8F-41E7DC53173C}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{359FA801-D0D1-467F-95DB-BFD2F5C2B431}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe |
"UDP Query User{377B05DC-60E4-4FB4-9D51-8CED59B8A4E4}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe |
"UDP Query User{39C04FD3-5D52-4BC9-9F5B-1F5DBD83CA3C}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3ECB84A6-8F05-47A5-A72D-377BE5D83AA8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{3F68D25C-A7AD-41CF-8547-86FE540281AA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{5DF9A99E-D1A6-456B-8155-EA045B186FE0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{6C5C2639-064F-4202-B1E9-EF2B35E9603B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{6DC76822-25EA-4A77-AC8A-C156CD5C731E}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"UDP Query User{7BFF630B-2153-48F7-A016-B291B43459A9}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat |
"UDP Query User{7E4CF59E-761D-4295-8C9C-6207AC7841FD}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{8AE10A56-C960-46D6-90AE-8A8CE0D65179}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe |
"UDP Query User{97EBEDCD-5D5D-45F6-94E5-4F790885BCDD}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe |
"UDP Query User{A77EB67B-DB34-4015-B2B9-2710E32B51DF}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"UDP Query User{BF193D71-C053-4355-9DF3-532DB3F231FD}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{CDDB15D7-486A-46DE-9520-6F53B9FC60BC}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=17 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe |
"UDP Query User{CFD885F0-8527-40DA-944E-D74F61DC361A}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe |
"UDP Query User{D5F2F23D-9464-4FA9-BD38-529125B8EFEC}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |
"UDP Query User{E0343B7F-BD3D-41A1-9414-0E6046224FE4}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{F4924D05-D9CC-4871-B0CF-D9867B235B68}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe |
"UDP Query User{F6B94F14-8759-4CC3-B8FC-DFD7A2AC1249}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5941D535-34BF-BB6E-E52B-F464E4E955FF}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2DDE39D-BA16-4DBB-9C96-A6703142DCF3}" = Native Instruments Komplete 7 Players
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0FC9E28-1CE6-4A40-BEF1-C6E6EDFCA070}" = Native Instruments Kontakt Factory Selection
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D7D6AA2C-DD2C-53F1-1F1D-5AC3CDE1B90C}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{04475621-9BF8-EF82-4691-1C8FD9D40FD2}" = CCC Help Polish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07A733AA-2D8C-1E0E-ED9B-B4CA59AE86B3}" = Catalyst Control Center
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AADBEB8-3F11-7FB7-6DDC-EE2276C1A80E}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2C3F42F5-935B-E64C-13D7-4369B0D66DE9}" = CCC Help Greek
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37CE847B-3279-1A39-CA09-FBF330B5EC97}" = CCC Help Czech
"{3C15E8E2-3463-584F-D4F8-D95878737EAB}" = CCC Help Norwegian
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{420500EA-4038-AADB-DD76-90D0311E5867}" = CCC Help Spanish
"{43403BCA-6051-A108-682C-5BABB69D3919}" = CCC Help Hungarian
"{441717E8-ADF5-4724-8B90-FA8DE7B73F91}" = KORG KAOSSILATOR PRO Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{549ECD2C-5ACD-0598-56E6-BF88F6B5CE9E}" = CCC Help Portuguese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BAD1D5F-157F-C4D7-05B8-7B2D08874DFA}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6E9484D8-F1F5-8737-3C35-C2ACB8BC9BF8}" = CCC Help Danish
"{6EB6BC61-0079-80B7-9AE8-A28E02F81E04}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DDE8F9-FAD1-4C64-84DF-DF287EAE6FAE}" = CCC Help Turkish
"{7C53D4FA-0F42-3B24-686B-2AB688C8B112}" = Catalyst Control Center Localization All
"{810AC1C1-CB19-45EA-B5C9-77B654F9CA07}" = TQ Defiler.NET
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{85F76CD3-92C2-6422-202C-ADC655E83940}" = CCC Help Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINT_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.POWERPOINT_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92E71E47-7BDE-2A10-A9C2-373DCAE4EEB9}" = CCC Help Chinese Traditional
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9693675A-7108-247D-A369-AF08C8E32CFD}" = CCC Help English
"{9971CC5F-9E89-6024-72CD-2F9B33305B7F}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E8426B6-0027-8C7E-9729-E86053D9A3D5}" = CCC Help Finnish
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B3CB5BA3-3E98-4E85-944E-B03D055F8450}" = KORG USB-MIDI Driver Tools for Windows
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B66F4972-5C17-90A5-95AB-0C4DAEFC92A4}" = CCC Help Korean
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{DB689397-D3C2-BD23-A83E-FCA68454F0FE}" = CCC Help Dutch
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EAD24F4A-8BB8-EAC5-A995-3D9A96DF3FA4}" = CCC Help French
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BC0231-25D6-B4BF-5D9E-633220A2C09A}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F501FACA-3AFB-FAC4-825D-F6D1343F0C69}" = Catalyst Control Center Graphics Previews Common
"{F7657E34-0046-9515-61D9-7AAFC84C4AC8}" = CCC Help Thai
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface Service
"ArtMoney SE_is1" = ArtMoney SE v7.35
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"DAEMON Tools Pro" = DAEMON Tools Pro
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.3.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Gizmo Central" = Gizmo Central
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Live 8.2.2" = Live 8.2.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 7 Players" = Native Instruments Komplete 7 Players
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.91
"Steam App 12840" = DiRT 2
"Steam App 240" = Counter-Strike: Source
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 7200" = TrackMania United
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"winscp3_is1" = WinSCP 4.2.9
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.08.2012 21:29:23 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 29.08.2012 21:29:26 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 29.08.2012 21:29:28 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 30.08.2012 08:59:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MiracleWOW.exe, Version: 1.0.0.25,
Zeitstempel: 0x4feb47ba Name des fehlerhaften Moduls: MiracleWOW.exe, Version: 1.0.0.25,
Zeitstempel: 0x4feb47ba Ausnahmecode: 0xc0000417 Fehleroffset: 0x0011230e ID des fehlerhaften
Prozesses: 0x13dc Startzeit der fehlerhaften Anwendung: 0x01cd86af48afecfa Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Berichtskennung:
8e46102f-f2a2-11e1-9b7e-20cf30bbd32d
Error - 30.08.2012 20:49:42 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ad4 Startzeit:
01cd861145029f28 Endzeit: 24 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
be4eec46-f305-11e1-9b7e-20cf30bbd32d
Error - 31.08.2012 11:45:42 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 10.09.2012 16:17:34 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e64 Startzeit:
01cd8f528cec3d54 Endzeit: 28 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
8cbe742e-fb84-11e1-b400-20cf30bbd32d
Error - 10.09.2012 21:13:43 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a40 Startzeit:
01cd8f9151442b30 Endzeit: 25 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
ec13e286-fbad-11e1-b400-20cf30bbd32d
Error - 20.09.2012 11:40:15 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ff8 Startzeit:
01cd973efe2a6a71 Endzeit: 22 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
77276dc8-0339-11e2-ba4e-20cf30bbd32d
Error - 22.09.2012 08:23:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: update.exe_Avira Free Antivirus,
Version: 12.3.14.31, Zeitstempel: 0x4fe31944 Name des fehlerhaften Moduls: aepack.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x5050b518 Ausnahmecode: 0xc0000005 Fehleroffset:
0x037037d4 ID des fehlerhaften Prozesses: 0x13ec Startzeit der fehlerhaften Anwendung:
0x01cd98bca88de599 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir
Desktop\update.exe Pfad des fehlerhaften Moduls: aepack.dll Berichtskennung: 56684367-04b0-11e2-b47c-20cf30bbd32d
[ System Events ]
Error - 09.09.2012 22:07:24 | Computer Name = Semmel3-PC | Source = DCOM | ID = 10010
Description =
Error - 16.09.2012 07:39:35 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description =
Error - 16.09.2012 07:54:35 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description =
Error - 18.09.2012 14:38:19 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description =
Error - 23.09.2012 06:48:24 | Computer Name = Semmel3-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.100 registriert werden. Der Computer mit IP-Adresse 192.168.2.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 24.09.2012 14:15:18 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description =
Error - 24.09.2012 15:42:35 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description =
Error - 26.09.2012 10:22:26 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description =
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description =
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
Geändert von semmel3 (28.09.2012 um 13:17 Uhr) |
|
28.09.2012, 13:17
| #2 | |
| /// TB-Ausbilder   |  Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Hinweis: Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. |
|
28.09.2012, 14:25
| #3 |
| | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Ok hab die datei wie beschreiben getestet dann reanalyse gemacht .
__________________Adresszeile hier: https://www.virustotal.com/file/aee44770e1712a51f621dc52eeac0b57d6618f53cc39edfc75074381fbe43b4c/analysis/1348838615/ |
|
28.09.2012, 14:31
| #4 |
| /// TB-Ausbilder | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Servus, Schritt 1
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
28.09.2012, 15:02
| #5 |
| | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Schritt 1 : Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.28.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Semmel3 :: SEMMEL3-PC [Administrator] 28.09.2012 15:34:08 mbam-log-2012-09-28 (15-34-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202476 Laufzeit: 6 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 20 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{8830ddf0-3042-404d-a62c-384a85e34833} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Semmel3\Downloads\Microsoft Office 2010.exe (Trojan.Hoaxsms) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Semmel3\Downloads\youtube-downloader_new.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Schritt 2 : Code:
ATTFilter # AdwCleaner v2.003 - Datei am 09/28/2012 um 15:42:10 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Semmel3 - SEMMEL3-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Semmel3\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\searchplugins\Plusnetwork.xml
Ordner Gefunden : C:\Users\Semmel3\AppData\LocalLow\bbrs_002.tb
Ordner Gefunden : C:\Users\Semmel3\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\Conduit
Ordner Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\ConduitCommon
Ordner Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\CT2653012
Ordner Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Ordner Gefunden : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchplusnetwork.com/?sp=vit4
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\prefs.js
Gefunden : user_pref("CT2653012..clientLogIsEnabled", true);
Gefunden : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2653012.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2653012.AppTrackingLastCheckTime", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gefunden : user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true);
Gefunden : user_pref("CT2653012.BrowserCompStateIsOpen_129653180391256971", true);
Gefunden : user_pref("CT2653012.CTID", "CT2653012");
Gefunden : user_pref("CT2653012.CurrentServerDate", "13-12-2011");
Gefunden : user_pref("CT2653012.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2653012.DialogsGetterLastCheckTime", "Sun Dec 11 2011 17:58:19 GMT+0100");
Gefunden : user_pref("CT2653012.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2653012.FirstServerDate", "12-4-2011");
Gefunden : user_pref("CT2653012.FirstTime", true);
Gefunden : user_pref("CT2653012.FirstTimeFF3", true);
Gefunden : user_pref("CT2653012.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2653012.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2653012.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2653012.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT2653012.Initialize", true);
Gefunden : user_pref("CT2653012.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2653012.InstalledDate", "Tue Apr 12 2011 22:50:49 GMT+0200");
Gefunden : user_pref("CT2653012.InvalidateCache", false);
Gefunden : user_pref("CT2653012.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2653012.IsGrouping", false);
Gefunden : user_pref("CT2653012.IsMulticommunity", false);
Gefunden : user_pref("CT2653012.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2653012.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2653012.LanguagePackLastCheckTime", "Mon Dec 12 2011 20:07:20 GMT+0100");
Gefunden : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2653012.LastLogin_2.7.1.3", "Sat Apr 30 2011 13:43:56 GMT+0200");
Gefunden : user_pref("CT2653012.LastLogin_3.3.3.2", "Thu Jun 30 2011 22:59:13 GMT+0200");
Gefunden : user_pref("CT2653012.LastLogin_3.6.0.10", "Tue Sep 27 2011 21:08:13 GMT+0200");
Gefunden : user_pref("CT2653012.LastLogin_3.7.0.6", "Tue Nov 08 2011 22:16:19 GMT+0100");
Gefunden : user_pref("CT2653012.LastLogin_3.8.0.8", "Mon Dec 05 2011 20:42:20 GMT+0100");
Gefunden : user_pref("CT2653012.LastLogin_3.8.1.0", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gefunden : user_pref("CT2653012.LatestVersion", "3.8.1.0");
Gefunden : user_pref("CT2653012.Locale", "en");
Gefunden : user_pref("CT2653012.LoginCache", 4);
Gefunden : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2653012.RadioIsPodcast", false);
Gefunden : user_pref("CT2653012.RadioLastCheckTime", "Tue Dec 13 2011 17:59:52 GMT+0100");
Gefunden : user_pref("CT2653012.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000");
Gefunden : user_pref("CT2653012.RadioMediaID", "21806912");
Gefunden : user_pref("CT2653012.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
Gefunden : user_pref("CT2653012.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
Gefunden : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Gefunden : user_pref("CT2653012.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2653012.SearchBoxWidth", 150);
Gefunden : user_pref("CT2653012.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2653012.SearchEngineBeforeUnload", "Yahoo");
Gefunden : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Gefunden : user_pref("CT2653012.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Mon Dec 12 2011 17:58:21 GMT+0100");
Gefunden : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2653012.SearchProtectorEnabled", false);
Gefunden : user_pref("CT2653012.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2653012.ServiceMapLastCheckTime", "Mon Dec 12 2011 21:17:48 GMT+0100");
Gefunden : user_pref("CT2653012.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2653012.SettingsLastCheckTime", "Tue Dec 13 2011 13:17:27 GMT+0100");
Gefunden : user_pref("CT2653012.SettingsLastUpdate", "1323706893");
Gefunden : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Thu Dec 08 2011 17:58:18 GMT+0100");
Gefunden : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1312887586");
Gefunden : user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Gefunden : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2653012.UserID", "UN98209596837378296");
Gefunden : user_pref("CT2653012.ValidationData_Search", 0);
Gefunden : user_pref("CT2653012.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2653012.alertChannelId", "1045667");
Gefunden : user_pref("CT2653012.backendstorage.cb_firstuse0100", "31");
Gefunden : user_pref("CT2653012.backendstorage.cbfirsttime", "576564204E6F7620303920323031312031383A32313A34342[...]
Gefunden : user_pref("CT2653012.backendstorage.ct2653012ads1", "25374225323261647325323225334125354225374225323[...]
Gefunden : user_pref("CT2653012.backendstorage.ct2653012current_term", "426C75652B466F756E646174696F6E2B2D2B457[...]
Gefunden : user_pref("CT2653012.backendstorage.ct2653012sdate", "3230");
Gefunden : user_pref("CT2653012.backendstorage.facebook_mode", "32");
Gefunden : user_pref("CT2653012.backendstorage.facebook_user_locale", "6465");
Gefunden : user_pref("CT2653012.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Gefunden : user_pref("CT2653012.backendstorage.url_history", "687474703A2F2F7777772E796F75747562652E636F6D2F776[...]
Gefunden : user_pref("CT2653012.backendstorage.url_history_time", "31333233383031343031313832");
Gefunden : user_pref("CT2653012.clientLogIsEnabled", false);
Gefunden : user_pref("CT2653012.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2653012.components.1000234", false);
Gefunden : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gefunden : user_pref("CT2653012.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2653012.initDone", true);
Gefunden : user_pref("CT2653012.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2653012.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2653012.myStuffEnabled", true);
Gefunden : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2653012.oldAppsList", "129199665576502590,129199665576658841,111,129518362214439676,129[...]
Gefunden : user_pref("CT2653012.revertSettingsEnabled", true);
Gefunden : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2653012.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2653012.testingCtid", "");
Gefunden : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Mon Dec 12 2011 21:17:48 GMT+0100");
Gefunden : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Mon Dec 05 2011 12:42:19 GMT+0100");
Gefunden : user_pref("CT2653012.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CT2653012.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2653012&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
Gefunden : user_pref("CommunityToolbar.EngineOwner", "");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "veoh_web_player");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", true);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Semmel3\\AppData\\Roaming\\Mozilla\[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2653012");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "veoh_web_player");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 07 2011 11:10:43 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 14:17:07 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 30 2011 14:16:59 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "{590a3c05-19db-4f14-a5dc-8babac194955}");
Gefunden : user_pref("CommunityToolbar.globalUserId", "3089e1ab-5016-420f-b8e3-8493fa09e5a9");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.killedEngine", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Dec 12 2011 14:33:3[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Dec 12 2011 17:58:30 GMT+010[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Dec 12 2011 21:17:49 GMT+0100");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "06737bc5-3fc2-42fc-9423-979089138e7d");
Gefunden : user_pref("CommunityToolbar.undefined", "");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.searchplusnetwork.com/?sp=vit4");
Gefunden : user_pref("keyword.URL", "hxxp://www.searchplusnetwork.com/?sp=vit4&q=");
*************************
AdwCleaner[R1].txt - [19227 octets] - [28/09/2012 15:42:10]
########## EOF - C:\AdwCleaner[R1].txt - [19288 octets] ##########
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-28 15:49:09
-----------------------------
15:49:09.545 OS Version: Windows x64 6.1.7601 Service Pack 1
15:49:09.545 Number of processors: 8 586 0x1E05
15:49:09.545 ComputerName: SEMMEL3-PC UserName: Semmel3
15:49:21.947 Initialize success
15:49:39.976 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:49:39.976 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
15:49:40.022 Disk 0 MBR read successfully
15:49:40.022 Disk 0 MBR scan
15:49:40.022 Disk 0 Windows 7 default MBR code
15:49:40.038 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:49:40.054 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907627 MB offset 206848
15:49:40.116 Disk 0 scanning C:\Windows\system32\drivers
15:49:50.240 Service scanning
15:50:06.449 Modules scanning
15:50:06.449 Disk 0 trace - called modules:
15:50:06.480 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:50:06.480 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007755790]
15:50:06.480 3 CLASSPNP.SYS[fffff8800182f43f] -> nt!IofCallDriver -> [0xfffffa800715a580]
15:50:06.496 5 ACPI.sys[fffff88000d587a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007168060]
15:50:06.496 Scan finished successfully
15:50:18.617 Disk 0 MBR has been saved successfully to "C:\Users\Semmel3\Desktop\MBR.dat"
15:50:18.617 The log file has been saved successfully to "C:\Users\Semmel3\Desktop\aswMBR.txt"
Code:
ATTFilter 15:52:10.0279 3276 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:52:10.0372 3276 ============================================================
15:52:10.0372 3276 Current date / time: 2012/09/28 15:52:10.0372
15:52:10.0372 3276 SystemInfo:
15:52:10.0372 3276
15:52:10.0372 3276 OS Version: 6.1.7601 ServicePack: 1.0
15:52:10.0372 3276 Product type: Workstation
15:52:10.0372 3276 ComputerName: SEMMEL3-PC
15:52:10.0372 3276 UserName: Semmel3
15:52:10.0372 3276 Windows directory: C:\Windows
15:52:10.0372 3276 System windows directory: C:\Windows
15:52:10.0372 3276 Running under WOW64
15:52:10.0372 3276 Processor architecture: Intel x64
15:52:10.0372 3276 Number of processors: 8
15:52:10.0372 3276 Page size: 0x1000
15:52:10.0372 3276 Boot type: Normal boot
15:52:10.0372 3276 ============================================================
15:52:12.0041 3276 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:52:12.0041 3276 ============================================================
15:52:12.0041 3276 \Device\Harddisk0\DR0:
15:52:12.0041 3276 MBR partitions:
15:52:12.0041 3276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:52:12.0041 3276 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
15:52:12.0041 3276 ============================================================
15:52:12.0088 3276 C: <-> \Device\Harddisk0\DR0\Partition2
15:52:12.0088 3276 ============================================================
15:52:12.0088 3276 Initialize success
15:52:12.0088 3276 ============================================================
15:52:17.0455 4452 ============================================================
15:52:17.0455 4452 Scan started
15:52:17.0455 4452 Mode: Manual;
15:52:17.0455 4452 ============================================================
15:52:21.0479 4452 ================ Scan system memory ========================
15:52:21.0479 4452 System memory - ok
15:52:21.0479 4452 ================ Scan services =============================
15:52:21.0667 4452 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:52:21.0667 4452 1394ohci - ok
15:52:21.0713 4452 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:52:21.0729 4452 ACPI - ok
15:52:21.0760 4452 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:52:21.0760 4452 AcpiPmi - ok
15:52:21.0869 4452 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:52:21.0869 4452 AdobeARMservice - ok
15:52:22.0103 4452 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:52:22.0119 4452 AdobeFlashPlayerUpdateSvc - ok
15:52:22.0150 4452 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:52:22.0150 4452 adp94xx - ok
15:52:22.0166 4452 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:52:22.0181 4452 adpahci - ok
15:52:22.0197 4452 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:52:22.0197 4452 adpu320 - ok
15:52:22.0213 4452 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:52:22.0213 4452 AeLookupSvc - ok
15:52:22.0259 4452 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:52:22.0259 4452 AFD - ok
15:52:22.0291 4452 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:52:22.0291 4452 agp440 - ok
15:52:22.0415 4452 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
15:52:22.0415 4452 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
15:52:22.0415 4452 Akamai ( HiddenFile.Multi.Generic ) - warning
15:52:22.0415 4452 Akamai - detected HiddenFile.Multi.Generic (1)
15:52:22.0431 4452 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:52:22.0447 4452 ALG - ok
15:52:22.0447 4452 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:52:22.0447 4452 aliide - ok
15:52:22.0493 4452 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:52:22.0493 4452 AMD External Events Utility - ok
15:52:22.0509 4452 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:52:22.0509 4452 amdide - ok
15:52:22.0509 4452 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:52:22.0509 4452 AmdK8 - ok
15:52:22.0649 4452 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:52:22.0774 4452 amdkmdag - ok
15:52:22.0790 4452 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:52:22.0790 4452 amdkmdap - ok
15:52:22.0805 4452 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:52:22.0805 4452 AmdPPM - ok
15:52:22.0821 4452 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:52:22.0821 4452 amdsata - ok
15:52:22.0821 4452 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:52:22.0837 4452 amdsbs - ok
15:52:22.0837 4452 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:52:22.0837 4452 amdxata - ok
15:52:22.0852 4452 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:52:22.0868 4452 AntiVirSchedulerService - ok
15:52:22.0883 4452 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:52:22.0899 4452 AntiVirService - ok
15:52:22.0946 4452 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:52:22.0946 4452 AppID - ok
15:52:22.0961 4452 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:52:22.0961 4452 AppIDSvc - ok
15:52:23.0024 4452 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:52:23.0039 4452 Appinfo - ok
15:52:23.0055 4452 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:52:23.0071 4452 Apple Mobile Device - ok
15:52:23.0086 4452 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:52:23.0086 4452 arc - ok
15:52:23.0102 4452 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:52:23.0102 4452 arcsas - ok
15:52:23.0133 4452 aspnet_state - ok
15:52:23.0164 4452 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:52:23.0164 4452 AsyncMac - ok
15:52:23.0164 4452 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:52:23.0164 4452 atapi - ok
15:52:23.0211 4452 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:52:23.0211 4452 AtiHDAudioService - ok
15:52:23.0258 4452 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:52:23.0273 4452 AudioEndpointBuilder - ok
15:52:23.0289 4452 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:52:23.0289 4452 AudioSrv - ok
15:52:23.0367 4452 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:52:23.0367 4452 avgntflt - ok
15:52:23.0414 4452 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:52:23.0414 4452 avipbb - ok
15:52:23.0429 4452 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:52:23.0429 4452 avkmgr - ok
15:52:23.0461 4452 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:52:23.0461 4452 AxInstSV - ok
15:52:23.0476 4452 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:52:23.0492 4452 b06bdrv - ok
15:52:23.0539 4452 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:52:23.0539 4452 b57nd60a - ok
15:52:23.0585 4452 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:52:23.0585 4452 BDESVC - ok
15:52:23.0632 4452 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:52:23.0632 4452 Beep - ok
15:52:23.0695 4452 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:52:23.0710 4452 BFE - ok
15:52:23.0757 4452 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:52:23.0757 4452 BITS - ok
15:52:23.0788 4452 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:52:23.0788 4452 blbdrive - ok
15:52:23.0835 4452 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:52:23.0835 4452 Bonjour Service - ok
15:52:23.0882 4452 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:52:23.0882 4452 bowser - ok
15:52:23.0897 4452 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:52:23.0897 4452 BrFiltLo - ok
15:52:23.0897 4452 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:52:23.0897 4452 BrFiltUp - ok
15:52:23.0944 4452 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:52:23.0944 4452 Browser - ok
15:52:23.0975 4452 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:52:23.0975 4452 Brserid - ok
15:52:23.0975 4452 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:52:23.0991 4452 BrSerWdm - ok
15:52:23.0991 4452 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:52:23.0991 4452 BrUsbMdm - ok
15:52:24.0007 4452 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:52:24.0007 4452 BrUsbSer - ok
15:52:24.0022 4452 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:52:24.0022 4452 BTHMODEM - ok
15:52:24.0038 4452 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:52:24.0038 4452 bthserv - ok
15:52:24.0053 4452 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:52:24.0053 4452 cdfs - ok
15:52:24.0069 4452 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:52:24.0069 4452 cdrom - ok
15:52:24.0100 4452 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:52:24.0100 4452 CertPropSvc - ok
15:52:24.0116 4452 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:52:24.0116 4452 circlass - ok
15:52:24.0131 4452 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:52:24.0147 4452 CLFS - ok
15:52:24.0163 4452 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:52:24.0178 4452 clr_optimization_v2.0.50727_32 - ok
15:52:24.0225 4452 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:52:24.0225 4452 clr_optimization_v2.0.50727_64 - ok
15:52:24.0303 4452 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:52:24.0334 4452 clr_optimization_v4.0.30319_32 - ok
15:52:24.0365 4452 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:52:24.0365 4452 clr_optimization_v4.0.30319_64 - ok
15:52:24.0365 4452 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:52:24.0365 4452 CmBatt - ok
15:52:24.0397 4452 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:52:24.0397 4452 cmdide - ok
15:52:24.0459 4452 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:52:24.0459 4452 CNG - ok
15:52:24.0475 4452 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:52:24.0475 4452 Compbatt - ok
15:52:24.0506 4452 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:52:24.0506 4452 CompositeBus - ok
15:52:24.0506 4452 COMSysApp - ok
15:52:24.0521 4452 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:52:24.0521 4452 crcdisk - ok
15:52:24.0553 4452 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:52:24.0553 4452 CryptSvc - ok
15:52:24.0599 4452 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:52:24.0599 4452 DcomLaunch - ok
15:52:24.0615 4452 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:52:24.0615 4452 defragsvc - ok
15:52:24.0646 4452 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:52:24.0646 4452 DfsC - ok
15:52:24.0677 4452 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:52:24.0693 4452 Dhcp - ok
15:52:24.0709 4452 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:52:24.0709 4452 discache - ok
15:52:24.0724 4452 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:52:24.0724 4452 Disk - ok
15:52:24.0740 4452 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:52:24.0740 4452 Dnscache - ok
15:52:24.0771 4452 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:52:24.0787 4452 dot3svc - ok
15:52:24.0802 4452 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:52:24.0818 4452 DPS - ok
15:52:24.0849 4452 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:52:24.0849 4452 drmkaud - ok
15:52:24.0896 4452 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:52:24.0896 4452 dtsoftbus01 - ok
15:52:24.0927 4452 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:52:24.0943 4452 DXGKrnl - ok
15:52:24.0958 4452 EagleX64 - ok
15:52:24.0989 4452 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:52:24.0989 4452 EapHost - ok
15:52:25.0052 4452 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:52:25.0099 4452 ebdrv - ok
15:52:25.0145 4452 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:52:25.0145 4452 EFS - ok
15:52:25.0177 4452 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:52:25.0192 4452 ehRecvr - ok
15:52:25.0223 4452 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:52:25.0223 4452 ehSched - ok
15:52:25.0239 4452 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:52:25.0239 4452 elxstor - ok
15:52:25.0286 4452 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:52:25.0286 4452 ErrDev - ok
15:52:25.0301 4452 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:52:25.0301 4452 EventSystem - ok
15:52:25.0317 4452 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:52:25.0317 4452 exfat - ok
15:52:25.0333 4452 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:52:25.0333 4452 fastfat - ok
15:52:25.0379 4452 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:52:25.0379 4452 Fax - ok
15:52:25.0395 4452 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:52:25.0395 4452 fdc - ok
15:52:25.0411 4452 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:52:25.0411 4452 fdPHost - ok
15:52:25.0426 4452 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:52:25.0426 4452 FDResPub - ok
15:52:25.0442 4452 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:52:25.0442 4452 FileInfo - ok
15:52:25.0457 4452 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:52:25.0457 4452 Filetrace - ok
15:52:25.0457 4452 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:25.0457 4452 flpydisk - ok
15:52:25.0504 4452 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:52:25.0504 4452 FltMgr - ok
15:52:25.0535 4452 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:52:25.0551 4452 FontCache - ok
15:52:25.0598 4452 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:52:25.0598 4452 FontCache3.0.0.0 - ok
15:52:25.0629 4452 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:52:25.0629 4452 FsDepends - ok
15:52:25.0645 4452 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:52:25.0645 4452 Fs_Rec - ok
15:52:25.0676 4452 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:52:25.0676 4452 fvevol - ok
15:52:25.0691 4452 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:52:25.0691 4452 gagp30kx - ok
15:52:25.0707 4452 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:52:25.0707 4452 GEARAspiWDM - ok
15:52:25.0754 4452 [ 79C65AC6B3274C0712B3CEDB99B9BE0B ] Gizmo Central C:\Program Files (x86)\Gizmo\gservice.exe
15:52:25.0754 4452 Gizmo Central - ok
15:52:25.0785 4452 [ EE8829B623542D8ADC4DBA65A1133741 ] GizmoDrv C:\Windows\system32\drivers\GizmoDrv.sys
15:52:25.0785 4452 GizmoDrv - ok
15:52:25.0832 4452 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:52:25.0847 4452 gpsvc - ok
15:52:25.0863 4452 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
15:52:25.0863 4452 hamachi - ok
15:52:25.0972 4452 [ 5F2E60AF81607A4AEDAA3801C843A51F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:52:26.0035 4452 Hamachi2Svc - ok
15:52:26.0050 4452 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:52:26.0050 4452 hcw85cir - ok
15:52:26.0081 4452 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:52:26.0081 4452 HdAudAddService - ok
15:52:26.0097 4452 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:52:26.0097 4452 HDAudBus - ok
15:52:26.0113 4452 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:52:26.0128 4452 HECIx64 - ok
15:52:26.0128 4452 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:52:26.0128 4452 HidBatt - ok
15:52:26.0128 4452 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:52:26.0128 4452 HidBth - ok
15:52:26.0144 4452 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:52:26.0144 4452 HidIr - ok
15:52:26.0159 4452 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:52:26.0159 4452 hidserv - ok
15:52:26.0175 4452 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:52:26.0175 4452 HidUsb - ok
15:52:26.0191 4452 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:52:26.0191 4452 hkmsvc - ok
15:52:26.0222 4452 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:52:26.0237 4452 HomeGroupListener - ok
15:52:26.0253 4452 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:52:26.0253 4452 HomeGroupProvider - ok
15:52:26.0269 4452 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:52:26.0269 4452 HpSAMD - ok
15:52:26.0315 4452 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:52:26.0315 4452 HTTP - ok
15:52:26.0347 4452 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:52:26.0347 4452 hwpolicy - ok
15:52:26.0378 4452 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:52:26.0393 4452 i8042prt - ok
15:52:26.0409 4452 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:52:26.0425 4452 iaStorV - ok
15:52:26.0471 4452 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:52:26.0471 4452 IDriverT - ok
15:52:26.0534 4452 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:52:26.0565 4452 idsvc - ok
15:52:26.0612 4452 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:52:26.0612 4452 iirsp - ok
15:52:26.0627 4452 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:52:26.0643 4452 IKEEXT - ok
15:52:26.0659 4452 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:52:26.0659 4452 intelide - ok
15:52:26.0674 4452 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:52:26.0674 4452 intelppm - ok
15:52:26.0674 4452 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:52:26.0690 4452 IPBusEnum - ok
15:52:26.0705 4452 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:26.0705 4452 IpFilterDriver - ok
15:52:26.0737 4452 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:52:26.0737 4452 iphlpsvc - ok
15:52:26.0752 4452 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:52:26.0752 4452 IPMIDRV - ok
15:52:26.0783 4452 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:52:26.0783 4452 IPNAT - ok
15:52:26.0830 4452 [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:52:26.0861 4452 iPod Service - ok
15:52:26.0893 4452 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:52:26.0893 4452 IRENUM - ok
15:52:26.0908 4452 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:52:26.0908 4452 isapnp - ok
15:52:26.0924 4452 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:52:26.0924 4452 iScsiPrt - ok
15:52:26.0955 4452 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:52:26.0955 4452 kbdclass - ok
15:52:26.0955 4452 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:52:26.0955 4452 kbdhid - ok
15:52:26.0971 4452 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:52:26.0986 4452 KeyIso - ok
15:52:27.0017 4452 [ B3F33EAD5E5AD0704C4AE8D9CB2D4A2E ] KORGUMDS C:\Windows\system32\Drivers\KORGUM64.SYS
15:52:27.0017 4452 KORGUMDS - ok
15:52:27.0049 4452 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:52:27.0049 4452 KSecDD - ok
15:52:27.0080 4452 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:52:27.0080 4452 KSecPkg - ok
15:52:27.0095 4452 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:52:27.0095 4452 ksthunk - ok
15:52:27.0127 4452 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:52:27.0127 4452 KtmRm - ok
15:52:27.0220 4452 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:52:27.0220 4452 LanmanServer - ok
15:52:27.0267 4452 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:52:27.0267 4452 LanmanWorkstation - ok
15:52:27.0283 4452 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:52:27.0283 4452 lltdio - ok
15:52:27.0298 4452 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:52:27.0314 4452 lltdsvc - ok
15:52:27.0314 4452 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:52:27.0314 4452 lmhosts - ok
15:52:27.0361 4452 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:52:27.0376 4452 LMS - ok
15:52:27.0392 4452 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:52:27.0392 4452 LSI_FC - ok
15:52:27.0423 4452 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:52:27.0423 4452 LSI_SAS - ok
15:52:27.0423 4452 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:52:27.0423 4452 LSI_SAS2 - ok
15:52:27.0439 4452 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:52:27.0439 4452 LSI_SCSI - ok
15:52:27.0454 4452 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:52:27.0454 4452 luafv - ok
15:52:27.0485 4452 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:52:27.0485 4452 Mcx2Svc - ok
15:52:27.0517 4452 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:52:27.0517 4452 megasas - ok
15:52:27.0517 4452 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:52:27.0517 4452 MegaSR - ok
15:52:27.0548 4452 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:52:27.0548 4452 MMCSS - ok
15:52:27.0563 4452 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:52:27.0563 4452 Modem - ok
15:52:27.0579 4452 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:52:27.0595 4452 monitor - ok
15:52:27.0626 4452 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:52:27.0626 4452 mouclass - ok
15:52:27.0626 4452 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:52:27.0626 4452 mouhid - ok
15:52:27.0657 4452 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:52:27.0657 4452 mountmgr - ok
15:52:27.0704 4452 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:52:27.0719 4452 MozillaMaintenance - ok
15:52:27.0719 4452 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:52:27.0735 4452 mpio - ok
15:52:27.0735 4452 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:52:27.0735 4452 mpsdrv - ok
15:52:27.0782 4452 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:52:27.0797 4452 MpsSvc - ok
15:52:27.0875 4452 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:52:27.0875 4452 MRxDAV - ok
15:52:27.0907 4452 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:52:27.0907 4452 mrxsmb - ok
15:52:27.0938 4452 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:52:27.0938 4452 mrxsmb10 - ok
15:52:27.0953 4452 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:52:27.0953 4452 mrxsmb20 - ok
15:52:27.0969 4452 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:52:27.0969 4452 msahci - ok
15:52:28.0000 4452 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:52:28.0000 4452 msdsm - ok
15:52:28.0016 4452 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:52:28.0031 4452 MSDTC - ok
15:52:28.0047 4452 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:52:28.0047 4452 Msfs - ok
15:52:28.0063 4452 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:52:28.0063 4452 mshidkmdf - ok
15:52:28.0063 4452 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:52:28.0063 4452 msisadrv - ok
15:52:28.0094 4452 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:52:28.0094 4452 MSiSCSI - ok
15:52:28.0094 4452 msiserver - ok
15:52:28.0109 4452 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:52:28.0109 4452 MSKSSRV - ok
15:52:28.0125 4452 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:52:28.0125 4452 MSPCLOCK - ok
15:52:28.0125 4452 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:52:28.0125 4452 MSPQM - ok
15:52:28.0156 4452 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:52:28.0156 4452 MsRPC - ok
15:52:28.0187 4452 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:52:28.0187 4452 mssmbios - ok
15:52:28.0203 4452 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:52:28.0203 4452 MSTEE - ok
15:52:28.0219 4452 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:52:28.0219 4452 MTConfig - ok
15:52:28.0234 4452 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
15:52:28.0234 4452 MTsensor - ok
15:52:28.0250 4452 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:52:28.0250 4452 Mup - ok
15:52:28.0297 4452 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:52:28.0297 4452 napagent - ok
15:52:28.0328 4452 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:52:28.0328 4452 NativeWifiP - ok
15:52:28.0375 4452 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:52:28.0390 4452 NDIS - ok
15:52:28.0406 4452 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:52:28.0406 4452 NdisCap - ok
15:52:28.0406 4452 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:52:28.0406 4452 NdisTapi - ok
15:52:28.0437 4452 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:52:28.0437 4452 Ndisuio - ok
15:52:28.0468 4452 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:52:28.0468 4452 NdisWan - ok
15:52:28.0499 4452 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:52:28.0499 4452 NDProxy - ok
15:52:28.0531 4452 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:52:28.0531 4452 NetBIOS - ok
15:52:28.0562 4452 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:52:28.0562 4452 NetBT - ok
15:52:28.0577 4452 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:52:28.0577 4452 Netlogon - ok
15:52:28.0593 4452 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:52:28.0609 4452 Netman - ok
15:52:28.0624 4452 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:52:28.0640 4452 netprofm - ok
15:52:28.0671 4452 [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
15:52:28.0671 4452 netr7364 - ok
15:52:28.0687 4452 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:52:28.0702 4452 NetTcpPortSharing - ok
15:52:28.0733 4452 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:52:28.0733 4452 nfrd960 - ok
15:52:28.0765 4452 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:52:28.0780 4452 NlaSvc - ok
15:52:28.0780 4452 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:52:28.0780 4452 Npfs - ok
15:52:28.0811 4452 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:52:28.0811 4452 nsi - ok
15:52:28.0827 4452 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:52:28.0827 4452 nsiproxy - ok
15:52:28.0874 4452 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:52:28.0889 4452 Ntfs - ok
15:52:28.0905 4452 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:52:28.0905 4452 Null - ok
15:52:28.0952 4452 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:52:28.0952 4452 nvraid - ok
15:52:28.0967 4452 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:52:28.0967 4452 nvstor - ok
15:52:28.0983 4452 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:52:28.0983 4452 nv_agp - ok
15:52:28.0999 4452 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:52:28.0999 4452 ohci1394 - ok
15:52:29.0077 4452 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:52:29.0092 4452 ose - ok
15:52:29.0186 4452 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:52:29.0311 4452 osppsvc - ok
15:52:29.0326 4452 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:52:29.0326 4452 p2pimsvc - ok
15:52:29.0357 4452 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:52:29.0357 4452 p2psvc - ok
15:52:29.0373 4452 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:52:29.0373 4452 Parport - ok
15:52:29.0404 4452 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:52:29.0404 4452 partmgr - ok
15:52:29.0420 4452 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:52:29.0420 4452 PcaSvc - ok
15:52:29.0435 4452 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:52:29.0435 4452 pci - ok
15:52:29.0451 4452 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:52:29.0451 4452 pciide - ok
15:52:29.0482 4452 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:52:29.0482 4452 pcmcia - ok
15:52:29.0482 4452 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:52:29.0482 4452 pcw - ok
15:52:29.0513 4452 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:52:29.0513 4452 PEAUTH - ok
15:52:29.0607 4452 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:52:29.0607 4452 PerfHost - ok
15:52:29.0638 4452 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:52:29.0685 4452 pla - ok
15:52:29.0732 4452 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:52:29.0747 4452 PlugPlay - ok
15:52:29.0763 4452 PnkBstrA - ok
15:52:29.0779 4452 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:52:29.0794 4452 PNRPAutoReg - ok
15:52:29.0794 4452 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:52:29.0794 4452 PNRPsvc - ok
15:52:29.0841 4452 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:52:29.0841 4452 PolicyAgent - ok
15:52:29.0872 4452 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:52:29.0872 4452 Power - ok
15:52:29.0903 4452 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:52:29.0903 4452 PptpMiniport - ok
15:52:29.0903 4452 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:52:29.0903 4452 Processor - ok
15:52:29.0935 4452 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:52:29.0950 4452 ProfSvc - ok
15:52:29.0950 4452 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:52:29.0950 4452 ProtectedStorage - ok
15:52:29.0997 4452 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:52:29.0997 4452 Psched - ok
15:52:30.0044 4452 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:52:30.0044 4452 ql2300 - ok
15:52:30.0059 4452 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:52:30.0059 4452 ql40xx - ok
15:52:30.0075 4452 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:52:30.0075 4452 QWAVE - ok
15:52:30.0091 4452 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:52:30.0091 4452 QWAVEdrv - ok
15:52:30.0106 4452 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:52:30.0106 4452 RasAcd - ok
15:52:30.0137 4452 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:52:30.0137 4452 RasAgileVpn - ok
15:52:30.0153 4452 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:52:30.0153 4452 RasAuto - ok
15:52:30.0184 4452 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:30.0184 4452 Rasl2tp - ok
15:52:30.0215 4452 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:52:30.0215 4452 RasMan - ok
15:52:30.0215 4452 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:30.0215 4452 RasPppoe - ok
15:52:30.0247 4452 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:52:30.0247 4452 RasSstp - ok
15:52:30.0262 4452 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:52:30.0262 4452 rdbss - ok
15:52:30.0262 4452 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:52:30.0278 4452 rdpbus - ok
15:52:30.0293 4452 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:30.0293 4452 RDPCDD - ok
15:52:30.0309 4452 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:52:30.0309 4452 RDPENCDD - ok
15:52:30.0309 4452 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:52:30.0309 4452 RDPREFMP - ok
15:52:30.0340 4452 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:52:30.0340 4452 RDPWD - ok
15:52:30.0403 4452 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:52:30.0403 4452 rdyboost - ok
15:52:30.0418 4452 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:52:30.0434 4452 RemoteAccess - ok
15:52:30.0434 4452 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:52:30.0449 4452 RemoteRegistry - ok
15:52:30.0496 4452 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
15:52:30.0496 4452 RMCAST - ok
15:52:30.0512 4452 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:52:30.0512 4452 RpcEptMapper - ok
15:52:30.0527 4452 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:52:30.0527 4452 RpcLocator - ok
15:52:30.0574 4452 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:52:30.0574 4452 RpcSs - ok
15:52:30.0590 4452 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:52:30.0605 4452 RTL8167 - ok
15:52:30.0605 4452 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:52:30.0605 4452 SamSs - ok
15:52:30.0637 4452 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:52:30.0637 4452 sbp2port - ok
15:52:30.0652 4452 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:52:30.0668 4452 SCardSvr - ok
15:52:30.0699 4452 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:52:30.0699 4452 scfilter - ok
15:52:30.0746 4452 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:52:30.0777 4452 Schedule - ok
15:52:30.0808 4452 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:52:30.0808 4452 SCPolicySvc - ok
15:52:30.0839 4452 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:52:30.0839 4452 SDRSVC - ok
15:52:30.0855 4452 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:52:30.0855 4452 secdrv - ok
15:52:30.0871 4452 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:52:30.0886 4452 seclogon - ok
15:52:30.0902 4452 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:52:30.0902 4452 SENS - ok
15:52:30.0917 4452 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:52:30.0917 4452 SensrSvc - ok
15:52:30.0949 4452 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:52:30.0949 4452 Serenum - ok
15:52:30.0964 4452 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:52:30.0964 4452 Serial - ok
15:52:30.0980 4452 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:52:30.0980 4452 sermouse - ok
15:52:31.0011 4452 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:52:31.0027 4452 SessionEnv - ok
15:52:31.0042 4452 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:52:31.0042 4452 sffdisk - ok
15:52:31.0058 4452 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:52:31.0058 4452 sffp_mmc - ok
15:52:31.0058 4452 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:52:31.0058 4452 sffp_sd - ok
15:52:31.0073 4452 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:52:31.0073 4452 sfloppy - ok
15:52:31.0089 4452 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:52:31.0105 4452 SharedAccess - ok
15:52:31.0120 4452 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:52:31.0136 4452 ShellHWDetection - ok
15:52:31.0151 4452 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:52:31.0151 4452 SiSRaid2 - ok
15:52:31.0151 4452 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:52:31.0151 4452 SiSRaid4 - ok
15:52:31.0167 4452 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:52:31.0167 4452 Smb - ok
15:52:31.0183 4452 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:52:31.0198 4452 SNMPTRAP - ok
15:52:31.0198 4452 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:52:31.0198 4452 spldr - ok
15:52:31.0245 4452 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:52:31.0245 4452 Spooler - ok
15:52:31.0307 4452 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:52:31.0354 4452 sppsvc - ok
15:52:31.0401 4452 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:52:31.0401 4452 sppuinotify - ok
15:52:31.0448 4452 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:52:31.0448 4452 srv - ok
15:52:31.0463 4452 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:52:31.0463 4452 srv2 - ok
15:52:31.0495 4452 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:52:31.0495 4452 srvnet - ok
15:52:31.0495 4452 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:52:31.0510 4452 SSDPSRV - ok
15:52:31.0510 4452 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:52:31.0526 4452 SstpSvc - ok
15:52:31.0541 4452 Steam Client Service - ok
15:52:31.0557 4452 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:52:31.0557 4452 stexstor - ok
15:52:31.0604 4452 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:52:31.0604 4452 stisvc - ok
15:52:31.0635 4452 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:52:31.0635 4452 swenum - ok
15:52:31.0651 4452 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:52:31.0666 4452 swprv - ok
15:52:31.0713 4452 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:52:31.0729 4452 SysMain - ok
15:52:31.0760 4452 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:52:31.0760 4452 TabletInputService - ok
15:52:31.0791 4452 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:52:31.0807 4452 TapiSrv - ok
15:52:31.0822 4452 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:52:31.0822 4452 TBS - ok
15:52:31.0885 4452 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:52:31.0900 4452 Tcpip - ok
15:52:31.0931 4452 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:52:31.0947 4452 TCPIP6 - ok
15:52:31.0978 4452 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:52:31.0978 4452 tcpipreg - ok
15:52:31.0994 4452 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:52:31.0994 4452 TDPIPE - ok
15:52:32.0025 4452 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:52:32.0025 4452 TDTCP - ok
15:52:32.0056 4452 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:52:32.0056 4452 tdx - ok
15:52:32.0072 4452 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:52:32.0072 4452 TermDD - ok
15:52:32.0103 4452 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:52:32.0119 4452 TermService - ok
15:52:32.0134 4452 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:52:32.0150 4452 Themes - ok
15:52:32.0165 4452 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:52:32.0165 4452 THREADORDER - ok
15:52:32.0181 4452 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:52:32.0181 4452 TrkWks - ok
15:52:32.0228 4452 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:52:32.0228 4452 TrustedInstaller - ok
15:52:32.0259 4452 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:32.0259 4452 tssecsrv - ok
15:52:32.0275 4452 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:52:32.0275 4452 TsUsbFlt - ok
15:52:32.0306 4452 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:52:32.0306 4452 tunnel - ok
15:52:32.0321 4452 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:52:32.0321 4452 uagp35 - ok
15:52:32.0353 4452 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:52:32.0353 4452 udfs - ok
15:52:32.0368 4452 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:52:32.0368 4452 UI0Detect - ok
15:52:32.0399 4452 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:52:32.0399 4452 uliagpkx - ok
15:52:32.0446 4452 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:52:32.0446 4452 umbus - ok
15:52:32.0462 4452 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:52:32.0462 4452 UmPass - ok
15:52:32.0571 4452 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:52:32.0602 4452 UNS - ok
15:52:32.0633 4452 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:52:32.0633 4452 upnphost - ok
15:52:32.0665 4452 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:52:32.0665 4452 USBAAPL64 - ok
15:52:32.0727 4452 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:52:32.0727 4452 usbaudio - ok
15:52:32.0743 4452 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:32.0743 4452 usbccgp - ok
15:52:32.0774 4452 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:52:32.0774 4452 usbcir - ok
15:52:32.0789 4452 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:52:32.0789 4452 usbehci - ok
15:52:32.0789 4452 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:52:32.0789 4452 usbhub - ok
15:52:32.0805 4452 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:52:32.0805 4452 usbohci - ok
15:52:32.0836 4452 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:52:32.0836 4452 usbprint - ok
15:52:32.0867 4452 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:52:32.0867 4452 usbscan - ok
15:52:32.0867 4452 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:32.0867 4452 USBSTOR - ok
15:52:32.0883 4452 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:52:32.0883 4452 usbuhci - ok
15:52:32.0899 4452 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:52:32.0914 4452 UxSms - ok
15:52:32.0914 4452 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:52:32.0914 4452 VaultSvc - ok
15:52:32.0945 4452 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:52:32.0945 4452 vdrvroot - ok
15:52:32.0977 4452 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:52:32.0992 4452 vds - ok
15:52:33.0008 4452 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:33.0008 4452 vga - ok
15:52:33.0023 4452 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:52:33.0023 4452 VgaSave - ok
15:52:33.0039 4452 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:52:33.0039 4452 vhdmp - ok
15:52:33.0070 4452 [ 712BFD5DAC2668FBA4A2435FB06C3D00 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
15:52:33.0086 4452 VIAHdAudAddService - ok
15:52:33.0101 4452 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:52:33.0101 4452 viaide - ok
15:52:33.0117 4452 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:52:33.0117 4452 volmgr - ok
15:52:33.0148 4452 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:52:33.0148 4452 volmgrx - ok
15:52:33.0164 4452 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:52:33.0164 4452 volsnap - ok
15:52:33.0179 4452 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:52:33.0195 4452 vsmraid - ok
15:52:33.0226 4452 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:52:33.0257 4452 VSS - ok
15:52:33.0273 4452 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:52:33.0273 4452 vwifibus - ok
15:52:33.0304 4452 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:52:33.0304 4452 vwififlt - ok
15:52:33.0335 4452 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:52:33.0335 4452 W32Time - ok
15:52:33.0351 4452 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:52:33.0351 4452 WacomPen - ok
15:52:33.0382 4452 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:52:33.0382 4452 WANARP - ok
15:52:33.0382 4452 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:52:33.0382 4452 Wanarpv6 - ok
15:52:33.0429 4452 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:52:33.0460 4452 wbengine - ok
15:52:33.0491 4452 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:52:33.0491 4452 WbioSrvc - ok
15:52:33.0523 4452 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:52:33.0523 4452 wcncsvc - ok
15:52:33.0538 4452 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:52:33.0554 4452 WcsPlugInService - ok
15:52:33.0554 4452 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:52:33.0554 4452 Wd - ok
15:52:33.0569 4452 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:52:33.0569 4452 Wdf01000 - ok
15:52:33.0585 4452 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:52:33.0601 4452 WdiServiceHost - ok
15:52:33.0601 4452 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:52:33.0601 4452 WdiSystemHost - ok
15:52:33.0616 4452 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:52:33.0632 4452 WebClient - ok
15:52:33.0647 4452 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:52:33.0663 4452 Wecsvc - ok
15:52:33.0663 4452 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:52:33.0679 4452 wercplsupport - ok
15:52:33.0694 4452 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:52:33.0710 4452 WerSvc - ok
15:52:33.0710 4452 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:52:33.0710 4452 WfpLwf - ok
15:52:33.0710 4452 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:52:33.0710 4452 WIMMount - ok
15:52:33.0725 4452 WinDefend - ok
15:52:33.0725 4452 WinHttpAutoProxySvc - ok
15:52:33.0757 4452 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
|
|
28.09.2012, 15:06
| #6 |
| | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? und Der rest da es auf einmal zuviele Zeichen waren ! Code:
ATTFilter 15:52:33.0772 4452 Winmgmt - ok
15:52:33.0803 4452 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:52:33.0835 4452 WinRM - ok
15:52:33.0897 4452 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:52:33.0897 4452 WinUsb - ok
15:52:33.0913 4452 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:52:33.0928 4452 Wlansvc - ok
15:52:34.0069 4452 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:52:34.0131 4452 wlidsvc - ok
15:52:34.0162 4452 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:52:34.0162 4452 WmiAcpi - ok
15:52:34.0178 4452 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:52:34.0178 4452 wmiApSrv - ok
15:52:34.0193 4452 WMPNetworkSvc - ok
15:52:34.0209 4452 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:52:34.0209 4452 WPCSvc - ok
15:52:34.0240 4452 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:52:34.0240 4452 WPDBusEnum - ok
15:52:34.0256 4452 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:52:34.0256 4452 ws2ifsl - ok
15:52:34.0271 4452 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:52:34.0271 4452 wscsvc - ok
15:52:34.0287 4452 WSearch - ok
15:52:34.0334 4452 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:52:34.0381 4452 wuauserv - ok
15:52:34.0396 4452 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:52:34.0396 4452 WudfPf - ok
15:52:34.0427 4452 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:34.0427 4452 WUDFRd - ok
15:52:34.0474 4452 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:52:34.0474 4452 wudfsvc - ok
15:52:34.0490 4452 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:52:34.0505 4452 WwanSvc - ok
15:52:34.0521 4452 ================ Scan global ===============================
15:52:34.0552 4452 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:52:34.0583 4452 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:52:34.0599 4452 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:52:34.0615 4452 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:52:34.0630 4452 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:52:34.0646 4452 [Global] - ok
15:52:34.0646 4452 ================ Scan MBR ==================================
15:52:34.0677 4452 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:52:34.0833 4452 \Device\Harddisk0\DR0 - ok
15:52:34.0833 4452 ================ Scan VBR ==================================
15:52:34.0833 4452 [ C32475F7D1D17D275470482CF864CC33 ] \Device\Harddisk0\DR0\Partition1
15:52:34.0833 4452 \Device\Harddisk0\DR0\Partition1 - ok
15:52:34.0849 4452 [ ED6D8A059DE64F9F9F03396467F7B8D1 ] \Device\Harddisk0\DR0\Partition2
15:52:34.0849 4452 \Device\Harddisk0\DR0\Partition2 - ok
15:52:34.0849 4452 ============================================================
15:52:34.0849 4452 Scan finished
15:52:34.0849 4452 ============================================================
15:52:34.0849 3400 Detected object count: 1
15:52:34.0849 3400 Actual detected object count: 1
15:52:41.0853 3400 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:52:41.0853 3400 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
15:53:21.0524 0904 ============================================================
15:53:21.0524 0904 Scan started
15:53:21.0524 0904 Mode: Manual;
15:53:21.0524 0904 ============================================================
15:53:22.0444 0904 ================ Scan system memory ========================
15:53:22.0444 0904 System memory - ok
15:53:22.0444 0904 ================ Scan services =============================
15:53:22.0569 0904 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:53:22.0569 0904 1394ohci - ok
15:53:22.0585 0904 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:53:22.0585 0904 ACPI - ok
15:53:22.0600 0904 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:53:22.0600 0904 AcpiPmi - ok
15:53:22.0647 0904 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:53:22.0647 0904 AdobeARMservice - ok
15:53:22.0866 0904 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:53:22.0866 0904 AdobeFlashPlayerUpdateSvc - ok
15:53:22.0897 0904 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:53:22.0897 0904 adp94xx - ok
15:53:22.0912 0904 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:53:22.0912 0904 adpahci - ok
15:53:22.0928 0904 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:53:22.0928 0904 adpu320 - ok
15:53:22.0944 0904 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:53:22.0944 0904 AeLookupSvc - ok
15:53:23.0006 0904 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:53:23.0006 0904 AFD - ok
15:53:23.0037 0904 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:53:23.0037 0904 agp440 - ok
15:53:23.0162 0904 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
15:53:23.0162 0904 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
15:53:23.0162 0904 Akamai ( HiddenFile.Multi.Generic ) - warning
15:53:23.0162 0904 Akamai - detected HiddenFile.Multi.Generic (1)
15:53:23.0178 0904 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:53:23.0178 0904 ALG - ok
15:53:23.0193 0904 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:53:23.0193 0904 aliide - ok
15:53:23.0224 0904 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:53:23.0224 0904 AMD External Events Utility - ok
15:53:23.0240 0904 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:53:23.0240 0904 amdide - ok
15:53:23.0256 0904 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:53:23.0256 0904 AmdK8 - ok
15:53:23.0396 0904 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:53:23.0427 0904 amdkmdag - ok
15:53:23.0458 0904 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:53:23.0458 0904 amdkmdap - ok
15:53:23.0474 0904 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:53:23.0474 0904 AmdPPM - ok
15:53:23.0490 0904 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:53:23.0490 0904 amdsata - ok
15:53:23.0505 0904 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:53:23.0505 0904 amdsbs - ok
15:53:23.0505 0904 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:53:23.0505 0904 amdxata - ok
15:53:23.0552 0904 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:53:23.0552 0904 AntiVirSchedulerService - ok
15:53:23.0552 0904 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:53:23.0552 0904 AntiVirService - ok
15:53:23.0599 0904 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:53:23.0599 0904 AppID - ok
15:53:23.0614 0904 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:53:23.0614 0904 AppIDSvc - ok
15:53:23.0646 0904 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:53:23.0646 0904 Appinfo - ok
15:53:23.0677 0904 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:53:23.0677 0904 Apple Mobile Device - ok
15:53:23.0692 0904 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:53:23.0692 0904 arc - ok
15:53:23.0708 0904 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:53:23.0708 0904 arcsas - ok
15:53:23.0739 0904 aspnet_state - ok
15:53:23.0755 0904 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:53:23.0755 0904 AsyncMac - ok
15:53:23.0770 0904 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:53:23.0770 0904 atapi - ok
15:53:23.0817 0904 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:53:23.0817 0904 AtiHDAudioService - ok
15:53:23.0848 0904 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:53:23.0848 0904 AudioEndpointBuilder - ok
15:53:23.0864 0904 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:53:23.0864 0904 AudioSrv - ok
15:53:23.0864 0904 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:53:23.0864 0904 avgntflt - ok
15:53:23.0880 0904 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:53:23.0880 0904 avipbb - ok
15:53:23.0895 0904 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:53:23.0895 0904 avkmgr - ok
15:53:23.0911 0904 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:53:23.0911 0904 AxInstSV - ok
15:53:23.0942 0904 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:53:23.0942 0904 b06bdrv - ok
15:53:23.0942 0904 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:53:23.0942 0904 b57nd60a - ok
15:53:23.0958 0904 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:53:23.0958 0904 BDESVC - ok
15:53:23.0958 0904 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:53:23.0958 0904 Beep - ok
15:53:24.0020 0904 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:53:24.0020 0904 BFE - ok
15:53:24.0067 0904 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:53:24.0067 0904 BITS - ok
15:53:24.0082 0904 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:53:24.0082 0904 blbdrive - ok
15:53:24.0098 0904 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:53:24.0098 0904 Bonjour Service - ok
15:53:24.0129 0904 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:53:24.0145 0904 bowser - ok
15:53:24.0160 0904 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:53:24.0160 0904 BrFiltLo - ok
15:53:24.0160 0904 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:53:24.0160 0904 BrFiltUp - ok
15:53:24.0207 0904 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:53:24.0207 0904 Browser - ok
15:53:24.0223 0904 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:53:24.0223 0904 Brserid - ok
15:53:24.0238 0904 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:53:24.0238 0904 BrSerWdm - ok
15:53:24.0238 0904 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:53:24.0238 0904 BrUsbMdm - ok
15:53:24.0254 0904 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:53:24.0254 0904 BrUsbSer - ok
15:53:24.0270 0904 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:53:24.0270 0904 BTHMODEM - ok
15:53:24.0301 0904 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:53:24.0301 0904 bthserv - ok
15:53:24.0316 0904 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:53:24.0316 0904 cdfs - ok
15:53:24.0316 0904 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:53:24.0316 0904 cdrom - ok
15:53:24.0348 0904 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:53:24.0348 0904 CertPropSvc - ok
15:53:24.0363 0904 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:53:24.0363 0904 circlass - ok
15:53:24.0379 0904 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:53:24.0394 0904 CLFS - ok
15:53:24.0410 0904 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:53:24.0410 0904 clr_optimization_v2.0.50727_32 - ok
15:53:24.0457 0904 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:53:24.0457 0904 clr_optimization_v2.0.50727_64 - ok
15:53:24.0519 0904 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:53:24.0519 0904 clr_optimization_v4.0.30319_32 - ok
15:53:24.0582 0904 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:53:24.0582 0904 clr_optimization_v4.0.30319_64 - ok
15:53:24.0582 0904 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:53:24.0582 0904 CmBatt - ok
15:53:24.0597 0904 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:53:24.0597 0904 cmdide - ok
15:53:24.0644 0904 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:53:24.0644 0904 CNG - ok
15:53:24.0644 0904 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:53:24.0644 0904 Compbatt - ok
15:53:24.0675 0904 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:53:24.0675 0904 CompositeBus - ok
15:53:24.0675 0904 COMSysApp - ok
15:53:24.0691 0904 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:53:24.0691 0904 crcdisk - ok
15:53:24.0738 0904 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:53:24.0738 0904 CryptSvc - ok
15:53:24.0769 0904 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:53:24.0769 0904 DcomLaunch - ok
15:53:24.0800 0904 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:53:24.0800 0904 defragsvc - ok
15:53:24.0831 0904 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:53:24.0831 0904 DfsC - ok
15:53:24.0862 0904 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:53:24.0862 0904 Dhcp - ok
15:53:24.0878 0904 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:53:24.0878 0904 discache - ok
15:53:24.0878 0904 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:53:24.0878 0904 Disk - ok
15:53:24.0894 0904 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:53:24.0894 0904 Dnscache - ok
15:53:24.0909 0904 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:53:24.0909 0904 dot3svc - ok
15:53:24.0940 0904 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:53:24.0940 0904 DPS - ok
15:53:24.0956 0904 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:53:24.0956 0904 drmkaud - ok
15:53:25.0003 0904 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:53:25.0003 0904 dtsoftbus01 - ok
15:53:25.0050 0904 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:53:25.0050 0904 DXGKrnl - ok
15:53:25.0050 0904 EagleX64 - ok
15:53:25.0081 0904 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:53:25.0081 0904 EapHost - ok
15:53:25.0128 0904 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:53:25.0143 0904 ebdrv - ok
15:53:25.0206 0904 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:53:25.0206 0904 EFS - ok
15:53:25.0237 0904 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:53:25.0237 0904 ehRecvr - ok
15:53:25.0268 0904 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:53:25.0268 0904 ehSched - ok
15:53:25.0284 0904 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:53:25.0284 0904 elxstor - ok
15:53:25.0299 0904 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:53:25.0299 0904 ErrDev - ok
15:53:25.0315 0904 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:53:25.0315 0904 EventSystem - ok
15:53:25.0330 0904 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:53:25.0330 0904 exfat - ok
15:53:25.0362 0904 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:53:25.0362 0904 fastfat - ok
15:53:25.0393 0904 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:53:25.0408 0904 Fax - ok
15:53:25.0424 0904 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:53:25.0424 0904 fdc - ok
15:53:25.0424 0904 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:53:25.0424 0904 fdPHost - ok
15:53:25.0440 0904 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:53:25.0440 0904 FDResPub - ok
15:53:25.0455 0904 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:53:25.0455 0904 FileInfo - ok
15:53:25.0455 0904 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:53:25.0455 0904 Filetrace - ok
15:53:25.0471 0904 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:53:25.0471 0904 flpydisk - ok
15:53:25.0502 0904 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:53:25.0518 0904 FltMgr - ok
15:53:25.0549 0904 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:53:25.0549 0904 FontCache - ok
15:53:25.0611 0904 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:53:25.0611 0904 FontCache3.0.0.0 - ok
15:53:25.0627 0904 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:53:25.0627 0904 FsDepends - ok
15:53:25.0642 0904 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:53:25.0642 0904 Fs_Rec - ok
15:53:25.0674 0904 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:53:25.0674 0904 fvevol - ok
15:53:25.0705 0904 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:53:25.0705 0904 gagp30kx - ok
15:53:25.0720 0904 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:53:25.0720 0904 GEARAspiWDM - ok
15:53:25.0752 0904 [ 79C65AC6B3274C0712B3CEDB99B9BE0B ] Gizmo Central C:\Program Files (x86)\Gizmo\gservice.exe
15:53:25.0752 0904 Gizmo Central - ok
15:53:25.0767 0904 [ EE8829B623542D8ADC4DBA65A1133741 ] GizmoDrv C:\Windows\system32\drivers\GizmoDrv.sys
15:53:25.0767 0904 GizmoDrv - ok
15:53:25.0798 0904 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:53:25.0798 0904 gpsvc - ok
15:53:25.0830 0904 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
15:53:25.0830 0904 hamachi - ok
15:53:25.0892 0904 [ 5F2E60AF81607A4AEDAA3801C843A51F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:53:25.0892 0904 Hamachi2Svc - ok
15:53:25.0923 0904 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:53:25.0923 0904 hcw85cir - ok
15:53:25.0954 0904 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:53:25.0954 0904 HdAudAddService - ok
15:53:25.0970 0904 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:53:25.0970 0904 HDAudBus - ok
15:53:26.0001 0904 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:53:26.0001 0904 HECIx64 - ok
15:53:26.0001 0904 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:53:26.0001 0904 HidBatt - ok
15:53:26.0017 0904 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:53:26.0017 0904 HidBth - ok
15:53:26.0017 0904 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:53:26.0017 0904 HidIr - ok
15:53:26.0032 0904 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:53:26.0032 0904 hidserv - ok
15:53:26.0048 0904 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:53:26.0048 0904 HidUsb - ok
15:53:26.0064 0904 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:53:26.0064 0904 hkmsvc - ok
15:53:26.0095 0904 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:53:26.0110 0904 HomeGroupListener - ok
15:53:26.0110 0904 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:53:26.0110 0904 HomeGroupProvider - ok
15:53:26.0126 0904 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:53:26.0126 0904 HpSAMD - ok
15:53:26.0173 0904 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:53:26.0173 0904 HTTP - ok
15:53:26.0204 0904 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:53:26.0204 0904 hwpolicy - ok
15:53:26.0235 0904 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:53:26.0235 0904 i8042prt - ok
15:53:26.0251 0904 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:53:26.0251 0904 iaStorV - ok
15:53:26.0298 0904 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:53:26.0298 0904 IDriverT - ok
15:53:26.0344 0904 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:53:26.0360 0904 idsvc - ok
15:53:26.0360 0904 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:53:26.0360 0904 iirsp - ok
15:53:26.0391 0904 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:53:26.0391 0904 IKEEXT - ok
15:53:26.0407 0904 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:53:26.0407 0904 intelide - ok
15:53:26.0422 0904 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:53:26.0422 0904 intelppm - ok
15:53:26.0422 0904 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:53:26.0422 0904 IPBusEnum - ok
15:53:26.0438 0904 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:53:26.0438 0904 IpFilterDriver - ok
15:53:26.0469 0904 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:53:26.0469 0904 iphlpsvc - ok
15:53:26.0485 0904 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:53:26.0485 0904 IPMIDRV - ok
15:53:26.0516 0904 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:53:26.0516 0904 IPNAT - ok
15:53:26.0563 0904 [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:53:26.0563 0904 iPod Service - ok
15:53:26.0594 0904 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:53:26.0594 0904 IRENUM - ok
15:53:26.0610 0904 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:53:26.0610 0904 isapnp - ok
15:53:26.0610 0904 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:53:26.0610 0904 iScsiPrt - ok
15:53:26.0641 0904 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:53:26.0641 0904 kbdclass - ok
15:53:26.0641 0904 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:53:26.0641 0904 kbdhid - ok
15:53:26.0656 0904 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:53:26.0656 0904 KeyIso - ok
15:53:26.0688 0904 [ B3F33EAD5E5AD0704C4AE8D9CB2D4A2E ] KORGUMDS C:\Windows\system32\Drivers\KORGUM64.SYS
15:53:26.0688 0904 KORGUMDS - ok
15:53:26.0734 0904 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:53:26.0734 0904 KSecDD - ok
15:53:26.0766 0904 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:53:26.0766 0904 KSecPkg - ok
15:53:26.0781 0904 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:53:26.0781 0904 ksthunk - ok
15:53:26.0812 0904 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:53:26.0812 0904 KtmRm - ok
15:53:26.0828 0904 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:53:26.0828 0904 LanmanServer - ok
15:53:26.0859 0904 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:53:26.0859 0904 LanmanWorkstation - ok
15:53:26.0890 0904 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:53:26.0890 0904 lltdio - ok
15:53:26.0906 0904 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:53:26.0906 0904 lltdsvc - ok
15:53:26.0906 0904 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:53:26.0906 0904 lmhosts - ok
15:53:26.0968 0904 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:53:26.0968 0904 LMS - ok
15:53:26.0984 0904 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:53:27.0000 0904 LSI_FC - ok
15:53:27.0015 0904 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:53:27.0015 0904 LSI_SAS - ok
15:53:27.0015 0904 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:53:27.0015 0904 LSI_SAS2 - ok
15:53:27.0031 0904 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:53:27.0031 0904 LSI_SCSI - ok
15:53:27.0046 0904 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:53:27.0046 0904 luafv - ok
15:53:27.0093 0904 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:53:27.0093 0904 Mcx2Svc - ok
15:53:27.0093 0904 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:53:27.0093 0904 megasas - ok
15:53:27.0109 0904 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:53:27.0109 0904 MegaSR - ok
15:53:27.0124 0904 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:53:27.0124 0904 MMCSS - ok
15:53:27.0156 0904 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:53:27.0156 0904 Modem - ok
15:53:27.0171 0904 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:53:27.0171 0904 monitor - ok
15:53:27.0202 0904 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:53:27.0202 0904 mouclass - ok
15:53:27.0218 0904 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:53:27.0218 0904 mouhid - ok
15:53:27.0280 0904 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:53:27.0280 0904 mountmgr - ok
15:53:27.0312 0904 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:53:27.0312 0904 MozillaMaintenance - ok
15:53:27.0327 0904 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:53:27.0327 0904 mpio - ok
15:53:27.0343 0904 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:53:27.0343 0904 mpsdrv - ok
15:53:27.0374 0904 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:53:27.0374 0904 MpsSvc - ok
15:53:27.0405 0904 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:53:27.0405 0904 MRxDAV - ok
15:53:27.0436 0904 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:53:27.0436 0904 mrxsmb - ok
15:53:27.0452 0904 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:53:27.0452 0904 mrxsmb10 - ok
15:53:27.0483 0904 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:53:27.0483 0904 mrxsmb20 - ok
15:53:27.0499 0904 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:53:27.0499 0904 msahci - ok
15:53:27.0514 0904 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:53:27.0514 0904 msdsm - ok
15:53:27.0530 0904 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:53:27.0546 0904 MSDTC - ok
15:53:27.0561 0904 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:53:27.0561 0904 Msfs - ok
15:53:27.0577 0904 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:53:27.0577 0904 mshidkmdf - ok
15:53:27.0577 0904 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:53:27.0577 0904 msisadrv - ok
15:53:27.0608 0904 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:53:27.0608 0904 MSiSCSI - ok
15:53:27.0608 0904 msiserver - ok
15:53:27.0624 0904 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:53:27.0624 0904 MSKSSRV - ok
15:53:27.0624 0904 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:53:27.0624 0904 MSPCLOCK - ok
15:53:27.0639 0904 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:53:27.0639 0904 MSPQM - ok
15:53:27.0670 0904 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:53:27.0670 0904 MsRPC - ok
15:53:27.0702 0904 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:53:27.0702 0904 mssmbios - ok
15:53:27.0717 0904 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:53:27.0717 0904 MSTEE - ok
15:53:27.0733 0904 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:53:27.0733 0904 MTConfig - ok
15:53:27.0748 0904 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
15:53:27.0748 0904 MTsensor - ok
15:53:27.0748 0904 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:53:27.0748 0904 Mup - ok
15:53:27.0795 0904 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:53:27.0811 0904 napagent - ok
15:53:27.0826 0904 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:53:27.0826 0904 NativeWifiP - ok
15:53:27.0858 0904 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:53:27.0858 0904 NDIS - ok
15:53:27.0873 0904 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:53:27.0889 0904 NdisCap - ok
15:53:27.0889 0904 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:53:27.0889 0904 NdisTapi - ok
15:53:27.0920 0904 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:53:27.0920 0904 Ndisuio - ok
15:53:27.0951 0904 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:53:27.0951 0904 NdisWan - ok
15:53:27.0982 0904 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:53:27.0982 0904 NDProxy - ok
15:53:27.0998 0904 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:53:27.0998 0904 NetBIOS - ok
15:53:28.0014 0904 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:53:28.0029 0904 NetBT - ok
15:53:28.0029 0904 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:53:28.0029 0904 Netlogon - ok
15:53:28.0045 0904 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:53:28.0045 0904 Netman - ok
15:53:28.0060 0904 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:53:28.0060 0904 netprofm - ok
15:53:28.0107 0904 [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
15:53:28.0107 0904 netr7364 - ok
15:53:28.0123 0904 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:53:28.0123 0904 NetTcpPortSharing - ok
15:53:28.0138 0904 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:53:28.0138 0904 nfrd960 - ok
15:53:28.0185 0904 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:53:28.0185 0904 NlaSvc - ok
15:53:28.0201 0904 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:53:28.0201 0904 Npfs - ok
15:53:28.0216 0904 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:53:28.0216 0904 nsi - ok
15:53:28.0232 0904 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:53:28.0232 0904 nsiproxy - ok
15:53:28.0279 0904 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:53:28.0294 0904 Ntfs - ok
15:53:28.0294 0904 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:53:28.0294 0904 Null - ok
15:53:28.0341 0904 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:53:28.0341 0904 nvraid - ok
15:53:28.0357 0904 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:53:28.0357 0904 nvstor - ok
15:53:28.0357 0904 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:53:28.0357 0904 nv_agp - ok
15:53:28.0372 0904 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:53:28.0372 0904 ohci1394 - ok
15:53:28.0435 0904 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:53:28.0435 0904 ose - ok
15:53:28.0560 0904 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:53:28.0575 0904 osppsvc - ok
15:53:28.0591 0904 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:53:28.0591 0904 p2pimsvc - ok
15:53:28.0622 0904 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:53:28.0622 0904 p2psvc - ok
15:53:28.0638 0904 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:53:28.0638 0904 Parport - ok
15:53:28.0669 0904 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:53:28.0669 0904 partmgr - ok
15:53:28.0684 0904 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:53:28.0684 0904 PcaSvc - ok
15:53:28.0684 0904 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:53:28.0684 0904 pci - ok
15:53:28.0700 0904 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:53:28.0700 0904 pciide - ok
15:53:28.0716 0904 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:53:28.0716 0904 pcmcia - ok
15:53:28.0731 0904 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:53:28.0731 0904 pcw - ok
15:53:28.0747 0904 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:53:28.0747 0904 PEAUTH - ok
15:53:28.0825 0904 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:53:28.0825 0904 PerfHost - ok
15:53:28.0856 0904 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:53:28.0872 0904 pla - ok
15:53:28.0903 0904 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:53:28.0918 0904 PlugPlay - ok
15:53:28.0918 0904 PnkBstrA - ok
15:53:28.0934 0904 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:53:28.0934 0904 PNRPAutoReg - ok
15:53:28.0934 0904 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:53:28.0934 0904 PNRPsvc - ok
15:53:29.0012 0904 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:53:29.0012 0904 PolicyAgent - ok
15:53:29.0028 0904 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:53:29.0028 0904 Power - ok
15:53:29.0043 0904 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:53:29.0043 0904 PptpMiniport - ok
15:53:29.0059 0904 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:53:29.0059 0904 Processor - ok
15:53:29.0090 0904 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:53:29.0090 0904 ProfSvc - ok
15:53:29.0090 0904 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:53:29.0090 0904 ProtectedStorage - ok
15:53:29.0121 0904 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:53:29.0121 0904 Psched - ok
15:53:29.0152 0904 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:53:29.0168 0904 ql2300 - ok
15:53:29.0184 0904 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:53:29.0184 0904 ql40xx - ok
15:53:29.0184 0904 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:53:29.0199 0904 QWAVE - ok
15:53:29.0215 0904 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:53:29.0215 0904 QWAVEdrv - ok
15:53:29.0230 0904 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:53:29.0230 0904 RasAcd - ok
15:53:29.0246 0904 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:53:29.0262 0904 RasAgileVpn - ok
15:53:29.0277 0904 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:53:29.0277 0904 RasAuto - ok
15:53:29.0308 0904 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:53:29.0308 0904 Rasl2tp - ok
15:53:29.0324 0904 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:53:29.0324 0904 RasMan - ok
15:53:29.0340 0904 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:53:29.0340 0904 RasPppoe - ok
15:53:29.0355 0904 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:53:29.0355 0904 RasSstp - ok
15:53:29.0371 0904 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:53:29.0371 0904 rdbss - ok
15:53:29.0386 0904 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:53:29.0386 0904 rdpbus - ok
15:53:29.0386 0904 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:53:29.0386 0904 RDPCDD - ok
15:53:29.0402 0904 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:53:29.0402 0904 RDPENCDD - ok
15:53:29.0402 0904 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:53:29.0402 0904 RDPREFMP - ok
15:53:29.0433 0904 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:53:29.0433 0904 RDPWD - ok
15:53:29.0464 0904 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:53:29.0464 0904 rdyboost - ok
15:53:29.0480 0904 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:53:29.0480 0904 RemoteAccess - ok
15:53:29.0496 0904 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:53:29.0496 0904 RemoteRegistry - ok
15:53:29.0527 0904 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
15:53:29.0542 0904 RMCAST - ok
15:53:29.0542 0904 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:53:29.0542 0904 RpcEptMapper - ok
15:53:29.0558 0904 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:53:29.0574 0904 RpcLocator - ok
15:53:29.0605 0904 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:53:29.0605 0904 RpcSs - ok
15:53:29.0636 0904 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:53:29.0636 0904 RTL8167 - ok
15:53:29.0636 0904 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:53:29.0636 0904 SamSs - ok
15:53:29.0667 0904 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:53:29.0667 0904 sbp2port - ok
15:53:29.0683 0904 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:53:29.0683 0904 SCardSvr - ok
15:53:29.0714 0904 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:53:29.0714 0904 scfilter - ok
15:53:29.0761 0904 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:53:29.0761 0904 Schedule - ok
15:53:29.0808 0904 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:53:29.0808 0904 SCPolicySvc - ok
15:53:29.0823 0904 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:53:29.0823 0904 SDRSVC - ok
15:53:29.0839 0904 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:53:29.0839 0904 secdrv - ok
15:53:29.0870 0904 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:53:29.0870 0904 seclogon - ok
15:53:29.0901 0904 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:53:29.0901 0904 SENS - ok
15:53:29.0901 0904 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:53:29.0901 0904 SensrSvc - ok
15:53:29.0932 0904 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:53:29.0932 0904 Serenum - ok
15:53:29.0948 0904 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:53:29.0948 0904 Serial - ok
15:53:29.0948 0904 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:53:29.0948 0904 sermouse - ok
15:53:29.0979 0904 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:53:29.0979 0904 SessionEnv - ok
15:53:30.0010 0904 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:53:30.0010 0904 sffdisk - ok
15:53:30.0010 0904 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:53:30.0010 0904 sffp_mmc - ok
15:53:30.0026 0904 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:53:30.0026 0904 sffp_sd - ok
15:53:30.0026 0904 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:53:30.0042 0904 sfloppy - ok
15:53:30.0073 0904 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:53:30.0073 0904 SharedAccess - ok
15:53:30.0104 0904 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:53:30.0104 0904 ShellHWDetection - ok
15:53:30.0120 0904 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:53:30.0120 0904 SiSRaid2 - ok
15:53:30.0120 0904 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:53:30.0120 0904 SiSRaid4 - ok
15:53:30.0135 0904 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:53:30.0135 0904 Smb - ok
15:53:30.0151 0904 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:53:30.0151 0904 SNMPTRAP - ok
15:53:30.0166 0904 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:53:30.0166 0904 spldr - ok
15:53:30.0213 0904 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:53:30.0213 0904 Spooler - ok
15:53:30.0260 0904 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:53:30.0276 0904 sppsvc - ok
15:53:30.0276 0904 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:53:30.0276 0904 sppuinotify - ok
15:53:30.0354 0904 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:53:30.0354 0904 srv - ok
15:53:30.0385 0904 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:53:30.0385 0904 srv2 - ok
15:53:30.0400 0904 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:53:30.0400 0904 srvnet - ok
15:53:30.0416 0904 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:53:30.0416 0904 SSDPSRV - ok
15:53:30.0432 0904 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:53:30.0432 0904 SstpSvc - ok
15:53:30.0447 0904 Steam Client Service - ok
15:53:30.0463 0904 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:53:30.0463 0904 stexstor - ok
15:53:30.0478 0904 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:53:30.0478 0904 stisvc - ok
15:53:30.0525 0904 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:53:30.0525 0904 swenum - ok
15:53:30.0541 0904 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:53:30.0541 0904 swprv - ok
15:53:30.0572 0904 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:53:30.0572 0904 SysMain - ok
15:53:30.0603 0904 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:53:30.0603 0904 TabletInputService - ok
15:53:30.0634 0904 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:53:30.0650 0904 TapiSrv - ok
15:53:30.0650 0904 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:53:30.0650 0904 TBS - ok
15:53:30.0712 0904 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:53:30.0712 0904 Tcpip - ok
15:53:30.0744 0904 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:53:30.0759 0904 TCPIP6 - ok
15:53:30.0790 0904 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:53:30.0790 0904 tcpipreg - ok
15:53:30.0806 0904 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:53:30.0806 0904 TDPIPE - ok
15:53:30.0837 0904 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:53:30.0837 0904 TDTCP - ok
15:53:30.0884 0904 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:53:30.0884 0904 tdx - ok
15:53:30.0884 0904 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:53:30.0884 0904 TermDD - ok
15:53:30.0931 0904 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:53:30.0931 0904 TermService - ok
15:53:30.0946 0904 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:53:30.0946 0904 Themes - ok
15:53:30.0962 0904 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:53:30.0978 0904 THREADORDER - ok
15:53:30.0978 0904 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:53:30.0993 0904 TrkWks - ok
15:53:31.0040 0904 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:53:31.0040 0904 TrustedInstaller - ok
15:53:31.0071 0904 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:53:31.0071 0904 tssecsrv - ok
15:53:31.0087 0904 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:53:31.0087 0904 TsUsbFlt - ok
15:53:31.0102 0904 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:53:31.0102 0904 tunnel - ok
15:53:31.0134 0904 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:53:31.0134 0904 uagp35 - ok
15:53:31.0165 0904 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:53:31.0165 0904 udfs - ok
15:53:31.0180 0904 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:53:31.0180 0904 UI0Detect - ok
15:53:31.0196 0904 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:53:31.0196 0904 uliagpkx - ok
15:53:31.0227 0904 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:53:31.0227 0904 umbus - ok
15:53:31.0243 0904 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:53:31.0243 0904 UmPass - ok
15:53:31.0321 0904 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:53:31.0336 0904 UNS - ok
15:53:31.0368 0904 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:53:31.0368 0904 upnphost - ok
15:53:31.0399 0904 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:53:31.0399 0904 USBAAPL64 - ok
15:53:31.0430 0904 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:53:31.0430 0904 usbaudio - ok
15:53:31.0446 0904 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:53:31.0446 0904 usbccgp - ok
15:53:31.0477 0904 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:53:31.0477 0904 usbcir - ok
15:53:31.0477 0904 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:53:31.0477 0904 usbehci - ok
15:53:31.0492 0904 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:53:31.0492 0904 usbhub - ok
15:53:31.0508 0904 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:53:31.0508 0904 usbohci - ok
15:53:31.0524 0904 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:53:31.0524 0904 usbprint - ok
15:53:31.0539 0904 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:53:31.0539 0904 usbscan - ok
15:53:31.0555 0904 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:53:31.0555 0904 USBSTOR - ok
15:53:31.0570 0904 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:53:31.0570 0904 usbuhci - ok
15:53:31.0586 0904 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:53:31.0586 0904 UxSms - ok
15:53:31.0602 0904 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:53:31.0602 0904 VaultSvc - ok
15:53:31.0602 0904 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:53:31.0602 0904 vdrvroot - ok
15:53:31.0633 0904 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:53:31.0633 0904 vds - ok
15:53:31.0648 0904 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:53:31.0648 0904 vga - ok
15:53:31.0664 0904 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:53:31.0664 0904 VgaSave - ok
15:53:31.0680 0904 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:53:31.0680 0904 vhdmp - ok
15:53:31.0711 0904 [ 712BFD5DAC2668FBA4A2435FB06C3D00 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
15:53:31.0726 0904 VIAHdAudAddService - ok
15:53:31.0742 0904 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:53:31.0742 0904 viaide - ok
15:53:31.0758 0904 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:53:31.0758 0904 volmgr - ok
15:53:31.0789 0904 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:53:31.0789 0904 volmgrx - ok
15:53:31.0804 0904 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:53:31.0804 0904 volsnap - ok
15:53:31.0820 0904 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:53:31.0820 0904 vsmraid - ok
15:53:31.0867 0904 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:53:31.0867 0904 VSS - ok
15:53:31.0882 0904 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:53:31.0882 0904 vwifibus - ok
15:53:31.0898 0904 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:53:31.0898 0904 vwififlt - ok
15:53:31.0914 0904 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:53:31.0914 0904 W32Time - ok
15:53:31.0929 0904 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:53:31.0929 0904 WacomPen - ok
15:53:31.0929 0904 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:53:31.0929 0904 WANARP - ok
15:53:31.0945 0904 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:53:31.0945 0904 Wanarpv6 - ok
15:53:31.0976 0904 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:53:31.0976 0904 wbengine - ok
15:53:31.0992 0904 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:53:31.0992 0904 WbioSrvc - ok
15:53:32.0023 0904 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:53:32.0038 0904 wcncsvc - ok
15:53:32.0054 0904 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:53:32.0054 0904 WcsPlugInService - ok
15:53:32.0070 0904 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:53:32.0070 0904 Wd - ok
15:53:32.0085 0904 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:53:32.0085 0904 Wdf01000 - ok
15:53:32.0101 0904 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:53:32.0101 0904 WdiServiceHost - ok
15:53:32.0101 0904 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:53:32.0101 0904 WdiSystemHost - ok
15:53:32.0132 0904 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:53:32.0132 0904 WebClient - ok
15:53:32.0148 0904 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:53:32.0148 0904 Wecsvc - ok
15:53:32.0163 0904 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:53:32.0163 0904 wercplsupport - ok
15:53:32.0179 0904 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:53:32.0179 0904 WerSvc - ok
15:53:32.0194 0904 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:53:32.0194 0904 WfpLwf - ok
15:53:32.0194 0904 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:53:32.0194 0904 WIMMount - ok
15:53:32.0210 0904 WinDefend - ok
15:53:32.0210 0904 WinHttpAutoProxySvc - ok
15:53:32.0257 0904 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:53:32.0257 0904 Winmgmt - ok
15:53:32.0288 0904 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:53:32.0304 0904 WinRM - ok
15:53:32.0319 0904 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:53:32.0319 0904 WinUsb - ok
15:53:32.0335 0904 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:53:32.0350 0904 Wlansvc - ok
15:53:32.0460 0904 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:53:32.0460 0904 wlidsvc - ok
15:53:32.0475 0904 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:53:32.0475 0904 WmiAcpi - ok
15:53:32.0491 0904 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:53:32.0491 0904 wmiApSrv - ok
15:53:32.0506 0904 WMPNetworkSvc - ok
15:53:32.0522 0904 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:53:32.0522 0904 WPCSvc - ok
15:53:32.0538 0904 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:53:32.0538 0904 WPDBusEnum - ok
15:53:32.0553 0904 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:53:32.0553 0904 ws2ifsl - ok
15:53:32.0584 0904 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:53:32.0584 0904 wscsvc - ok
15:53:32.0584 0904 WSearch - ok
15:53:32.0631 0904 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:53:32.0647 0904 wuauserv - ok
15:53:32.0647 0904 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:53:32.0647 0904 WudfPf - ok
15:53:32.0694 0904 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:53:32.0694 0904 WUDFRd - ok
15:53:32.0725 0904 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:53:32.0725 0904 wudfsvc - ok
15:53:32.0740 0904 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:53:32.0740 0904 WwanSvc - ok
15:53:32.0740 0904 ================ Scan global ===============================
15:53:32.0772 0904 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:53:32.0803 0904 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:53:32.0803 0904 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:53:32.0834 0904 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:53:32.0865 0904 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:53:32.0865 0904 [Global] - ok
15:53:32.0865 0904 ================ Scan MBR ==================================
15:53:32.0881 0904 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:53:33.0052 0904 \Device\Harddisk0\DR0 - ok
15:53:33.0052 0904 ================ Scan VBR ==================================
15:53:33.0052 0904 [ C32475F7D1D17D275470482CF864CC33 ] \Device\Harddisk0\DR0\Partition1
15:53:33.0052 0904 \Device\Harddisk0\DR0\Partition1 - ok
15:53:33.0068 0904 [ ED6D8A059DE64F9F9F03396467F7B8D1 ] \Device\Harddisk0\DR0\Partition2
15:53:33.0068 0904 \Device\Harddisk0\DR0\Partition2 - ok
15:53:33.0084 0904 ============================================================
15:53:33.0084 0904 Scan finished
15:53:33.0084 0904 ============================================================
15:53:33.0084 1352 Detected object count: 1
15:53:33.0084 1352 Actual detected object count: 1
 Vielen Dank schonmal für die Unterstützung |
|
28.09.2012, 15:52
| #7 |
| /// TB-Ausbilder | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Servus, so gehts weiter: Schritt 1
Schritt 2 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Wie läuft dein Rechner derzeit? Gibt es noch Probleme? Bitte poste mit deiner nächsten Antwort
|
|
28.09.2012, 17:16
| #8 |
| | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? so schritt 1 : Code:
ATTFilter # AdwCleaner v2.003 - Datei am 09/28/2012 um 18:13:37 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Semmel3 - SEMMEL3-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Semmel3\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\searchplugins\Plusnetwork.xml
Ordner Gelöscht : C:\Users\Semmel3\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Semmel3\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\Conduit
Ordner Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\ConduitCommon
Ordner Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\CT2653012
Ordner Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Ordner Gelöscht : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\bbrs_002@blabbers.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchplusnetwork.com/?sp=vit4 --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\prefs.js
C:\Users\Semmel3\AppData\Roaming\Mozilla\Firefox\Profiles\4bjhuwjk.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2653012..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2653012.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2653012.AppTrackingLastCheckTime", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true);
Gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_129653180391256971", true);
Gelöscht : user_pref("CT2653012.CTID", "CT2653012");
Gelöscht : user_pref("CT2653012.CurrentServerDate", "13-12-2011");
Gelöscht : user_pref("CT2653012.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2653012.DialogsGetterLastCheckTime", "Sun Dec 11 2011 17:58:19 GMT+0100");
Gelöscht : user_pref("CT2653012.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2653012.FirstServerDate", "12-4-2011");
Gelöscht : user_pref("CT2653012.FirstTime", true);
Gelöscht : user_pref("CT2653012.FirstTimeFF3", true);
Gelöscht : user_pref("CT2653012.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2653012.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2653012.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2653012.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2653012.Initialize", true);
Gelöscht : user_pref("CT2653012.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2653012.InstalledDate", "Tue Apr 12 2011 22:50:49 GMT+0200");
Gelöscht : user_pref("CT2653012.InvalidateCache", false);
Gelöscht : user_pref("CT2653012.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2653012.IsGrouping", false);
Gelöscht : user_pref("CT2653012.IsMulticommunity", false);
Gelöscht : user_pref("CT2653012.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2653012.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2653012.LanguagePackLastCheckTime", "Mon Dec 12 2011 20:07:20 GMT+0100");
Gelöscht : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2653012.LastLogin_2.7.1.3", "Sat Apr 30 2011 13:43:56 GMT+0200");
Gelöscht : user_pref("CT2653012.LastLogin_3.3.3.2", "Thu Jun 30 2011 22:59:13 GMT+0200");
Gelöscht : user_pref("CT2653012.LastLogin_3.6.0.10", "Tue Sep 27 2011 21:08:13 GMT+0200");
Gelöscht : user_pref("CT2653012.LastLogin_3.7.0.6", "Tue Nov 08 2011 22:16:19 GMT+0100");
Gelöscht : user_pref("CT2653012.LastLogin_3.8.0.8", "Mon Dec 05 2011 20:42:20 GMT+0100");
Gelöscht : user_pref("CT2653012.LastLogin_3.8.1.0", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gelöscht : user_pref("CT2653012.LatestVersion", "3.8.1.0");
Gelöscht : user_pref("CT2653012.Locale", "en");
Gelöscht : user_pref("CT2653012.LoginCache", 4);
Gelöscht : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2653012.RadioIsPodcast", false);
Gelöscht : user_pref("CT2653012.RadioLastCheckTime", "Tue Dec 13 2011 17:59:52 GMT+0100");
Gelöscht : user_pref("CT2653012.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000");
Gelöscht : user_pref("CT2653012.RadioMediaID", "21806912");
Gelöscht : user_pref("CT2653012.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
Gelöscht : user_pref("CT2653012.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
Gelöscht : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Gelöscht : user_pref("CT2653012.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2653012.SearchBoxWidth", 150);
Gelöscht : user_pref("CT2653012.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2653012.SearchEngineBeforeUnload", "Yahoo");
Gelöscht : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Gelöscht : user_pref("CT2653012.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Mon Dec 12 2011 17:58:21 GMT+0100");
Gelöscht : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2653012.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2653012.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2653012.ServiceMapLastCheckTime", "Mon Dec 12 2011 21:17:48 GMT+0100");
Gelöscht : user_pref("CT2653012.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2653012.SettingsLastCheckTime", "Tue Dec 13 2011 13:17:27 GMT+0100");
Gelöscht : user_pref("CT2653012.SettingsLastUpdate", "1323706893");
Gelöscht : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Thu Dec 08 2011 17:58:18 GMT+0100");
Gelöscht : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1312887586");
Gelöscht : user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Gelöscht : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2653012.UserID", "UN98209596837378296");
Gelöscht : user_pref("CT2653012.ValidationData_Search", 0);
Gelöscht : user_pref("CT2653012.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2653012.alertChannelId", "1045667");
Gelöscht : user_pref("CT2653012.backendstorage.cb_firstuse0100", "31");
Gelöscht : user_pref("CT2653012.backendstorage.cbfirsttime", "576564204E6F7620303920323031312031383A32313A34342[...]
Gelöscht : user_pref("CT2653012.backendstorage.ct2653012ads1", "25374225323261647325323225334125354225374225323[...]
Gelöscht : user_pref("CT2653012.backendstorage.ct2653012current_term", "426C75652B466F756E646174696F6E2B2D2B457[...]
Gelöscht : user_pref("CT2653012.backendstorage.ct2653012sdate", "3230");
Gelöscht : user_pref("CT2653012.backendstorage.facebook_mode", "32");
Gelöscht : user_pref("CT2653012.backendstorage.facebook_user_locale", "6465");
Gelöscht : user_pref("CT2653012.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Gelöscht : user_pref("CT2653012.backendstorage.url_history", "687474703A2F2F7777772E796F75747562652E636F6D2F776[...]
Gelöscht : user_pref("CT2653012.backendstorage.url_history_time", "31333233383031343031313832");
Gelöscht : user_pref("CT2653012.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2653012.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2653012.components.1000234", false);
Gelöscht : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Tue Dec 13 2011 21:15:37 GMT+0100");
Gelöscht : user_pref("CT2653012.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2653012.initDone", true);
Gelöscht : user_pref("CT2653012.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2653012.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2653012.myStuffEnabled", true);
Gelöscht : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2653012.oldAppsList", "129199665576502590,129199665576658841,111,129518362214439676,129[...]
Gelöscht : user_pref("CT2653012.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2653012.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2653012.testingCtid", "");
Gelöscht : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Mon Dec 12 2011 21:17:48 GMT+0100");
Gelöscht : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Mon Dec 05 2011 12:42:19 GMT+0100");
Gelöscht : user_pref("CT2653012.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2653012.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2653012&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "veoh_web_player");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Semmel3\\AppData\\Roaming\\Mozilla\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2653012");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "veoh_web_player");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 07 2011 11:10:43 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 14:17:07 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 30 2011 14:16:59 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{590a3c05-19db-4f14-a5dc-8babac194955}");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "3089e1ab-5016-420f-b8e3-8493fa09e5a9");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.killedEngine", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Dec 12 2011 14:33:3[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Dec 12 2011 17:58:30 GMT+010[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Dec 12 2011 21:17:49 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "06737bc5-3fc2-42fc-9423-979089138e7d");
Gelöscht : user_pref("CommunityToolbar.undefined", "");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchplusnetwork.com/?sp=vit4");
Gelöscht : user_pref("keyword.URL", "hxxp://www.searchplusnetwork.com/?sp=vit4&q=");
*************************
AdwCleaner[R1].txt - [19354 octets] - [28/09/2012 15:42:10]
AdwCleaner[S1].txt - [19930 octets] - [28/09/2012 18:13:37]
########## EOF - C:\AdwCleaner[S1].txt - [19991 octets] ##########
OTL-Text: Code:
ATTFilter OTL logfile created on: 28.09.2012 18:19:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Semmel3\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 78,79% Memory free 15,92 Gb Paging File | 14,01 Gb Available in Paging File | 88,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,92 Gb Total Space | 1432,80 Gb Free Space | 76,91% Space Free | Partition Type: NTFS Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Semmel3\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Gizmo Central) -- C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KORGUMDS) -- C:\Windows\SysNative\drivers\KORGUM64.SYS (KORG INC.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (GizmoDrv) -- C:\Windows\SysNative\drivers\gizmodrv.sys (Arainia Solutions LLC) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 1E 10 43 96 49 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = hxxp://starwebsearch.com/index.php?from=4&q={searchTerms} IE - HKCU\..\SearchScopes\{FCBEBBEA-AD82-4B47-8174-B91EEF715793}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.25 19:31:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 11:10:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.18 15:37:57 | 000,000,000 | ---D | M] [2011.01.08 20:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Extensions [2012.09.28 18:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions [2011.04.19 16:00:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.15 19:17:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\ich@maltegoetz.de [2011.08.28 13:19:22 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\youtube2mp3@mondayx.de.xpi [2012.08.07 14:29:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.08.05 13:18:02 | 000,002,125 | ---- | M] () -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\searchplugins\GoogleFeed.xml [2012.05.15 15:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.08 11:10:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.13 16:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 20:08:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.13 16:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 16:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 16:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 16:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E8E9CFC-3CD5-464C-9C0A-C8674660156B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AACA96B-FDA6-4FD6-BE38-B7A3B95D772A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3E2BEF1-762D-4321-B489-A8635273DA18}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.06.27 00:29:39 | 000,000,022 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell - "" = AutoRun O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell\AutoRun\command - "" = E:\Launch.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.28 15:52:10 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89412721.sys [2012.09.28 15:36:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Semmel3\Desktop\aswMBR.exe [2012.09.28 13:59:31 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.09.28 13:25:08 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\AppData\Roaming\Malwarebytes [2012.09.28 13:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.28 13:24:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.26 12:35:22 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.22 14:24:30 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.22 14:24:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.22 14:24:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.22 14:24:29 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.22 14:24:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.22 14:24:29 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.22 14:24:29 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.20 16:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2012.09.20 16:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2012.09.20 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Guild Wars 2 [2012.09.12 13:04:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 13:04:02 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 13:04:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 13:04:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.08.30 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Games for Windows - LIVE Demos [2012.08.30 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Spartan [2012.08.30 03:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Wonderful End of the World Trial [2012.08.30 02:55:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.28 18:19:15 | 001,541,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.28 18:19:15 | 000,669,456 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.28 18:19:15 | 000,628,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.28 18:19:15 | 000,137,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.28 18:19:15 | 000,112,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.28 18:14:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.28 18:14:26 | 2115,280,895 | -HS- | M] () -- C:\hiberfil.sys [2012.09.28 17:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.28 15:55:18 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.28 15:55:18 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.28 15:52:10 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89412721.sys [2012.09.28 15:50:18 | 000,000,512 | ---- | M] () -- C:\Users\Semmel3\Desktop\MBR.dat [2012.09.28 15:36:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Semmel3\Desktop\aswMBR.exe [2012.09.28 13:24:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 16:10:52 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.09.10 02:42:27 | 000,435,725 | ---- | M] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.28 15:50:18 | 000,000,512 | ---- | C] () -- C:\Users\Semmel3\Desktop\MBR.dat [2012.09.28 13:24:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 16:10:52 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.09.10 02:41:34 | 000,435,725 | ---- | C] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt [2012.08.30 02:55:03 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012.04.09 23:07:33 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2012.04.08 22:37:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.04.08 22:37:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.04.08 22:37:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.25 05:41:08 | 000,007,597 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\Resmon.ResmonCfg [2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll [2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2011.01.19 12:07:17 | 000,000,095 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\fusioncache.dat [2011.01.18 08:15:22 | 001,540,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.18 08:12:35 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.01.18 08:12:33 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.01.18 08:12:31 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.01.17 18:45:14 | 000,000,600 | ---- | C] () -- C:\Users\Semmel3\AppData\Roaming\winscp.rnd [2011.01.08 20:27:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.01.08 19:57:20 | 000,027,504 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.01.08 19:56:10 | 000,019,533 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.01.08 19:56:10 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] Extras: Probleme gab es nur kleine wie Abstürze von Firefox oder Hänger . Hauptsächlich die Geschwindigkeit hat sich in letzter Zeit stark reduziert deswegen bin ich darauf gekommen ! Rechner läuft aber abgesehn davon relativ gut ! |
|
28.09.2012, 17:30
| #9 |
| | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? schritt 2 : OTL-Text: Code:
ATTFilter OTL logfile created on: 28.09.2012 18:19:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Semmel3\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 78,79% Memory free 15,92 Gb Paging File | 14,01 Gb Available in Paging File | 88,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,92 Gb Total Space | 1432,80 Gb Free Space | 76,91% Space Free | Partition Type: NTFS Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Semmel3\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Gizmo Central) -- C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KORGUMDS) -- C:\Windows\SysNative\drivers\KORGUM64.SYS (KORG INC.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (GizmoDrv) -- C:\Windows\SysNative\drivers\gizmodrv.sys (Arainia Solutions LLC) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 1E 10 43 96 49 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = hxxp://starwebsearch.com/index.php?from=4&q={searchTerms} IE - HKCU\..\SearchScopes\{FCBEBBEA-AD82-4B47-8174-B91EEF715793}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.25 19:31:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 11:10:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.18 15:37:57 | 000,000,000 | ---D | M] [2011.01.08 20:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Extensions [2012.09.28 18:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions [2011.04.19 16:00:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.15 19:17:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Semmel3\AppData\Roaming\mozilla\Firefox\Profiles\4bjhuwjk.default\extensions\ich@maltegoetz.de [2011.08.28 13:19:22 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\youtube2mp3@mondayx.de.xpi [2012.08.07 14:29:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.08.05 13:18:02 | 000,002,125 | ---- | M] () -- C:\Users\Semmel3\AppData\Roaming\mozilla\firefox\profiles\4bjhuwjk.default\searchplugins\GoogleFeed.xml [2012.05.15 15:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.08 11:10:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.13 16:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 20:08:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.13 16:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 16:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 16:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 16:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Semmel3\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Semmel3\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E8E9CFC-3CD5-464C-9C0A-C8674660156B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AACA96B-FDA6-4FD6-BE38-B7A3B95D772A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3E2BEF1-762D-4321-B489-A8635273DA18}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.06.27 00:29:39 | 000,000,022 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell - "" = AutoRun O33 - MountPoints2\{d7c2763a-816f-11e1-8180-20cf30bbd32d}\Shell\AutoRun\command - "" = E:\Launch.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.28 15:52:10 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89412721.sys [2012.09.28 15:36:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Semmel3\Desktop\aswMBR.exe [2012.09.28 13:59:31 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.09.28 13:25:08 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\AppData\Roaming\Malwarebytes [2012.09.28 13:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.28 13:24:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.28 13:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.26 12:35:22 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.22 14:24:30 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.22 14:24:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.22 14:24:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.22 14:24:29 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.22 14:24:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.22 14:24:29 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.22 14:24:29 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.20 16:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2012.09.20 16:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2012.09.20 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Guild Wars 2 [2012.09.12 13:04:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 13:04:02 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 13:04:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 13:04:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.08.30 10:26:35 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Games for Windows - LIVE Demos [2012.08.30 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\Semmel3\Documents\Spartan [2012.08.30 03:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Wonderful End of the World Trial [2012.08.30 02:55:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012.08.30 02:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.28 18:19:15 | 001,541,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.28 18:19:15 | 000,669,456 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.28 18:19:15 | 000,628,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.28 18:19:15 | 000,137,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.28 18:19:15 | 000,112,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.28 18:14:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.28 18:14:26 | 2115,280,895 | -HS- | M] () -- C:\hiberfil.sys [2012.09.28 17:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.28 15:55:18 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.28 15:55:18 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.28 15:52:10 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\89412721.sys [2012.09.28 15:50:18 | 000,000,512 | ---- | M] () -- C:\Users\Semmel3\Desktop\MBR.dat [2012.09.28 15:36:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Semmel3\Desktop\aswMBR.exe [2012.09.28 13:24:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 16:10:52 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.09.10 02:42:27 | 000,435,725 | ---- | M] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.28 15:50:18 | 000,000,512 | ---- | C] () -- C:\Users\Semmel3\Desktop\MBR.dat [2012.09.28 13:24:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 16:10:52 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.09.10 02:41:34 | 000,435,725 | ---- | C] () -- C:\Users\Semmel3\Desktop\sicherung arbeit.odt [2012.08.30 02:55:03 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012.04.09 23:07:33 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2012.04.08 22:37:13 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.04.08 22:37:13 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.04.08 22:37:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.25 05:41:08 | 000,007,597 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\Resmon.ResmonCfg [2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll [2011.06.10 17:20:40 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2011.01.19 12:07:17 | 000,000,095 | ---- | C] () -- C:\Users\Semmel3\AppData\Local\fusioncache.dat [2011.01.18 08:15:22 | 001,540,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.18 08:12:35 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.01.18 08:12:33 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.01.18 08:12:31 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.01.17 18:45:14 | 000,000,600 | ---- | C] () -- C:\Users\Semmel3\AppData\Roaming\winscp.rnd [2011.01.08 20:27:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.01.08 19:57:20 | 000,027,504 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.01.08 19:56:10 | 000,019,533 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.01.08 19:56:10 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] Extras: Probleme gab es nur kleine wie Abstürze von Firefox oder Hänger . Hauptsächlich die Geschwindigkeit hat sich in letzter Zeit stark reduziert deswegen bin ich darauf gekommen ! Rechner läuft aber abgesehn davon relativ gut ! |
|
28.09.2012, 17:31
| #10 |
| | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Sorry für die Doppel Post hängt mit mienem Firefox zusammen ... ! Extras: Code:
ATTFilter OTL Extras logfile created on: 28.09.2012 18:19:16 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Semmel3\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 78,79% Memory free
15,92 Gb Paging File | 14,01 Gb Available in Paging File | 88,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1432,80 Gb Free Space | 76,91% Space Free | Partition Type: NTFS
Drive D: | 4,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: SEMMEL3-PC | User Name: Semmel3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D89D08-76C7-437F-8061-2218A66A6BCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{04A5FF94-E827-48BF-B14E-F95B15AF5774}" = lport=138 | protocol=17 | dir=in | app=system |
"{0C5CA600-5847-4EAC-ACF2-AD51F93986D4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0ED68441-E2BB-412B-AE60-BB2C46B7EBEA}" = rport=137 | protocol=17 | dir=out | app=system |
"{168E2F66-B90D-45DE-8DCF-82F614CC0313}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{289483AB-06BD-41FA-85EB-DD4E326EF51A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{298CF00C-9ABA-4CE4-B648-A9EC39FB8E8E}" = lport=139 | protocol=6 | dir=in | app=system |
"{2B79A649-7AD2-46C4-ABF5-D57EA3BBF4E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2EFDB6D1-8CE8-4853-BD7F-B3AA3ACF899F}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface |
"{2F44BCC5-BC13-4AAB-A782-E0F3A77620C3}" = rport=2869 | protocol=6 | dir=out | app=system |
"{442AB8F5-8D04-4252-A35D-38FE1A62473C}" = rport=445 | protocol=6 | dir=out | app=system |
"{48EB8F4D-37D4-458C-88DB-0B783695834D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D5DA65E-7F51-40BA-BE6B-955009B2EE4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65097C6C-A337-40E0-9E08-4ECED3F820B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F62DFE7-4177-4C3E-92D5-78D239CDE950}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FD666CF-C087-4D88-8E09-8121B7B39402}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{702D77F1-7D87-421D-97B8-28062361C9DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75D71D67-CD46-4C0C-955F-A8DEFCF3452F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87D3A8EF-A493-4720-827D-05332F152405}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A2EDED2-4748-44D4-B6E4-49AAB74C0C5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8BA8EC31-8549-49D2-9409-21D110A9FE5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B429D87-9F66-4AB3-8D4B-8F072F0170B0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9F95ED39-CBFE-4A70-AF92-7F3494A882CE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A6A19C95-0AF3-4A31-B4FA-326CEEB3B9D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB7D3CC5-F113-4EA9-BDCE-B50AEAC77845}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7A59223-BD9C-4A53-BF77-7DDC7DE6B14B}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA40648F-6BFE-4452-A214-9965DCBE0395}" = lport=137 | protocol=17 | dir=in | app=system |
"{D693F4FA-7A32-427D-8301-FBC4CB8D61C9}" = rport=139 | protocol=6 | dir=out | app=system |
"{D6A69205-67ED-4E11-8C1D-87330448C510}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC1D6C78-CDF7-4A7E-8669-AE475B30D4A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF50F3F9-B392-4CE5-8D8C-56012292325C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E03AC141-0602-421B-83E0-D5C1C390AC65}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FF266D2B-7CF5-48B6-89F3-DB6D162E94B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E7DFA-E039-4FBE-AE12-1A8ED924A7D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe |
"{01DCB31E-28CF-4F69-BE48-3A636FB95B97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{02DF55F6-A590-45F2-8FBA-D727A0849359}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe |
"{17FE9864-EB12-4313-A356-54736DCB7CED}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{1F0B4EE5-998F-416A-9ABC-5860758BA037}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe |
"{21ACC931-BD3B-4235-B48B-846A65DAA4E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{261228B9-79B5-4D50-B3BF-2E803EF65CB3}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe |
"{28DF8BD9-2BF0-451D-9DB7-309ECEE92925}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2A0FB448-974D-4C13-BDD5-FE10BD88A5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2C8CB090-7317-4F67-9951-2E7616A13B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"{2DEC89C9-F931-4504-9136-566581529314}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{2E6BC299-95C0-44C9-B0CF-1F13C1DB57B6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{32FC71EB-BC3E-495A-9914-AC3C1334FC02}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3327864F-7518-4BCC-81FE-A72C20BD5030}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3371047D-8F44-4806-A723-AF4F9044C32C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34001BB9-C9D4-441E-A3B1-69DBDAAF3B03}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{34F2F701-A54F-47E7-B80A-A66C043836FD}" = dir=out | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe |
"{3DAC82E0-0CF2-4A6A-8655-1E4389680F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{3DAF56D8-1C8B-4D5C-8343-C4522737B079}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{422C7F1F-642C-42CD-AD6C-BD950A8C3A43}" = dir=out | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe |
"{4569CEF6-0B7C-459D-8600-A1C307209F08}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4B5817BD-DC1C-401C-9260-C4EECD167806}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{4C0BA5C5-C186-424A-ABCE-4E668D1E4DEC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{55EBB7A0-751C-47DD-ABD6-AFB6055622FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{58F8A5AD-F819-4CBB-AC22-072E07CAFA70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C971D68-FEB1-4392-88AC-B1C774FDE96F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6330180B-4586-4FE0-A04E-17466155463B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65C734C7-615E-4438-9CE9-C170BBC1585D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6757E155-B5E4-4748-AEFB-E96A6341304A}" = dir=out | app=%programfiles%\native instruments\reaktor 5\reaktor5.exe |
"{6A51DDB3-9494-4140-A4D8-B27E816F2EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforeverlauncher.exe |
"{6BD32769-3A93-43AA-A6D8-90BA0D2A286B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{6EBB6EE0-91F2-4680-AF9B-E0D8E885307E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{6F15A31A-9F99-4519-8302-C566723E23F4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7064779A-0ABE-4BC5-A4DD-04F020047003}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{728E728E-B6B9-47D7-9F27-D0373FD48326}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{73EF78C8-F550-41F3-B6BA-D20F94DA022C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{7B23F193-88A5-40CB-95C8-B65B43074179}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C1FD9F9-7C13-4F91-8639-1548BE5C5C82}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7D2F7435-9471-4FF3-A6CA-A1BD136AE8AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7E1F5B54-AD24-433F-9F24-305AF53FF1A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E96EF0E-EE3C-4E26-B7F4-8DDD8F650859}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe |
"{8113BE97-2ED9-42C0-9DD1-4A18ED10EC25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{82A02444-7EBD-4500-BECF-A588DA71F250}" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"{845B7CFA-FD50-4BE3-8C1D-39FEAFEDC103}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{8C4CB877-771A-4CE7-AD9E-3E869B965DFD}" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe |
"{8E330D6E-04C7-4510-B7CA-CC104731661E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F3AC6DE-ADD3-4FD2-9201-B12264B954F2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{8F78629F-4686-4631-8061-36F6B4933D46}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{9CA29403-EE7B-4D35-B5E6-7CC214B94BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{A4ADDAAE-C62E-4864-838F-F94363EEEFA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A6E4640D-431B-40E1-ABA2-44DEFA051E83}" = dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{A7B133E6-9153-46EF-80CD-890E79743E4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{A88E3071-9214-4E19-9EB9-EEC10C3EC0F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A8E15104-9B7A-4763-9FB7-3CB2E3D3D587}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{A8F14CDA-D3E0-49B8-B400-D1AA3FDCCECD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B229312B-FBF9-46CA-B9DA-197150D9093C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{B3469B3F-83C4-4394-B030-2B1D54BC533A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{B3F0851E-EB6A-4B58-B6B2-1E6C656B03B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B7C93736-8A85-4D43-8AAE-AABE4374C2D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDCAA190-6FEA-4EB0-9B25-CDFF8010CD75}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{C395F7AD-AF9D-47D0-9D79-D8196FD1DBF1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C4482D10-9D9B-4EF5-BEC2-6AE5B1837AE9}" = dir=in | app=%programfiles% (x86)\ableton\live 8.0.1\program\live 8.0.1.exe |
"{C6518FB6-635E-44DC-BCF5-5C9B263FDB3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe |
"{CDD7517F-7532-41F1-9CB9-9A82D31E201F}" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"{CF7E1DCD-33A8-4C1B-B6EA-0BA4957CE895}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mother99\counter-strike source\hl2.exe |
"{D157192D-4512-47F0-BE76-229950D9DC46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lutziie\counter-strike source\hl2.exe |
"{D8708315-2EF8-4910-8859-F6E44A8F8B1E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{DDF15E72-F345-42EF-A491-9F26A3E9B315}" = protocol=6 | dir=out | app=system |
"{E03FFC84-8678-4B4B-BE28-9B07B29393BF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{E2E6AD6E-366F-469E-8882-F0BDA9E08627}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E420B9D9-B609-4A31-8AFF-4A7294D513DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{E9D970F2-7628-4F20-A057-DC1A649AFD8D}" = dir=in | app=%programfiles% (x86)\virtualdj\virtualdj_pro.exe |
"{EA636CA8-5B82-4E63-AF83-B67FC317B1FE}" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe |
"{EE444846-1B82-443C-967B-37B21CD7041C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania united\tmforever.exe |
"{F3670743-85E8-41CD-8F81-12DF95937434}" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"{F567067A-522A-436D-8D18-14AFFA54F38F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{F6550485-E251-4C51-8B1B-4F556F4D56E5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{F7979907-8D14-4549-B410-A52FEC061BFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FF0519E5-EFC7-4792-B708-3CDE278C5440}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"TCP Query User{06A4D315-D932-4EA5-8BCD-0F44D1F50DC7}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{0ABB63E0-BACF-4065-A686-EAC9A531BA0D}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat |
"TCP Query User{0AECF25A-D03D-4166-8D08-6D5B723A9B62}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{25FE0EB9-6785-43BD-BE95-159190BC7892}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe |
"TCP Query User{2A14BF8F-7052-4586-AF0E-6DECAA7A486A}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe |
"TCP Query User{310EC278-9CA6-463A-82BA-3A8D6F967EA6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe |
"TCP Query User{37F940C5-F7C0-40B2-A2A7-99E9EA6DB03A}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{4314FCE3-2D1B-403D-9F12-3F6FAAB04564}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{4E26B57E-2DAB-49C0-9472-3B0428DA8F61}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |
"TCP Query User{74BEB245-C2B0-4475-AB16-9A7B135AB5AD}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe |
"TCP Query User{77C8A727-1195-4E3A-94C1-6741E3814BFC}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{7C695C05-029E-4092-8EF5-4775028636B5}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe |
"TCP Query User{956CDBDE-2F32-413B-87D4-7F99E011C527}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe |
"TCP Query User{AC551760-E41B-49A2-93B6-A3B7566C3BB9}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe |
"TCP Query User{B5D8E2AA-7FE2-485E-8BDC-F8A6571309E4}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"TCP Query User{BA266FE6-E0C4-482F-B7D6-DC9A96C39F8A}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe |
"TCP Query User{C339BDCE-C350-4563-AE8F-59720E5248A3}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=6 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe |
"TCP Query User{CF95CF45-BD46-4407-94DF-4084540069B6}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=6 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe |
"TCP Query User{D11C0AD1-5038-4D67-B7C5-9EDFA41C041B}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"TCP Query User{D70AA586-AB0B-4074-BECF-EC4C3BB7E9F6}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"TCP Query User{DE121CE7-A433-4EFD-8D23-C2E0FA4E4DD4}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe |
"TCP Query User{E5746666-6631-4E1A-8F59-79A75F2EB617}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{F02F160F-6A38-4630-9EDD-DFDE21C23202}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{F3BE3F8F-D78B-492D-AE54-4369A91D68B1}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{FDD9264B-55AE-4207-A3A4-CAF460A15081}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe |
"TCP Query User{FFB03BEC-5704-49E0-B8D5-C57C08130E2F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{0077A4C1-42B2-4CEC-BB14-D99D8E8CABF9}C:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\games\borderlands\binaries\borderlands.exe |
"UDP Query User{0096B6F4-1115-46D0-B347-B33C881EBE7C}C:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1.exe |
"UDP Query User{04816270-EF81-4A16-90D4-8D097BA3C543}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"UDP Query User{0A33625F-9A19-42D4-A492-BBB8F8D29CD3}C:\users\semmel3\desktop\mw2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mpold.exe |
"UDP Query User{113A8EA1-7C69-4BDF-8F73-FFFB0CB7DF10}C:\program files (x86)\activision\modern warfare 2\iw4mpold.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mpold.exe |
"UDP Query User{138C4001-8B85-4293-AB8F-41E7DC53173C}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{359FA801-D0D1-467F-95DB-BFD2F5C2B431}C:\users\semmel3\desktop\mw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.exe |
"UDP Query User{377B05DC-60E4-4FB4-9D51-8CED59B8A4E4}C:\users\semmel3\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\roaming\spotify\spotify.exe |
"UDP Query User{39C04FD3-5D52-4BC9-9F5B-1F5DBD83CA3C}C:\users\semmel3\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3ECB84A6-8F05-47A5-A72D-377BE5D83AA8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{3F68D25C-A7AD-41CF-8547-86FE540281AA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{5DF9A99E-D1A6-456B-8155-EA045B186FE0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{6C5C2639-064F-4202-B1E9-EF2B35E9603B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{6DC76822-25EA-4A77-AC8A-C156CD5C731E}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"UDP Query User{7BFF630B-2153-48F7-A016-B291B43459A9}C:\users\semmel3\desktop\mw2\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\semmel3\desktop\mw2\iw4mp.dat |
"UDP Query User{7E4CF59E-761D-4295-8C9C-6207AC7841FD}C:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\semmel3\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{8AE10A56-C960-46D6-90AE-8A8CE0D65179}C:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\microsoft\age of empires online\spartan.exe |
"UDP Query User{97EBEDCD-5D5D-45F6-94E5-4F790885BCDD}C:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\bootstrap\iw4mp.exe |
"UDP Query User{A77EB67B-DB34-4015-B2B9-2710E32B51DF}C:\programdata\battle.net\agent\agent.1199\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"UDP Query User{BF193D71-C053-4355-9DF3-532DB3F231FD}C:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{CDDB15D7-486A-46DE-9520-6F53B9FC60BC}C:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe" = protocol=17 | dir=in | app=c:\program files (x86)\english bid for power final 4.0\ebfpf 4.0.exe |
"UDP Query User{CFD885F0-8527-40DA-944E-D74F61DC361A}C:\program files (x86)\activision\modern warfare 2\iw4m.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4m.exe |
"UDP Query User{D5F2F23D-9464-4FA9-BD38-529125B8EFEC}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |
"UDP Query User{E0343B7F-BD3D-41A1-9414-0E6046224FE4}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{F4924D05-D9CC-4871-B0CF-D9867B235B68}C:\users\semmel3\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\semmel3\appdata\local\temp\gw2.exe |
"UDP Query User{F6B94F14-8759-4CC3-B8FC-DFD7A2AC1249}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5941D535-34BF-BB6E-E52B-F464E4E955FF}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2DDE39D-BA16-4DBB-9C96-A6703142DCF3}" = Native Instruments Komplete 7 Players
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0FC9E28-1CE6-4A40-BEF1-C6E6EDFCA070}" = Native Instruments Kontakt Factory Selection
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D7D6AA2C-DD2C-53F1-1F1D-5AC3CDE1B90C}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{04475621-9BF8-EF82-4691-1C8FD9D40FD2}" = CCC Help Polish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07A733AA-2D8C-1E0E-ED9B-B4CA59AE86B3}" = Catalyst Control Center
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AADBEB8-3F11-7FB7-6DDC-EE2276C1A80E}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{2C3F42F5-935B-E64C-13D7-4369B0D66DE9}" = CCC Help Greek
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37CE847B-3279-1A39-CA09-FBF330B5EC97}" = CCC Help Czech
"{3C15E8E2-3463-584F-D4F8-D95878737EAB}" = CCC Help Norwegian
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{420500EA-4038-AADB-DD76-90D0311E5867}" = CCC Help Spanish
"{43403BCA-6051-A108-682C-5BABB69D3919}" = CCC Help Hungarian
"{441717E8-ADF5-4724-8B90-FA8DE7B73F91}" = KORG KAOSSILATOR PRO Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{549ECD2C-5ACD-0598-56E6-BF88F6B5CE9E}" = CCC Help Portuguese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BAD1D5F-157F-C4D7-05B8-7B2D08874DFA}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6E9484D8-F1F5-8737-3C35-C2ACB8BC9BF8}" = CCC Help Danish
"{6EB6BC61-0079-80B7-9AE8-A28E02F81E04}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DDE8F9-FAD1-4C64-84DF-DF287EAE6FAE}" = CCC Help Turkish
"{7C53D4FA-0F42-3B24-686B-2AB688C8B112}" = Catalyst Control Center Localization All
"{810AC1C1-CB19-45EA-B5C9-77B654F9CA07}" = TQ Defiler.NET
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{85F76CD3-92C2-6422-202C-ADC655E83940}" = CCC Help Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINT_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.POWERPOINT_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92E71E47-7BDE-2A10-A9C2-373DCAE4EEB9}" = CCC Help Chinese Traditional
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9693675A-7108-247D-A369-AF08C8E32CFD}" = CCC Help English
"{9971CC5F-9E89-6024-72CD-2F9B33305B7F}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E8426B6-0027-8C7E-9729-E86053D9A3D5}" = CCC Help Finnish
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B3CB5BA3-3E98-4E85-944E-B03D055F8450}" = KORG USB-MIDI Driver Tools for Windows
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B66F4972-5C17-90A5-95AB-0C4DAEFC92A4}" = CCC Help Korean
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{DB689397-D3C2-BD23-A83E-FCA68454F0FE}" = CCC Help Dutch
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EAD24F4A-8BB8-EAC5-A995-3D9A96DF3FA4}" = CCC Help French
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BC0231-25D6-B4BF-5D9E-633220A2C09A}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F501FACA-3AFB-FAC4-825D-F6D1343F0C69}" = Catalyst Control Center Graphics Previews Common
"{F7657E34-0046-9515-61D9-7AAFC84C4AC8}" = CCC Help Thai
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface Service
"ArtMoney SE_is1" = ArtMoney SE v7.35
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"DAEMON Tools Pro" = DAEMON Tools Pro
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.3.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Gizmo Central" = Gizmo Central
"Guild Wars 2" = Guild Wars 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Live 8.2.2" = Live 8.2.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 7 Players" = Native Instruments Komplete 7 Players
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.91
"Steam App 12840" = DiRT 2
"Steam App 240" = Counter-Strike: Source
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 7200" = TrackMania United
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"winscp3_is1" = WinSCP 4.2.9
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.08.2012 21:29:23 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 29.08.2012 21:29:26 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 29.08.2012 21:29:28 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 30.08.2012 08:59:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MiracleWOW.exe, Version: 1.0.0.25,
Zeitstempel: 0x4feb47ba Name des fehlerhaften Moduls: MiracleWOW.exe, Version: 1.0.0.25,
Zeitstempel: 0x4feb47ba Ausnahmecode: 0xc0000417 Fehleroffset: 0x0011230e ID des fehlerhaften
Prozesses: 0x13dc Startzeit der fehlerhaften Anwendung: 0x01cd86af48afecfa Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\World of Warcraft\MiracleWOW.exe
Berichtskennung:
8e46102f-f2a2-11e1-9b7e-20cf30bbd32d
Error - 30.08.2012 20:49:42 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ad4 Startzeit:
01cd861145029f28 Endzeit: 24 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
be4eec46-f305-11e1-9b7e-20cf30bbd32d
Error - 31.08.2012 11:45:42 | Computer Name = Semmel3-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 10.09.2012 16:17:34 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e64 Startzeit:
01cd8f528cec3d54 Endzeit: 28 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
8cbe742e-fb84-11e1-b400-20cf30bbd32d
Error - 10.09.2012 21:13:43 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a40 Startzeit:
01cd8f9151442b30 Endzeit: 25 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
ec13e286-fbad-11e1-b400-20cf30bbd32d
Error - 20.09.2012 11:40:15 | Computer Name = Semmel3-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ff8 Startzeit:
01cd973efe2a6a71 Endzeit: 22 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
77276dc8-0339-11e2-ba4e-20cf30bbd32d
Error - 22.09.2012 08:23:39 | Computer Name = Semmel3-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: update.exe_Avira Free Antivirus,
Version: 12.3.14.31, Zeitstempel: 0x4fe31944 Name des fehlerhaften Moduls: aepack.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x5050b518 Ausnahmecode: 0xc0000005 Fehleroffset:
0x037037d4 ID des fehlerhaften Prozesses: 0x13ec Startzeit der fehlerhaften Anwendung:
0x01cd98bca88de599 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir
Desktop\update.exe Pfad des fehlerhaften Moduls: aepack.dll Berichtskennung: 56684367-04b0-11e2-b47c-20cf30bbd32d
[ System Events ]
Error - 23.09.2012 06:48:24 | Computer Name = Semmel3-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.100 registriert werden. Der Computer mit IP-Adresse 192.168.2.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 24.09.2012 14:15:18 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description =
Error - 24.09.2012 15:42:35 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description =
Error - 26.09.2012 10:22:26 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description =
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description =
Error - 27.09.2012 07:26:48 | Computer Name = Semmel3-PC | Source = ipnathlp | ID = 31004
Description =
Error - 28.09.2012 09:02:27 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description =
Error - 28.09.2012 10:33:04 | Computer Name = Semmel3-PC | Source = bowser | ID = 8003
Description =
Error - 28.09.2012 12:17:30 | Computer Name = Semmel3-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 28.09.2012 12:18:01 | Computer Name = Semmel3-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
< End of report >
|
|
28.09.2012, 18:51
| #11 |
| /// TB-Ausbilder | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Servus, Schritt 1
Schritt 2
Code:
ATTFilter :OTL
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = hxxp://starwebsearch.com/index.php?from=4&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3
:commands
[Emptytemp]
Schritt 3
Schritt 4 ESET Online Scanner
Bitte poste mit deiner nächsten Antwort
|
|
30.09.2012, 14:36
| #12 |
| | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Schritt 2 : Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3 removed from extensions.enabledItems
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Semmel3
->Temp folder emptied: 1280842942 bytes
->Temporary Internet Files folder emptied: 167635482 bytes
->Java cache emptied: 3498251 bytes
->FireFox cache emptied: 71068862 bytes
->Flash cache emptied: 159537 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1677002 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85029 bytes
RecycleBin emptied: 25186809184 bytes
Total Files Cleaned = 25.474,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 09302012_124054
Files\Folders moved on Reboot...
C:\Users\Semmel3\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
es wurden keine infizierten Objekte gefunden  Code:
ATTFilter gMalwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Semmel3 :: SEMMEL3-PC [Administrator] 30.09.2012 12:46:55 mbam-log-2012-09-30 (12-46-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201129 Laufzeit: 2 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Users\Semmel3\AppData\Roaming\BrowserCompanion\tbhcn.exe Win32/BrowserCompanion application
C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe a variant of Win32/SoftonicDownloader.E application
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_operation7.exe Win32/SoftonicDownloader application
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_photoscape.exe a variant of Win32/SoftonicDownloader.D application
C:\Users\Semmel3\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application
So sieht ja schon ganz gut aus ! |
|
30.09.2012, 18:37
| #13 |
| /// TB-Ausbilder | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Servus, Lass die Finger von Softonic. Damit handelst du dir nämlich nur lauter Müll ein (wie aktuell z. B.). Bald haben wir es geschafft. Schritt 1
Code:
ATTFilter :files
C:\Users\Semmel3\AppData\Roaming\BrowserCompanion
C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_operation7.exe
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_photoscape.exe
C:\Users\Semmel3\Downloads\YouTubeDownloaderSetup33.exe
:Commands
[emptytemp]
Schritt 2 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
|
01.10.2012, 06:55
| #14 |
| | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Ok alles kla Softonic wird nie mehr verwendet  Code:
ATTFilter All processes killed
========== FILES ==========
C:\Users\Semmel3\AppData\Roaming\BrowserCompanion folder moved successfully.
C:\Users\Semmel3\Downloads\SoftonicDownloader_for_the-wonderful-end-of-the-world.exe moved successfully.
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_operation7.exe moved successfully.
C:\Users\Semmel3\Downloads\SoftonicDownloader_fuer_photoscape.exe moved successfully.
C:\Users\Semmel3\Downloads\YouTubeDownloaderSetup33.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Semmel3
->Temp folder emptied: 37191774 bytes
->Temporary Internet Files folder emptied: 268219 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 538119257 bytes
->Flash cache emptied: 1849 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 549,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10012012_074148
Files\Folders moved on Reboot...
C:\Users\Semmel3\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.0.1400 Java(TM) 6 Update 29 Java version out of Date! Adobe Flash Player 11.4.402.265 Adobe Reader X 10.1.1 Adobe Reader out of Date! Mozilla Firefox (15.0.1) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` !! |
|
01.10.2012, 16:09
| #15 |
| /// TB-Ausbilder | Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 3 Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen. Möchtest Du ESET denoch deinstallieren, Drücke bitte die  + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Schritt 4
Code:
ATTFilter :commands
[Clearallrestorepoints]
[Reboot]
Schritt 5
Schritt 6 Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Schritt 7 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich diesen Thread aus meinen Abos löschen kann. |
|
| Themen zu Thbcn im Systemstart , Mwb 42 infizierte datein, was tun ? |
| 7-zip, administrator, adware.skymedia, anti-malware, autostart, battle.net, black, browser, datei, dateien, document, explorer, files, forum, gen, google, helper, infizierte, install, install.exe, log-datei, malwarebytes, microsoft, nichts, office, plug-in, probleme, pub.blappers, revo uninstaller, richtlinie, service, software, speicher, systemstart, tbhcn.exe, thbcn, trojan.hoaxsms, uninstall.exe, unlock, vdeck.exe, version |
Textbox.
Linear-Darstellung
