| |
| |||||||
Log-Analyse und Auswertung: Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.10.2012, 09:37
| #1 |
| |  Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) Hallo, ich habe seit einigen Wochen folgendes Problem: Suche ich im Firefox bei Google etwas und klicke dann auf das Suchergebnis werde ich auf ganz andere Seiten weitergeleitet. Die Weiterleitung erfolgt dabei immer über die Seite "Ihavenet.com" Ich habe bereits im Netz geschaut und bin auch in eurem Forum fündig geworden. Empfohlen ist ein eigenes Thema zu öffnen, da das Problem individuell behoben werden muss. Ich habe bereits OLT, Malewarebytes, AdwCleaner und den ESET-Onlinescanner durchlaufen lassen. Nur der ESET hat konkret was gefunden. Folgend die Reports. OLT-Report: Code:
ATTFilter OTL logfile created on: 12.10.2012 18:32:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 48,22% Memory free 7,86 Gb Paging File | 5,55 Gb Available in Paging File | 70,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 186,61 Gb Free Space | 65,25% Space Free | Partition Type: NTFS Computer Name: ANDREAS-LAPTOP | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - [2012.10.12 18:31:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe PRC - [2012.09.26 16:35:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.26 16:34:56 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.26 16:34:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.03.26 11:24:58 | 001,516,600 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 13:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe PRC - [2011.01.23 21:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe PRC - [2011.01.23 21:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe PRC - [2009.07.27 11:50:32 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.02.03 04:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Modules (No Company Name) ========== MOD - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe MOD - [2011.01.23 21:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe MOD - [2011.01.23 21:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe MOD - [2010.04.05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL MOD - [2010.04.05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll MOD - [2010.04.05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL MOD - [2010.04.05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL MOD - [2010.04.05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL MOD - [2010.04.01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll MOD - [2010.04.01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll MOD - [2009.06.23 07:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll MOD - [2009.06.23 07:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll MOD - [2009.06.23 07:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll MOD - [2009.05.27 08:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcats.dll MOD - [2009.04.28 07:56:30 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\lxebsmr.dll MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll MOD - [2009.02.20 10:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsm.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.04.14 19:56:24 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device) SRV:64bit: - [2010.04.14 19:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2012.10.12 17:15:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 20:22:46 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.26 16:35:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.26 16:34:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:32 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.04.14 19:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2010.04.14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.26 16:35:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.26 16:35:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.26 16:35:31 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.08.05 17:03:02 | 000,032,256 | ---- | M] (Icera Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokiappo.sys -- (nokiappo) DRV:64bit: - [2009.08.05 17:03:02 | 000,022,528 | ---- | M] (Icera Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokiacpo.sys -- (nokiacpo) DRV:64bit: - [2009.07.27 09:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.07.16 13:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.07 11:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.22 20:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.06.22 20:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.06.18 14:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=panda1_0yach IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE364DE363 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.06.06 14:49:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.24 22:20:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.29 20:22:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 17:22:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.29 20:22:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 17:22:26 | 000,000,000 | ---D | M] [2010.01.18 23:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2012.09.26 16:29:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\76fkmkkn.default\extensions [2012.09.26 16:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.26 16:49:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.09.29 20:22:47 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.24 22:20:34 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.09.26 09:09:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.29 20:22:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.26 09:09:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.26 09:09:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.26 09:09:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.26 09:09:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe () O4 - HKCU..\Run: [Ovratodcju] C:\Users\Andreas\AppData\Roaming\lcptry.dll () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1271691D-610E-4484-B1F4-ABAD1885947B}: DhcpNameServer = 217.237.151.51 217.237.149.205 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D9BC7B8-21BB-4037-B34E-AAF433736479}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{08a4b500-0487-11df-b500-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{08a4b500-0487-11df-b500-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{08a4b506-0487-11df-b500-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{08a4b506-0487-11df-b500-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0b35cd0e-0c01-11df-80bd-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{0b35cd0e-0c01-11df-80bd-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0b35cd11-0c01-11df-80bd-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{0b35cd11-0c01-11df-80bd-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{411e5f3b-2dff-11df-bc52-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{411e5f3b-2dff-11df-bc52-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8be2840c-2dfa-11df-aa8f-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{8be2840c-2dfa-11df-aa8f-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a5370079-2df9-11df-9846-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{a5370079-2df9-11df-9846-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a5370086-2df9-11df-9846-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{a5370086-2df9-11df-9846-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012.10.12 18:31:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2012.10.12 18:07:43 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2012.10.12 18:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.12 18:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.12 18:06:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.12 18:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.12 17:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.12 17:22:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Macromedia [2012.10.12 17:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.10.12 17:15:25 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.12 17:15:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.10.10 20:39:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 20:39:21 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 20:39:21 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 20:39:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 20:39:13 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 20:39:13 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 20:39:13 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 20:39:12 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 20:39:12 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 20:39:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 20:39:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 20:39:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 20:39:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 20:39:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 20:39:12 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 20:39:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 20:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 20:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 20:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 20:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 20:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 20:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 20:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 20:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 20:39:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 20:39:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 20:39:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 20:39:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 20:39:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 20:39:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 20:39:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 20:39:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 20:39:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 20:39:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 20:39:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 20:39:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 20:39:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 20:39:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 20:39:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 20:38:58 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 20:38:33 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 20:38:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.08 18:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint [2012.10.08 18:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 6.0 Sprint [2012.10.04 15:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIGNAL IDUNA Gruppe [2012.09.26 17:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.09.26 17:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.09.26 16:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.26 16:49:09 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.09.26 16:49:08 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.09.26 16:49:08 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.09.26 16:49:08 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.09.26 16:47:58 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Avira [2012.09.26 16:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.09.26 16:41:32 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.26 16:41:32 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.09.26 16:41:32 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.09.26 16:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.09.26 16:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.09.26 16:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.09.26 16:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.09.26 09:44:34 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Ausarbeitungen [2012.09.26 09:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.09.26 09:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.25 20:16:33 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.22 22:17:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.22 22:17:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.22 22:17:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.22 22:17:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.22 22:17:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.22 22:17:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.22 22:17:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.22 22:17:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.22 22:17:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.22 22:17:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.22 22:17:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.22 22:17:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.22 22:17:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.22 22:17:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.22 22:17:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.12 12:58:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 12:58:31 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 12:58:24 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 12:58:24 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.09.06 11:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.06 11:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.09.06 11:04:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.09.01 16:31:47 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Passbilder [2012.08.16 07:57:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.16 07:57:42 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.16 07:57:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.16 07:57:39 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.16 07:57:33 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.16 07:57:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.16 07:57:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.16 07:57:05 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2009.08.14 12:17:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2012.10.12 18:31:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2012.10.12 17:57:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.12 17:15:25 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.12 17:15:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.12 17:14:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.11 21:43:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 21:43:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 21:33:31 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys [2012.10.08 18:20:42 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.08 18:20:42 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.08 18:20:42 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.08 18:20:42 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.08 18:20:42 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.04 15:47:13 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\SI BSW Exklusiv-Vertrieb.lnk [2012.09.27 14:17:46 | 000,425,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.26 18:49:46 | 000,000,329 | ---- | M] () -- C:\Windows\WinInit.Ini [2012.09.26 17:52:49 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT [2012.09.26 17:45:27 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT [2012.09.26 17:45:27 | 000,000,000 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Bass Amp [2012.09.26 17:45:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\Bass [2012.09.26 17:45:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\Automatic Filter [2012.09.26 16:48:55 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.09.26 16:48:55 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.09.26 16:48:55 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.09.26 16:48:55 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.09.26 16:48:55 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.09.26 16:36:17 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.26 16:35:31 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.26 16:35:31 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.09.26 16:35:31 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.09.17 16:37:16 | 000,057,244 | ---- | M] () -- C:\Windows\Kaufvertrag über einen gebrauchten Roller.pdf [2012.09.14 13:44:39 | 000,005,850 | ---- | M] () -- C:\Windows\creditreform.pdf [2012.09.10 16:36:50 | 000,143,360 | RHS- | M] () -- C:\Users\Andreas\AppData\Roaming\lcptry.dll [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.06 11:04:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.30 20:03:45 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.08.30 19:12:02 | 003,968,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.08.30 19:12:02 | 003,914,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.08.27 20:45:51 | 000,017,749 | ---- | M] () -- C:\Windows\www.bfwt.de_cms_projekte_stundenplaene_dresden_enderstr_eb09b.htm.pdf [2012.08.27 20:37:48 | 000,822,191 | ---- | M] () -- C:\Windows\2012_13_Klassenplanung_Teilzeit.pdf [2012.08.27 20:26:48 | 000,008,125 | ---- | M] () -- C:\Windows\CustomerInvoice_D9089424-01.pdf [2012.08.27 20:25:31 | 000,243,469 | ---- | M] () -- C:\Windows\Memoformat.pdf [2012.08.24 20:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.08.24 12:31:32 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.24 12:20:11 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.24 12:18:46 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.24 12:14:45 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.24 12:14:34 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.24 12:13:29 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.08.24 12:11:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.08.24 12:10:14 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.24 12:04:06 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.24 08:51:02 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.24 08:49:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.24 08:47:36 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.24 08:47:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.24 08:44:10 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.24 08:40:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.22 20:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.08.22 20:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.08.21 23:01:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.08.20 20:48:44 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.08.20 20:48:44 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.08.20 20:48:44 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.08.20 20:48:43 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.08.20 20:48:37 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.08.20 20:48:35 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.08.20 20:48:35 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.08.20 20:46:22 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.08.20 20:38:32 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.08.20 20:38:31 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.08.20 19:40:21 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.08.20 19:38:26 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.08.20 19:37:19 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.08.20 19:32:13 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.08.20 19:32:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.08.20 17:38:21 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.08.20 17:38:20 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.08.20 17:33:28 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.08.20 17:33:28 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.08.20 17:33:28 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.08.20 17:33:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.08.17 17:38:01 | 000,193,024 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.16 08:29:37 | 000,022,267 | ---- | M] () -- C:\Windows\Seat24.de, Buchung und Quittung. Bestellnummer _ JY6YPY Buchungsnr._ Amadeus_6BK9BO - 2012-08-16 08_28_00.pdf [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.12 17:22:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.10.12 17:15:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.04 15:47:13 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\SI BSW Exklusiv-Vertrieb.lnk [2012.09.27 14:17:32 | 000,425,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.26 17:45:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\Bass [2012.09.26 17:45:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\Automatic Filter [2012.09.26 16:36:17 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.17 16:37:14 | 000,057,244 | ---- | C] () -- C:\Windows\Kaufvertrag über einen gebrauchten Roller.pdf [2012.09.14 13:43:10 | 000,005,850 | ---- | C] () -- C:\Windows\creditreform.pdf [2012.09.10 16:36:50 | 000,143,360 | RHS- | C] () -- C:\Users\Andreas\AppData\Roaming\lcptry.dll [2012.09.06 11:04:38 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.27 20:26:47 | 000,008,125 | ---- | C] () -- C:\Windows\CustomerInvoice_D9089424-01.pdf [2012.08.16 08:29:35 | 000,022,267 | ---- | C] () -- C:\Windows\Seat24.de, Buchung und Quittung. Bestellnummer _ JY6YPY Buchungsnr._ Amadeus_6BK9BO - 2012-08-16 08_28_00.pdf [2012.06.12 22:24:56 | 000,005,397 | ---- | C] () -- C:\Windows\CDPLAYER.INI [2012.01.12 10:15:54 | 000,239,668 | ---- | C] () -- C:\Windows\Clever-hotels.com Hotel offer.pdf [2011.07.18 12:49:18 | 000,324,419 | ---- | C] () -- C:\Windows\www.promod-news.com_optiext_optiextension.dll_ID=QgO5KluwkQIc_mkQQQ_.pdf [2011.05.23 17:43:45 | 000,074,250 | ---- | C] () -- C:\Windows\hpqins16.dat [2011.03.19 15:46:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.17 14:33:22 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.17 14:22:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.08.17 14:22:27 | 000,000,000 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Bass Amp [2010.07.25 12:24:40 | 000,975,140 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\PandaIDProtectHelp_de.chm [2010.04.29 20:45:33 | 000,193,024 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.31 17:03:42 | 000,000,564 | ---- | C] () -- C:\Users\Andreas\AppData\Local\FSCache.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.10.2012 18:32:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 48,22% Memory free
7,86 Gb Paging File | 5,55 Gb Available in Paging File | 70,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 186,61 Gb Free Space | 65,25% Space Free | Partition Type: NTFS
Computer Name: ANDREAS-LAPTOP | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A133671-7C22-4FA1-AD1D-E06D9123810F}" = rport=445 | protocol=6 | dir=out | app=system |
"{1B808973-16FD-429F-B1A0-25B9F8DF0F84}" = lport=137 | protocol=17 | dir=in | app=system |
"{1D707C1A-D655-40E2-880F-4D822E963E0E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{333EF742-025E-4E6C-B423-1AB43F0B6397}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37244606-D725-4427-99D6-7B4A4FA24DBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{54507675-7ACE-4349-91CB-E81BA4DDA317}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{591C492F-3F87-4086-B5C9-5008A8148AC4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5B824B22-E62A-41B6-A231-76BDD12D303B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5CE1A003-09E3-456E-85BF-F51D02573FF9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F7CA09E-B755-45C6-970B-4D8AB3996BAD}" = rport=137 | protocol=17 | dir=out | app=system |
"{64E40DD4-ECC8-4874-A3D9-E24F50DFF47C}" = lport=445 | protocol=6 | dir=in | app=system |
"{6606D309-A6D8-487E-A141-47E9CBEA6ED5}" = rport=138 | protocol=17 | dir=out | app=system |
"{67A44882-E41F-4DD3-BC11-0DC6D49932CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B4AC928-F289-498D-8E05-4B29FA47603D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F970785-87D2-4793-9C83-ABF2D8E1F8CE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{75BA5902-E1DB-47DA-8BE7-5F53A376DCBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9709513A-DD59-4D9A-B433-1B82F001C153}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE0397FB-32A1-4EB8-A93C-0D632208BC42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF971470-E3D4-4F05-8FC8-CE4B89776E1F}" = lport=139 | protocol=6 | dir=in | app=system |
"{D2222FC4-29DC-4010-8B49-7C3F789E3A37}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5FCBA85-6E9F-4C34-B104-513222E8D5F4}" = rport=139 | protocol=6 | dir=out | app=system |
"{DBC98C14-D2CD-47C8-B989-06E39D6BD0F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC005FE7-C42B-426E-9B29-F24700FC6273}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E7453530-CE31-4395-87F7-F0035AF407A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AC020DF-540F-4E80-B710-C707E7372F2C}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{1B4D53F2-DE38-47C8-8B8F-A035050D0FB9}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{1B8E7872-A4F8-4C6D-A53B-AAA2D9F223D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{24DB5E79-6555-4447-9D8B-4BE988D1B6AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{299983FF-FF1F-479B-A030-508A8EEA1C1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BA79AEC-BE42-4D9B-BB3E-425C8223061E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3A96590E-5C52-4EC6-A564-0045D2128FC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{429E9BC3-1B6D-48D5-AED4-342BADFB029B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{458EE30B-482F-4A75-A048-724B5D626DE0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5786EBB9-19FB-4877-9549-98250F8EE035}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{583EA572-A682-4516-8E44-75EEC585EBE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67B9955D-99F7-47C5-84F3-737344E125EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B9F56C0-C953-4617-9424-4F13146F5243}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{6D7AD69F-F73E-460B-AA54-8719899EC010}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6FBE885F-9078-4342-865C-9248DB70D728}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7E87E1C2-FC4B-4921-A5A6-A8E1B9DD1B84}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{897BDE01-E34A-4459-9937-0D75BBFF168D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B37AFF2-874E-4B41-9AAC-6BB29B690115}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5041F70-7EFC-46E7-BBFC-24F7439DE0DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A9BAE80A-3532-4312-979B-28DE5DB43E3D}" = protocol=6 | dir=in | app=c:\windows\system32\lxebcoms.exe |
"{ADB0B406-1410-4F08-AEC6-2D50EA223767}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{B95142A2-0532-4C7E-A644-5D8EFA26F8BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B9C7AE66-ECE4-48C0-94FA-72C6F88964A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFD22633-DD54-4F5C-9AFD-7882FCCF66F0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CC959872-F0E4-488B-8D46-B9B513917DD8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CE8B4DB5-9FAA-4E2F-AFB4-786B7EE9F635}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D2DD6A0A-D40E-4E95-A77D-EDD3235F1DD9}" = protocol=6 | dir=out | app=system |
"{D6376E87-43FD-4D91-83A7-191FCD5F3282}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DFEE364A-E297-4464-966F-F0E476855F3D}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{E59441FA-2DE1-4EAA-AB71-FC3755B2C61D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6A674F8-0896-4068-A9F3-7D5792B46875}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E86C91E3-5272-43AC-9473-51CA86A381A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ECA84681-D78D-4A58-9FC9-1345BFF474E7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EE1A0752-B71D-484F-A0B1-9E3B54295678}" = protocol=17 | dir=in | app=c:\windows\system32\lxebcoms.exe |
"{FADCB880-0804-43A6-9CCF-24EF37ADC772}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"CCleaner" = CCleaner
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FF11610-5CB9-4A10-8572-470256CD9878}" = RuntimeInstallieren
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{544297B4-169B-458C-B0FF-095491F99D5B}" = Nokia Internet Modem
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular für Unternehmer 12.0.0.5880u" = ElsterFormular für Unternehmer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PhotoScape" = PhotoScape
"SIGNAL IDUNA Beratungssoftware externe Vertriebe" = SIGNAL IDUNA Beratungssoftware Exklusiv-Vertrieb
"TVgenial" = TVgenial 4.10
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.09.2012 08:50:50 | Computer Name = Andreas-Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 02.10.2012 12:52:08 | Computer Name = Andreas-Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 02.10.2012 12:52:48 | Computer Name = Andreas-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.10.2012 14:07:38 | Computer Name = Andreas-Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 02.10.2012 14:07:52 | Computer Name = Andreas-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.10.2012 06:50:16 | Computer Name = Andreas-Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 05.10.2012 14:35:18 | Computer Name = Andreas-Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 05.10.2012 14:35:53 | Computer Name = Andreas-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.10.2012 10:42:40 | Computer Name = Andreas-Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 12.10.2012 10:43:18 | Computer Name = Andreas-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ OSession Events ]
Error - 11.05.2010 12:15:43 | Computer Name = Andreas-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 105
seconds with 0 seconds of active time. This session ended with a crash.
Error - 14.06.2012 06:09:41 | Computer Name = Andreas-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 14.06.2012 06:10:47 | Computer Name = Andreas-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05.10.2012 14:46:39 | Computer Name = Andreas-Laptop | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error - 08.10.2012 12:27:03 | Computer Name = Andreas-Laptop | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 08.10.2012 12:27:11 | Computer Name = Andreas-Laptop | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 08.10.2012 12:27:18 | Computer Name = Andreas-Laptop | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 11.10.2012 04:17:39 | Computer Name = Andreas-Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 11.10.2012 04:17:39 | Computer Name = Andreas-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 11.10.2012 15:34:59 | Computer Name = Andreas-Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxebCATSCustConnectService erreicht.
Error - 11.10.2012 15:34:59 | Computer Name = Andreas-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxebCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 11.10.2012 15:34:59 | Computer Name = Andreas-Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
MyWinLocker Service erreicht.
Error - 11.10.2012 15:34:59 | Computer Name = Andreas-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MyWinLocker Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.12.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Andreas :: ANDREAS-LAPTOP [Administrator] 12.10.2012 18:10:15 mbam-log-2012-10-12 (18-10-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 439936 Laufzeit: 1 Stunde(n), 54 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v2.004 - Datei am 12/10/2012 um 20:02:23 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Andreas - ANDREAS-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Andreas\AppData\Local\Temp\boost_interprocess
Ordner Gefunden : C:\Users\Katja\AppData\Local\Temp\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKU\S-1-5-21-1264133486-3778195708-1647180911-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-1264133486-3778195708-1647180911-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\76fkmkkn.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b1eafoqg.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2422 octets] - [12/10/2012 20:02:23]
########## EOF - C:\AdwCleaner[R1].txt - [2482 octets] ##########
c:\Users\Andreas\AppData\Roaming\lcptry.dll a variant of Win32/Kryptik.AKCO trojan Operating memory probably a variant of Win32/Ponmocup.AA trojan Screen shot angehängt. Ich hoffe ihr könnt mir helfen  Viele Grüße!! |
|
16.10.2012, 12:05
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) Bitte mal den aktuellen adwCleaner v2.005 runterladen, also die alte adwcleaner löschen und neu runterladen
__________________adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ |
|
17.10.2012, 09:38
| #3 |
| | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) Hallo cosinus,
__________________ich habe den adwCleaner v2.005 durchlaufen lassen..anbei die Textdatei Grüße! Code:
ATTFilter # AdwCleaner v2.005 - Datei am 17/10/2012 um 08:49:34 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Andreas - ANDREAS-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Andreas\AppData\Local\Temp\boost_interprocess
Ordner Gefunden : C:\Users\Katja\AppData\Local\Temp\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\76fkmkkn.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b1eafoqg.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2086 octets] - [17/10/2012 08:49:34]
########## EOF - C:\AdwCleaner[R1].txt - [2146 octets] ##########
|
|
17.10.2012, 15:32
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.10.2012, 13:19
| #5 |
| | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) Hallo, anbei die Text-Datei vom adwCleaner.. Grüße! Code:
ATTFilter # AdwCleaner v2.005 - Datei am 17/10/2012 um 08:55:18 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Andreas - ANDREAS-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Downloads\adwcleaner(1).exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Andreas\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Katja\AppData\Local\Temp\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\76fkmkkn.default\prefs.js
C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\76fkmkkn.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b1eafoqg.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2207 octets] - [17/10/2012 08:49:34]
AdwCleaner[R2].txt - [2267 octets] - [17/10/2012 08:50:32]
AdwCleaner[R3].txt - [2330 octets] - [17/10/2012 08:55:06]
AdwCleaner[S2].txt - [2048 octets] - [17/10/2012 08:55:18]
########## EOF - C:\AdwCleaner[S2].txt - [2108 octets] ##########
|
|
18.10.2012, 14:32
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) |
|
22.10.2012, 20:47
| #7 |
| | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) ..sorry, dass ich jetzt erst antworte.. zu 1. der normale Modus von Windows ging vorher bereits und jetzt auch noch.. zu 2. also da ist mir nicht offensichtlich was aufgefallen..kann aber nicht garantieren, dass ich nicht vlt was übersehen habe..habe da nicht so den Überblick.. Viele Grüße! |
|
23.10.2012, 16:07
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) Mach bitte einen (neuen) CustomScan mit OTL - das Log davon nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2012, 16:53
| #9 |
| | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) Hey..ich hoffe ich habe alles richtig gemacht.. hier die OLT-Textdatei vom ersten Scan: Code:
ATTFilter OTL logfile created on: 26.10.2012 15:32:05 - Run 7 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 71,47% Memory free 7,86 Gb Paging File | 6,57 Gb Available in Paging File | 83,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 187,40 Gb Free Space | 65,53% Space Free | Partition Type: NTFS Computer Name: ANDREAS-LAPTOP | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Processes (SafeList) ========== PRC - [2012.10.26 13:59:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe PRC - [2012.09.26 16:35:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.26 16:34:56 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.26 16:34:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 13:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011.01.23 21:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe PRC - [2011.01.23 21:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe PRC - [2009.07.27 11:50:32 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Modules (No Company Name) ========== MOD - [2011.01.23 21:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe MOD - [2011.01.23 21:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe MOD - [2010.04.05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL MOD - [2010.04.05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll MOD - [2010.04.05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL MOD - [2010.04.05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL MOD - [2010.04.05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL MOD - [2010.04.01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll MOD - [2010.04.01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll MOD - [2009.06.23 07:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll MOD - [2009.06.23 07:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll MOD - [2009.06.23 07:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll MOD - [2009.05.27 08:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcats.dll MOD - [2009.04.28 07:56:30 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\lxebsmr.dll MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll MOD - [2009.02.20 10:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsm.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.04.14 19:56:24 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device) SRV:64bit: - [2010.04.14 19:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2012.10.21 14:10:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.13 21:53:16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.26 16:35:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.26 16:34:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:32 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.04.14 19:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2010.04.14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.26 16:35:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.26 16:35:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.26 16:35:31 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.08.05 17:03:02 | 000,032,256 | ---- | M] (Icera Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokiappo.sys -- (nokiappo) DRV:64bit: - [2009.08.05 17:03:02 | 000,022,528 | ---- | M] (Icera Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokiacpo.sys -- (nokiacpo) DRV:64bit: - [2009.07.27 09:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.07.16 13:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.07 11:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.22 20:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.06.22 20:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.06.18 14:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE364DE363 IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.06.06 14:49:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.24 22:20:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.21 14:11:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.21 14:10:46 | 000,000,000 | ---D | M] [2010.01.18 23:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2012.10.24 22:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\76fkmkkn.default\extensions [2012.10.21 14:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.21 14:10:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.21 14:11:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.24 22:20:34 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.09.26 09:09:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.29 20:22:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.26 09:09:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.26 09:09:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.26 09:09:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.26 09:09:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000..\Run: [Ovratodcju] C:\Users\Andreas\AppData\Roaming\lcptry.dll () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1271691D-610E-4484-B1F4-ABAD1885947B}: DhcpNameServer = 217.237.151.51 217.237.149.205 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D9BC7B8-21BB-4037-B34E-AAF433736479}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{08a4b500-0487-11df-b500-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{08a4b500-0487-11df-b500-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{08a4b506-0487-11df-b500-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{08a4b506-0487-11df-b500-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0b35cd0e-0c01-11df-80bd-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{0b35cd0e-0c01-11df-80bd-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0b35cd11-0c01-11df-80bd-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{0b35cd11-0c01-11df-80bd-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{411e5f3b-2dff-11df-bc52-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{411e5f3b-2dff-11df-bc52-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8be2840c-2dfa-11df-aa8f-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{8be2840c-2dfa-11df-aa8f-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a5370079-2df9-11df-9846-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{a5370079-2df9-11df-9846-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a5370086-2df9-11df-9846-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{a5370086-2df9-11df-9846-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 360 Days ========== [2012.10.26 13:59:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2012.10.21 14:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.12 20:08:11 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Malware [2012.10.12 18:07:43 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2012.10.12 18:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.12 18:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.12 18:06:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.12 18:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.12 17:22:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Macromedia [2012.10.12 17:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.10.12 17:15:25 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.12 17:15:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.10.10 20:39:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 20:39:21 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 20:39:21 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 20:39:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 20:39:13 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 20:39:13 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 20:39:13 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 20:39:12 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 20:39:12 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 20:39:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 20:39:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 20:39:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 20:39:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 20:39:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 20:39:12 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 20:39:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 20:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 20:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 20:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 20:39:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 20:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 20:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 20:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 20:39:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 20:39:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 20:39:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 20:39:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 20:39:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 20:39:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 20:39:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 20:39:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 20:39:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 20:39:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 20:39:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 20:39:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 20:39:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 20:39:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 20:39:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 20:39:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 20:39:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 20:39:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 20:38:58 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 20:38:33 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 20:38:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.08 18:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint [2012.10.08 18:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 6.0 Sprint [2012.10.04 15:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIGNAL IDUNA Gruppe [2012.09.26 17:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.09.26 17:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.09.26 16:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.26 16:49:09 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.09.26 16:49:08 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.09.26 16:49:08 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.09.26 16:49:08 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.09.26 16:47:58 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Avira [2012.09.26 16:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.09.26 16:41:32 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.26 16:41:32 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.09.26 16:41:32 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.09.26 16:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.09.26 16:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.09.26 16:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.09.26 16:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.09.26 09:44:34 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Ausarbeitungen [2012.09.26 09:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.09.26 09:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.25 20:16:33 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.22 22:17:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.22 22:17:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.22 22:17:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.22 22:17:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.22 22:17:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.22 22:17:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.22 22:17:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.22 22:17:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.22 22:17:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.22 22:17:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.22 22:17:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.22 22:17:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.22 22:17:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.22 22:17:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.22 22:17:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.12 12:58:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 12:58:31 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 12:58:24 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 12:58:24 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.09.06 11:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.06 11:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.09.06 11:04:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.09.01 16:31:47 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Passbilder [2012.08.16 07:57:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.16 07:57:42 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.16 07:57:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.16 07:57:39 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.16 07:57:33 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.16 07:57:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.16 07:57:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.16 07:57:05 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.07.17 20:05:10 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Auto [2012.07.10 19:57:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.10 19:57:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.10 19:56:57 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.10 19:56:53 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.10 19:56:52 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.06.25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll [2012.06.24 22:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012.06.24 22:20:46 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012.06.24 22:20:30 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012.06.24 22:20:30 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012.06.24 22:20:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.06.22 20:25:56 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.22 20:25:56 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.22 20:25:56 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.22 20:25:27 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.22 20:25:27 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.22 20:25:27 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.22 20:25:03 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.22 20:25:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.13 22:02:35 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\CD´s [2012.06.13 18:24:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 18:24:11 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 18:24:11 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 18:21:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.06 20:59:42 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX [2012.06.06 14:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite [2012.06.06 14:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite [2012.06.03 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Gebutrstag TL [2012.06.03 20:46:45 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Neuer Ordner [2012.06.01 22:35:35 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Hausbau [2012.05.12 23:21:41 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\SD Nikon [2012.05.12 22:59:27 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\MicroSD [2012.05.11 08:14:36 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.01 14:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012.04.12 22:00:40 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012.04.12 22:00:39 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012.04.11 15:04:22 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Signal Iduna [2012.04.03 20:40:40 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\TVgenial [2012.04.03 20:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TVgenial [2012.04.03 20:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVgenial [2012.03.14 19:45:48 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.14 19:45:48 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.02.15 10:00:35 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.02.15 10:00:34 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.02.15 10:00:34 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012.02.15 10:00:13 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.01.31 17:13:45 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.01.31 17:13:44 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012.01.31 17:13:44 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012.01.31 17:13:44 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012.01.31 17:13:44 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012.01.31 17:13:44 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012.01.12 09:58:47 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Urlaub [2012.01.11 20:50:18 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012.01.11 20:50:18 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012.01.11 20:50:18 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.01.11 20:50:18 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.01.11 20:49:55 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012.01.11 20:49:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012.01.11 20:49:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012.01.09 17:28:20 | 000,640,000 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdcoclsx64.dll [2012.01.09 17:28:20 | 000,166,912 | ---- | C] (Nokia) -- C:\Windows\SysNative\ccdcmbwux64.dll [2012.01.09 17:28:20 | 000,019,968 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys [2012.01.09 17:28:20 | 000,009,216 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys [2012.01.09 17:28:20 | 000,009,216 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys [2012.01.09 17:28:18 | 000,027,136 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys [2011.12.15 15:18:51 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.15 15:18:50 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.15 15:18:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.03 14:42:12 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Hellerau [2011.11.26 18:45:22 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\msxml3.dll [2011.11.26 18:45:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\msxml3r.dll [2011.11.26 18:45:22 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\msxml3a.dll [2011.11.26 18:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend [2011.11.26 18:42:07 | 000,268,048 | ---- | C] (MetaCreations Corporation) -- C:\Windows\SysWow64\dxtmeta2.dll [2009.08.14 12:17:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 360 Days ========== [2012.10.26 14:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.26 14:52:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.26 14:52:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.26 14:45:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.26 14:45:21 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys [2012.10.26 13:59:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2012.10.21 14:09:36 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.21 14:09:36 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.21 14:09:36 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.21 14:09:36 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.21 14:09:36 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.13 21:53:15 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.13 21:53:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.04 15:47:13 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\SI BSW Exklusiv-Vertrieb.lnk [2012.09.27 14:17:46 | 000,425,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.26 18:49:46 | 000,000,329 | ---- | M] () -- C:\Windows\WinInit.Ini [2012.09.26 17:52:49 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT [2012.09.26 17:45:27 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT [2012.09.26 17:45:27 | 000,000,000 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Bass Amp [2012.09.26 17:45:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\Bass [2012.09.26 17:45:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\Automatic Filter [2012.09.26 16:48:55 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.09.26 16:48:55 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.09.26 16:48:55 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.09.26 16:48:55 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.09.26 16:48:55 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.09.26 16:36:17 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.26 16:35:31 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.26 16:35:31 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.09.26 16:35:31 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.09.17 16:37:16 | 000,057,244 | ---- | M] () -- C:\Windows\Kaufvertrag über einen gebrauchten Roller.pdf [2012.09.14 13:44:39 | 000,005,850 | ---- | M] () -- C:\Windows\creditreform.pdf [2012.09.10 16:36:50 | 000,143,360 | RHS- | M] () -- C:\Users\Andreas\AppData\Roaming\lcptry.dll [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.06 11:04:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.30 20:03:45 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.08.30 19:12:02 | 003,968,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.08.30 19:12:02 | 003,914,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.08.27 20:45:51 | 000,017,749 | ---- | M] () -- C:\Windows\www.bfwt.de_cms_projekte_stundenplaene_dresden_enderstr_eb09b.htm.pdf [2012.08.27 20:37:48 | 000,822,191 | ---- | M] () -- C:\Windows\2012_13_Klassenplanung_Teilzeit.pdf [2012.08.27 20:26:48 | 000,008,125 | ---- | M] () -- C:\Windows\CustomerInvoice_D9089424-01.pdf [2012.08.27 20:25:31 | 000,243,469 | ---- | M] () -- C:\Windows\Memoformat.pdf [2012.08.24 20:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.08.24 12:31:32 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.24 12:20:11 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.24 12:18:46 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.24 12:14:45 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.24 12:14:34 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.24 12:13:29 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.08.24 12:11:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.08.24 12:10:14 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.24 12:04:06 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.24 08:51:02 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.24 08:49:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.24 08:47:36 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.24 08:47:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.24 08:44:10 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.24 08:40:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.22 20:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.08.22 20:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.08.21 23:01:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.08.20 20:48:44 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.08.20 20:48:44 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.08.20 20:48:44 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.08.20 20:48:43 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.08.20 20:48:37 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.08.20 20:48:35 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.08.20 20:48:35 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.08.20 20:46:22 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.08.20 20:38:32 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.08.20 20:38:31 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.08.20 19:40:21 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.08.20 19:38:26 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.08.20 19:37:19 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.08.20 19:32:13 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.08.20 19:32:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.08.20 17:38:21 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.08.20 17:38:20 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.08.20 17:33:28 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.08.20 17:33:28 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.08.20 17:33:28 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.08.20 17:33:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.08.17 17:38:01 | 000,193,024 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.16 08:29:37 | 000,022,267 | ---- | M] () -- C:\Windows\Seat24.de, Buchung und Quittung. Bestellnummer _ JY6YPY Buchungsnr._ Amadeus_6BK9BO - 2012-08-16 08_28_00.pdf [2012.08.02 19:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.07.25 08:39:47 | 000,380,697 | ---- | M] () -- C:\Windows\Visco-Kaltschaummatratze, Breckle - Latex & Visco - Matratzen - .pdf [2012.07.25 08:38:33 | 000,383,266 | ---- | M] () -- C:\Windows\Visco-Kaltschaummatratze, Breckle - Latex & Visco - Matratzen - Schlafwelt.pdf [2012.07.25 08:23:17 | 000,098,383 | ---- | M] () -- C:\Windows\Matratzen, Lattenroste und Bettgestelle auch in Sondergrößen in Münster bei Schlafkomfort Soldberg -.pdf [2012.07.25 08:22:43 | 000,092,358 | ---- | M] () -- C:\Windows\Schöne-Träume.pdf [2012.07.22 15:18:41 | 000,005,397 | ---- | M] () -- C:\Windows\CDPLAYER.INI [2012.07.22 15:18:30 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdate.dll [2012.07.19 13:59:12 | 000,511,195 | ---- | M] () -- C:\Windows\Routenplaner – Falk.pdf [2012.07.18 20:34:34 | 000,095,191 | ---- | M] () -- C:\Windows\www.autobudget.pdf [2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.07.04 22:26:03 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.06.30 21:08:58 | 000,129,749 | ---- | M] () -- C:\Windows\2001 Audi A4 2.0 4-türig Limousine - Bewertung - Autobudget.pdf [2012.06.29 22:09:57 | 000,026,821 | ---- | M] () -- C:\Windows\Ausarbeitung EF.pdf [2012.06.28 13:54:59 | 000,011,308 | ---- | M] () -- C:\Windows\AZN Scholz 2012.pdf [2012.06.25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll [2012.06.24 22:20:46 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012.06.24 22:20:30 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012.06.24 22:20:30 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012.06.24 22:20:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.06.19 13:54:46 | 008,397,929 | ---- | M] () -- C:\Windows\Unterlagen von Claudia.pdf [2012.06.06 20:59:42 | 001,070,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX [2012.06.06 14:50:01 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk [2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.06.04 20:23:59 | 022,259,528 | ---- | M] () -- C:\Users\Andreas\Documents\vlc-2.0.1-win32.exe [2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.02 07:44:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.06.02 07:41:28 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.02 07:41:27 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.01 22:39:45 | 000,184,895 | ---- | M] () -- C:\Windows\090613_hellerau_plakat.pdf [2012.06.01 22:35:15 | 000,079,975 | ---- | M] () -- C:\Windows\Detailseite - Staatsbetrieb Sächsisches Immobilien- und Baumanagement.pdf [2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.05.12 13:21:11 | 000,056,821 | ---- | M] () -- C:\Windows\ESTA-Antrag.pdf [2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.04.26 07:34:27 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.04.15 14:01:16 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.04.03 20:40:41 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\TVgenial.lnk [2012.03.08 14:37:21 | 000,141,812 | ---- | M] () -- C:\Windows\Condor - Technische Daten der Boeing 767-300ER.pdf [2012.03.03 21:36:51 | 000,009,054 | ---- | M] () -- C:\Windows\Condor - Bestätigung.pdf [2012.03.03 08:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012.03.01 08:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012.02.17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.02.11 08:43:47 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.02.11 08:36:01 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.02.11 07:43:49 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.02.10 22:49:35 | 000,025,598 | ---- | M] () -- C:\Windows\EF Ausarbeitung.pdf [2012.01.29 18:38:50 | 000,007,932 | ---- | M] () -- C:\Windows\Schreiben zum Widerspruch1.pdf [2012.01.17 12:40:52 | 000,024,272 | ---- | M] () -- C:\Windows\DOCUMENTO DE RESERVACIONES ING.pdf [2012.01.12 12:08:01 | 000,239,668 | ---- | M] () -- C:\Windows\Clever-hotels.com Hotel offer.pdf [2012.01.12 11:53:14 | 000,114,859 | ---- | M] () -- C:\Windows\Hotel Ramada Ponce Puerto Rico San Juan Ponce Ponce.pdf [2012.01.09 17:28:20 | 000,640,000 | ---- | M] (Nokia) -- C:\Windows\SysNative\nmwcdcoclsx64.dll [2012.01.09 17:28:20 | 000,166,912 | ---- | M] (Nokia) -- C:\Windows\SysNative\ccdcmbwux64.dll [2012.01.09 17:28:20 | 000,057,856 | ---- | M] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys [2012.01.04 12:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2011.12.30 08:26:08 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2011.12.30 07:27:56 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2011.12.29 23:24:16 | 000,006,610 | ---- | M] () -- C:\Windows\Arbeitsamt.pdf [2011.12.21 19:20:04 | 000,554,743 | ---- | M] () -- C:\Windows\Chefkoch.de Rezept_ Tomaten - Spinat - Lasagne.pdf [2011.12.19 10:11:40 | 000,011,017 | ---- | M] () -- C:\Windows\Scholz2011aktuell.pdf [2011.12.16 10:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2011.12.12 10:38:26 | 005,349,260 | ---- | M] () -- C:\Windows\7s.pdf [2011.12.01 16:14:31 | 000,032,726 | ---- | M] () -- C:\Windows\SBP.pdf [2011.11.21 13:52:25 | 000,026,200 | ---- | M] () -- C:\Windows\Bestellnummer_ 8004704.pdf [2011.11.19 16:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2011.11.17 08:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.11.17 08:35:28 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2011.11.17 08:35:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2011.11.17 08:35:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2011.11.17 08:35:25 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2011.11.17 08:35:19 | 001,447,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2011.11.12 14:50:35 | 000,049,152 | -H-- | M] () -- C:\Users\Andreas\Documents\photothumb.db [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.12 17:22:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.10.12 17:15:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.04 15:47:13 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\SI BSW Exklusiv-Vertrieb.lnk [2012.09.27 14:17:32 | 000,425,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.26 17:45:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\Bass [2012.09.26 17:45:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\Automatic Filter [2012.09.26 16:36:17 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.17 16:37:14 | 000,057,244 | ---- | C] () -- C:\Windows\Kaufvertrag über einen gebrauchten Roller.pdf [2012.09.14 13:43:10 | 000,005,850 | ---- | C] () -- C:\Windows\creditreform.pdf [2012.09.10 16:36:50 | 000,143,360 | RHS- | C] () -- C:\Users\Andreas\AppData\Roaming\lcptry.dll [2012.09.06 11:04:38 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.27 20:26:47 | 000,008,125 | ---- | C] () -- C:\Windows\CustomerInvoice_D9089424-01.pdf [2012.08.16 08:29:35 | 000,022,267 | ---- | C] () -- C:\Windows\Seat24.de, Buchung und Quittung. Bestellnummer _ JY6YPY Buchungsnr._ Amadeus_6BK9BO - 2012-08-16 08_28_00.pdf [2012.07.29 21:05:31 | 000,822,191 | ---- | C] () -- C:\Windows\2012_13_Klassenplanung_Teilzeit.pdf [2012.07.25 08:39:44 | 000,380,697 | ---- | C] () -- C:\Windows\Visco-Kaltschaummatratze, Breckle - Latex & Visco - Matratzen - .pdf [2012.07.25 08:38:30 | 000,383,266 | ---- | C] () -- C:\Windows\Visco-Kaltschaummatratze, Breckle - Latex & Visco - Matratzen - Schlafwelt.pdf [2012.07.25 08:23:14 | 000,098,383 | ---- | C] () -- C:\Windows\Matratzen, Lattenroste und Bettgestelle auch in Sondergrößen in Münster bei Schlafkomfort Soldberg -.pdf [2012.07.25 08:22:40 | 000,092,358 | ---- | C] () -- C:\Windows\Schöne-Träume.pdf [2012.07.18 20:34:32 | 000,095,191 | ---- | C] () -- C:\Windows\www.autobudget.pdf [2012.06.30 21:08:56 | 000,129,749 | ---- | C] () -- C:\Windows\2001 Audi A4 2.0 4-türig Limousine - Bewertung - Autobudget.pdf [2012.06.29 22:09:55 | 000,026,821 | ---- | C] () -- C:\Windows\Ausarbeitung EF.pdf [2012.06.19 13:54:37 | 008,397,929 | ---- | C] () -- C:\Windows\Unterlagen von Claudia.pdf [2012.06.12 22:24:56 | 000,005,397 | ---- | C] () -- C:\Windows\CDPLAYER.INI [2012.06.06 14:50:01 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk [2012.06.04 20:23:26 | 022,259,528 | ---- | C] () -- C:\Users\Andreas\Documents\vlc-2.0.1-win32.exe [2012.06.01 22:39:19 | 000,184,895 | ---- | C] () -- C:\Windows\090613_hellerau_plakat.pdf [2012.06.01 22:35:13 | 000,079,975 | ---- | C] () -- C:\Windows\Detailseite - Staatsbetrieb Sächsisches Immobilien- und Baumanagement.pdf [2012.05.14 14:35:34 | 000,011,308 | ---- | C] () -- C:\Windows\AZN Scholz 2012.pdf [2012.05.12 13:06:47 | 000,056,821 | ---- | C] () -- C:\Windows\ESTA-Antrag.pdf [2012.04.03 20:40:41 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\TVgenial.lnk [2012.03.08 14:37:19 | 000,141,812 | ---- | C] () -- C:\Windows\Condor - Technische Daten der Boeing 767-300ER.pdf [2012.03.03 21:36:49 | 000,009,054 | ---- | C] () -- C:\Windows\Condor - Bestätigung.pdf [2012.02.10 22:49:33 | 000,025,598 | ---- | C] () -- C:\Windows\EF Ausarbeitung.pdf [2012.01.29 18:38:49 | 000,007,932 | ---- | C] () -- C:\Windows\Schreiben zum Widerspruch1.pdf [2012.01.17 12:40:51 | 000,024,272 | ---- | C] () -- C:\Windows\DOCUMENTO DE RESERVACIONES ING.pdf [2012.01.12 11:52:39 | 000,114,859 | ---- | C] () -- C:\Windows\Hotel Ramada Ponce Puerto Rico San Juan Ponce Ponce.pdf [2012.01.12 10:15:54 | 000,239,668 | ---- | C] () -- C:\Windows\Clever-hotels.com Hotel offer.pdf [2011.12.29 23:24:15 | 000,006,610 | ---- | C] () -- C:\Windows\Arbeitsamt.pdf [2011.12.21 19:20:02 | 000,554,743 | ---- | C] () -- C:\Windows\Chefkoch.de Rezept_ Tomaten - Spinat - Lasagne.pdf [2011.12.19 10:08:30 | 000,511,195 | ---- | C] () -- C:\Windows\Routenplaner – Falk.pdf [2011.12.12 10:37:39 | 005,349,260 | ---- | C] () -- C:\Windows\7s.pdf [2011.12.01 16:14:29 | 000,032,726 | ---- | C] () -- C:\Windows\SBP.pdf [2011.11.29 14:21:19 | 000,011,017 | ---- | C] () -- C:\Windows\Scholz2011aktuell.pdf [2011.11.21 13:52:23 | 000,026,200 | ---- | C] () -- C:\Windows\Bestellnummer_ 8004704.pdf [2011.07.18 12:49:18 | 000,324,419 | ---- | C] () -- C:\Windows\www.promod-news.com_optiext_optiextension.dll_ID=QgO5KluwkQIc_mkQQQ_.pdf [2011.05.23 17:43:45 | 000,074,250 | ---- | C] () -- C:\Windows\hpqins16.dat [2011.03.19 15:46:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.17 14:33:22 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.17 14:22:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.08.17 14:22:27 | 000,000,000 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Bass Amp [2010.07.25 12:24:40 | 000,975,140 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\PandaIDProtectHelp_de.chm [2010.04.29 20:45:33 | 000,193,024 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.31 17:03:42 | 000,000,564 | ---- | C] () -- C:\Users\Andreas\AppData\Local\FSCache.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > |
|
27.10.2012, 16:54
| #10 |
| | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) ..und hier die OLT-Textdatei vom zweiten Scan mit den benutzerdefinierte Scans/Fixes: Code:
ATTFilter OTL logfile created on: 26.10.2012 15:47:00 - Run 8 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 67,11% Memory free 7,86 Gb Paging File | 6,52 Gb Available in Paging File | 82,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 187,40 Gb Free Space | 65,53% Space Free | Partition Type: NTFS Computer Name: ANDREAS-LAPTOP | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.26 13:59:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe PRC - [2012.09.26 16:35:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.26 16:34:56 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.26 16:34:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 13:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011.01.23 21:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe PRC - [2011.01.23 21:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe PRC - [2009.07.27 11:50:32 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Modules (No Company Name) ========== MOD - [2011.01.23 21:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe MOD - [2011.01.23 21:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe MOD - [2010.04.05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL MOD - [2010.04.05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll MOD - [2010.04.05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL MOD - [2010.04.05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL MOD - [2010.04.05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL MOD - [2010.04.01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll MOD - [2010.04.01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll MOD - [2009.06.23 07:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll MOD - [2009.06.23 07:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll MOD - [2009.06.23 07:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll MOD - [2009.05.27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll MOD - [2009.05.27 08:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcats.dll MOD - [2009.04.28 07:56:30 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\lxebsmr.dll MOD - [2009.04.07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll MOD - [2009.03.10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll MOD - [2009.03.02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll MOD - [2009.02.20 10:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsm.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.04.14 19:56:24 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device) SRV:64bit: - [2010.04.14 19:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2012.10.21 14:10:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.13 21:53:16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.26 16:35:21 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.26 16:34:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:32 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.04.14 19:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2010.04.14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.26 16:35:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.26 16:35:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.26 16:35:31 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.08.05 17:03:02 | 000,032,256 | ---- | M] (Icera Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokiappo.sys -- (nokiappo) DRV:64bit: - [2009.08.05 17:03:02 | 000,022,528 | ---- | M] (Icera Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokiacpo.sys -- (nokiacpo) DRV:64bit: - [2009.07.27 09:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.07.16 13:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.07 11:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.22 20:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.06.22 20:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.06.18 14:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360110a935l0344z165t5812x35q IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE364DE363 IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.06.06 14:49:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.24 22:20:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.21 14:11:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.21 14:10:46 | 000,000,000 | ---D | M] [2010.01.18 23:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2012.10.24 22:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\76fkmkkn.default\extensions [2012.10.21 14:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.21 14:10:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.21 14:11:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.24 22:20:34 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.09.26 09:09:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.29 20:22:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.26 09:09:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.26 09:09:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.26 09:09:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.26 09:09:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1264133486-3778195708-1647180911-1000..\Run: [Ovratodcju] C:\Users\Andreas\AppData\Roaming\lcptry.dll () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1271691D-610E-4484-B1F4-ABAD1885947B}: DhcpNameServer = 217.237.151.51 217.237.149.205 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D9BC7B8-21BB-4037-B34E-AAF433736479}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{08a4b500-0487-11df-b500-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{08a4b500-0487-11df-b500-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{08a4b506-0487-11df-b500-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{08a4b506-0487-11df-b500-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0b35cd0e-0c01-11df-80bd-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{0b35cd0e-0c01-11df-80bd-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0b35cd11-0c01-11df-80bd-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{0b35cd11-0c01-11df-80bd-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{411e5f3b-2dff-11df-bc52-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{411e5f3b-2dff-11df-bc52-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8be2840c-2dfa-11df-aa8f-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{8be2840c-2dfa-11df-aa8f-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a5370079-2df9-11df-9846-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{a5370079-2df9-11df-9846-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a5370086-2df9-11df-9846-00262271d79d}\Shell - "" = AutoRun O33 - MountPoints2\{a5370086-2df9-11df-9846-00262271d79d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Nokia Internet Modem - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Internet Modem\WellPhone2.exe (SmartCom) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2012.10.26 13:59:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2012.10.21 14:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.12 20:08:11 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Malware [2012.10.12 18:07:43 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2012.10.12 18:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.12 18:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.12 18:06:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.12 18:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.12 17:22:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Macromedia [2012.10.12 17:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.10.12 17:15:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.10.08 18:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint [2012.10.08 18:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 6.0 Sprint [2012.10.04 15:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIGNAL IDUNA Gruppe [2012.09.26 17:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.09.26 17:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.09.26 16:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.26 16:47:58 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Avira [2012.09.26 16:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.09.26 16:41:32 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.26 16:41:32 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.09.26 16:41:32 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.09.26 16:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.09.26 16:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.09.26 16:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.09.26 16:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009.08.14 12:17:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.26 14:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.26 14:52:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.26 14:52:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.26 14:45:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.26 14:45:21 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys [2012.10.26 13:59:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2012.10.21 14:09:36 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.21 14:09:36 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.21 14:09:36 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.21 14:09:36 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.21 14:09:36 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.04 15:47:13 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\SI BSW Exklusiv-Vertrieb.lnk [2012.09.27 14:17:46 | 000,425,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.26 18:49:46 | 000,000,329 | ---- | M] () -- C:\Windows\WinInit.Ini [2012.09.26 17:52:49 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT [2012.09.26 17:45:27 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT [2012.09.26 17:45:27 | 000,000,000 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Bass Amp [2012.09.26 17:45:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\Bass [2012.09.26 17:45:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\Automatic Filter [2012.09.26 16:36:17 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.26 16:35:31 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.26 16:35:31 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.09.26 16:35:31 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.12 17:22:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.10.12 17:15:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.04 15:47:13 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\SI BSW Exklusiv-Vertrieb.lnk [2012.09.27 14:17:32 | 000,425,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.26 17:45:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\Bass [2012.09.26 17:45:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\Automatic Filter [2012.09.26 16:36:17 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.10 16:36:50 | 000,143,360 | RHS- | C] () -- C:\Users\Andreas\AppData\Roaming\lcptry.dll [2012.06.12 22:24:56 | 000,005,397 | ---- | C] () -- C:\Windows\CDPLAYER.INI [2012.01.12 10:15:54 | 000,239,668 | ---- | C] () -- C:\Windows\Clever-hotels.com Hotel offer.pdf [2011.07.18 12:49:18 | 000,324,419 | ---- | C] () -- C:\Windows\www.promod-news.com_optiext_optiextension.dll_ID=QgO5KluwkQIc_mkQQQ_.pdf [2011.05.23 17:43:45 | 000,074,250 | ---- | C] () -- C:\Windows\hpqins16.dat [2011.03.19 15:46:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.17 14:33:22 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.17 14:22:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.08.17 14:22:27 | 000,000,000 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Bass Amp [2010.07.25 12:24:40 | 000,975,140 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\PandaIDProtectHelp_de.chm [2010.04.29 20:45:33 | 000,193,024 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.31 17:03:42 | 000,000,564 | ---- | C] () -- C:\Users\Andreas\AppData\Local\FSCache.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.01 16:38:18 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\.# [2012.04.16 00:15:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\elsterformular [2010.01.27 01:54:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\GameConsole [2010.08.17 14:35:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nikon [2012.09.26 17:14:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia [2010.07.12 17:54:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Panda Security [2010.04.28 17:37:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PC Suite [2010.07.13 12:19:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PhotoScape [2010.03.28 10:47:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PlayFirst [2010.07.28 15:43:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Pro200-S500 Series [2010.07.25 12:34:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Skinux [2010.01.18 23:01:37 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SoftDMA [2010.07.12 17:54:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SurfSecret Privacy Suite [2012.10.22 22:25:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TVgenial [2010.10.09 13:25:22 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Nikon [2010.09.05 13:36:31 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Nokia [2010.09.05 13:36:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\PC Suite [2010.09.10 11:21:37 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\PhotoScape [2010.07.25 19:56:27 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Skinux [2012.10.01 19:58:51 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\TVgenial ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.01 16:38:18 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\.# [2012.10.12 22:32:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Adobe [2011.02.12 10:15:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Apple Computer [2012.09.26 17:22:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Arcsoft [2012.09.26 16:47:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Avira [2010.01.18 23:01:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\CyberLink [2012.05.13 17:59:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DivX [2012.04.16 00:15:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\elsterformular [2010.01.27 01:54:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\GameConsole [2010.01.18 23:18:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Google [2010.01.18 22:52:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Identities [2010.01.18 22:53:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macromedia [2012.10.12 18:07:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Media Center Programs [2012.10.12 17:22:51 | 000,000,000 | --SD | M] -- C:\Users\Andreas\AppData\Roaming\Microsoft [2010.01.18 23:21:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mozilla [2010.08.17 14:35:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nikon [2012.09.26 17:14:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia [2010.07.12 17:54:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Panda Security [2010.04.28 17:37:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PC Suite [2010.07.13 12:19:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PhotoScape [2010.03.28 10:47:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PlayFirst [2010.07.28 15:43:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Pro200-S500 Series [2012.06.24 22:20:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Real [2010.07.25 12:34:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Skinux [2012.09.26 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Skype [2011.04.11 21:44:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\skypePM [2010.01.18 23:01:37 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SoftDMA [2010.07.12 17:54:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SurfSecret Privacy Suite [2012.10.22 22:25:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TVgenial [2012.09.26 17:56:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2011.02.10 21:51:24 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Andreas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2012.06.21 09:37:04 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Andreas\AppData\Roaming\Real\Msg\1_1338861647\RealPlayer_de.exe [2012.06.21 22:48:48 | 000,591,480 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Andreas\AppData\Roaming\Real\RealPlayer\setup\AU_setup20120216.exe [2012.06.12 17:50:45 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Andreas\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > [2007.12.27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > Viele Grüße!! |
|
27.10.2012, 19:59
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.11.2012, 02:21
| #12 |
| | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) Hallo, ..so bin wieder aus dem Urlaub da ..seit Sonntag tritt das Problem nicht mehr auf..obwohl ich nicht besonderes gemacht habe..hat evtl. Microsoft das mit einem Win-Update behoben? Ich habe trotzdem noch alles wie in der Anleitung geschrieben gemacht. !das habe ich letzten Donnerstag gemacht, also als das Problem noch aktuell war! Viele Grüße! Hier zunächst das Logfile des aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-14 21:53:47
-----------------------------
21:53:47.793 OS Version: Windows x64 6.1.7601 Service Pack 1
21:53:47.793 Number of processors: 2 586 0x170A
21:53:47.793 ComputerName: ANDREAS-LAPTOP UserName: Andreas
21:53:49.525 Initialize success
21:54:01.740 AVAST engine defs: 12111401
21:54:05.172 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:54:05.172 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
21:54:05.234 Disk 0 MBR read successfully
21:54:05.234 Disk 0 MBR scan
21:54:05.250 Disk 0 Windows 7 default MBR code
21:54:05.281 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
21:54:05.312 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
21:54:05.343 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292850 MB offset 25382700
21:54:05.468 Disk 0 scanning C:\Windows\system32\drivers
21:54:30.335 Service scanning
21:55:09.054 Modules scanning
21:55:09.054 Disk 0 trace - called modules:
21:55:09.085 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:55:09.101 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800579f060]
21:55:09.101 3 CLASSPNP.SYS[fffff880013bc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004773050]
21:55:10.162 AVAST engine scan C:\Windows
21:55:20.239 AVAST engine scan C:\Windows\system32
22:02:36.829 AVAST engine scan C:\Windows\system32\drivers
22:02:52.117 AVAST engine scan C:\Users\Andreas
22:14:06.101 Disk 0 MBR has been saved successfully to "C:\Users\Andreas\Desktop\MBR.dat"
22:14:06.116 The log file has been saved successfully to "C:\Users\Andreas\Desktop\aswMBR.txt"
Code:
ATTFilter 09:43:22.0196 3512 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:43:22.0492 3512 ============================================================
09:43:22.0492 3512 Current date / time: 2012/11/15 09:43:22.0492
09:43:22.0492 3512 SystemInfo:
09:43:22.0492 3512
09:43:22.0492 3512 OS Version: 6.1.7601 ServicePack: 1.0
09:43:22.0492 3512 Product type: Workstation
09:43:22.0492 3512 ComputerName: ANDREAS-LAPTOP
09:43:22.0492 3512 UserName: Andreas
09:43:22.0492 3512 Windows directory: C:\Windows
09:43:22.0492 3512 System windows directory: C:\Windows
09:43:22.0492 3512 Running under WOW64
09:43:22.0492 3512 Processor architecture: Intel x64
09:43:22.0492 3512 Number of processors: 2
09:43:22.0492 3512 Page size: 0x1000
09:43:22.0492 3512 Boot type: Normal boot
09:43:22.0492 3512 ============================================================
09:43:24.0302 3512 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:43:24.0317 3512 ============================================================
09:43:24.0317 3512 \Device\Harddisk0\DR0:
09:43:24.0317 3512 MBR partitions:
09:43:24.0317 3512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
09:43:24.0317 3512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x23BF9384
09:43:24.0317 3512 ============================================================
09:43:24.0348 3512 C: <-> \Device\Harddisk0\DR0\Partition2
09:43:24.0348 3512 ============================================================
09:43:24.0348 3512 Initialize success
09:43:24.0348 3512 ============================================================
09:43:35.0549 1388 ============================================================
09:43:35.0549 1388 Scan started
09:43:35.0549 1388 Mode: Manual; SigCheck; TDLFS;
09:43:35.0549 1388 ============================================================
09:43:36.0438 1388 ================ Scan system memory ========================
09:43:36.0438 1388 System memory - ok
09:43:36.0438 1388 ================ Scan services =============================
09:43:36.0688 1388 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:43:37.0062 1388 1394ohci - ok
09:43:37.0187 1388 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:43:37.0218 1388 ACPI - ok
09:43:37.0281 1388 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:43:37.0390 1388 AcpiPmi - ok
09:43:37.0562 1388 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:43:37.0577 1388 AdobeARMservice - ok
09:43:37.0686 1388 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:43:37.0718 1388 AdobeFlashPlayerUpdateSvc - ok
09:43:37.0874 1388 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:43:37.0936 1388 adp94xx - ok
09:43:37.0998 1388 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:43:38.0045 1388 adpahci - ok
09:43:38.0092 1388 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:43:38.0201 1388 adpu320 - ok
09:43:38.0248 1388 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:43:38.0420 1388 AeLookupSvc - ok
09:43:38.0482 1388 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:43:38.0576 1388 AFD - ok
09:43:38.0638 1388 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:43:38.0700 1388 agp440 - ok
09:43:38.0747 1388 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:43:38.0841 1388 ALG - ok
09:43:38.0919 1388 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:43:38.0934 1388 aliide - ok
09:43:38.0966 1388 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:43:39.0012 1388 amdide - ok
09:43:39.0044 1388 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:43:39.0153 1388 AmdK8 - ok
09:43:39.0184 1388 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:43:39.0246 1388 AmdPPM - ok
09:43:39.0309 1388 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:43:39.0356 1388 amdsata - ok
09:43:39.0434 1388 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:43:39.0480 1388 amdsbs - ok
09:43:39.0496 1388 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:43:39.0543 1388 amdxata - ok
09:43:39.0621 1388 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:43:39.0683 1388 AntiVirSchedulerService - ok
09:43:39.0730 1388 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:43:39.0761 1388 AntiVirService - ok
09:43:39.0839 1388 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:43:40.0073 1388 AppID - ok
09:43:40.0104 1388 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:43:40.0198 1388 AppIDSvc - ok
09:43:40.0276 1388 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:43:40.0354 1388 Appinfo - ok
09:43:40.0401 1388 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:43:40.0432 1388 arc - ok
09:43:40.0463 1388 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:43:40.0494 1388 arcsas - ok
09:43:40.0526 1388 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:43:40.0635 1388 AsyncMac - ok
09:43:40.0682 1388 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:43:40.0713 1388 atapi - ok
09:43:40.0822 1388 [ B2C3A8618867404475228F7DD260698B ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:43:40.0947 1388 athr - ok
09:43:41.0072 1388 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:43:41.0181 1388 AudioEndpointBuilder - ok
09:43:41.0196 1388 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:43:41.0259 1388 AudioSrv - ok
09:43:41.0337 1388 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
09:43:41.0430 1388 avgntflt - ok
09:43:41.0477 1388 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
09:43:41.0508 1388 avipbb - ok
09:43:41.0555 1388 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
09:43:41.0571 1388 avkmgr - ok
09:43:41.0633 1388 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:43:41.0727 1388 AxInstSV - ok
09:43:41.0789 1388 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:43:41.0852 1388 b06bdrv - ok
09:43:41.0898 1388 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:43:41.0945 1388 b57nd60a - ok
09:43:42.0086 1388 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
09:43:42.0226 1388 BCM43XX - ok
09:43:42.0273 1388 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:43:42.0351 1388 BDESVC - ok
09:43:42.0398 1388 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:43:42.0491 1388 Beep - ok
09:43:42.0632 1388 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:43:42.0741 1388 BFE - ok
09:43:42.0866 1388 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:43:42.0975 1388 BITS - ok
09:43:43.0006 1388 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:43:43.0068 1388 blbdrive - ok
09:43:43.0100 1388 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:43:43.0146 1388 bowser - ok
09:43:43.0178 1388 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:43:43.0287 1388 BrFiltLo - ok
09:43:43.0302 1388 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:43:43.0334 1388 BrFiltUp - ok
09:43:43.0380 1388 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:43:43.0443 1388 Browser - ok
09:43:43.0505 1388 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:43:43.0583 1388 Brserid - ok
09:43:43.0599 1388 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:43:43.0661 1388 BrSerWdm - ok
09:43:43.0677 1388 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:43:43.0739 1388 BrUsbMdm - ok
09:43:43.0802 1388 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:43:43.0833 1388 BrUsbSer - ok
09:43:43.0848 1388 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:43:43.0895 1388 BTHMODEM - ok
09:43:43.0942 1388 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:43:44.0036 1388 bthserv - ok
09:43:44.0067 1388 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:43:44.0129 1388 cdfs - ok
09:43:44.0207 1388 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:43:44.0270 1388 cdrom - ok
09:43:44.0332 1388 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:43:44.0426 1388 CertPropSvc - ok
09:43:44.0472 1388 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:43:44.0535 1388 circlass - ok
09:43:44.0597 1388 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:43:44.0644 1388 CLFS - ok
09:43:44.0769 1388 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:43:44.0831 1388 clr_optimization_v2.0.50727_32 - ok
09:43:44.0894 1388 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:43:44.0925 1388 clr_optimization_v2.0.50727_64 - ok
09:43:45.0034 1388 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:43:45.0081 1388 clr_optimization_v4.0.30319_32 - ok
09:43:45.0143 1388 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:43:45.0159 1388 clr_optimization_v4.0.30319_64 - ok
09:43:45.0190 1388 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:43:45.0237 1388 CmBatt - ok
09:43:45.0252 1388 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:43:45.0284 1388 cmdide - ok
09:43:45.0346 1388 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:43:45.0424 1388 CNG - ok
09:43:45.0455 1388 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:43:45.0486 1388 Compbatt - ok
09:43:45.0549 1388 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:43:45.0596 1388 CompositeBus - ok
09:43:45.0611 1388 COMSysApp - ok
09:43:45.0642 1388 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:43:45.0674 1388 crcdisk - ok
09:43:45.0767 1388 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:43:45.0830 1388 CryptSvc - ok
09:43:45.0923 1388 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:43:46.0017 1388 DcomLaunch - ok
09:43:46.0064 1388 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:43:46.0157 1388 defragsvc - ok
09:43:46.0204 1388 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:43:46.0282 1388 DfsC - ok
09:43:46.0376 1388 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:43:46.0454 1388 Dhcp - ok
09:43:46.0485 1388 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:43:46.0547 1388 discache - ok
09:43:46.0578 1388 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:43:46.0610 1388 Disk - ok
09:43:46.0672 1388 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys
09:43:46.0703 1388 DKbFltr - ok
09:43:46.0750 1388 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:43:46.0859 1388 Dnscache - ok
09:43:46.0937 1388 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:43:47.0031 1388 dot3svc - ok
09:43:47.0078 1388 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:43:47.0156 1388 DPS - ok
09:43:47.0218 1388 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:43:47.0249 1388 drmkaud - ok
09:43:47.0327 1388 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:43:47.0390 1388 DXGKrnl - ok
09:43:47.0436 1388 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:43:47.0514 1388 EapHost - ok
09:43:47.0702 1388 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:43:47.0920 1388 ebdrv - ok
09:43:47.0967 1388 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:43:48.0045 1388 EFS - ok
09:43:48.0216 1388 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:43:48.0310 1388 ehRecvr - ok
09:43:48.0341 1388 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:43:48.0404 1388 ehSched - ok
09:43:48.0466 1388 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:43:48.0513 1388 elxstor - ok
09:43:48.0638 1388 [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
09:43:48.0700 1388 ePowerSvc - ok
09:43:48.0731 1388 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:43:48.0762 1388 ErrDev - ok
09:43:48.0825 1388 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:43:48.0950 1388 EventSystem - ok
09:43:48.0981 1388 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:43:49.0074 1388 exfat - ok
09:43:49.0090 1388 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:43:49.0184 1388 fastfat - ok
09:43:49.0293 1388 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:43:49.0355 1388 Fax - ok
09:43:49.0386 1388 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:43:49.0402 1388 fdc - ok
09:43:49.0433 1388 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:43:49.0496 1388 fdPHost - ok
09:43:49.0527 1388 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:43:49.0605 1388 FDResPub - ok
09:43:49.0620 1388 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:43:49.0652 1388 FileInfo - ok
09:43:49.0667 1388 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:43:49.0761 1388 Filetrace - ok
09:43:49.0776 1388 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:43:49.0839 1388 flpydisk - ok
09:43:49.0932 1388 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:43:49.0995 1388 FltMgr - ok
09:43:50.0057 1388 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:43:50.0151 1388 FontCache - ok
09:43:50.0198 1388 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:43:50.0213 1388 FontCache3.0.0.0 - ok
09:43:50.0260 1388 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:43:50.0276 1388 FsDepends - ok
09:43:50.0338 1388 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:43:50.0369 1388 Fs_Rec - ok
09:43:50.0432 1388 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:43:50.0463 1388 fvevol - ok
09:43:50.0478 1388 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:43:50.0525 1388 gagp30kx - ok
09:43:50.0603 1388 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:43:50.0712 1388 gpsvc - ok
09:43:50.0837 1388 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
09:43:50.0915 1388 Greg_Service - ok
09:43:50.0962 1388 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:43:51.0040 1388 hcw85cir - ok
09:43:51.0149 1388 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:43:51.0196 1388 HdAudAddService - ok
09:43:51.0243 1388 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:43:51.0274 1388 HDAudBus - ok
09:43:51.0336 1388 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:43:51.0383 1388 HidBatt - ok
09:43:51.0414 1388 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:43:51.0477 1388 HidBth - ok
09:43:51.0524 1388 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:43:51.0570 1388 HidIr - ok
09:43:51.0602 1388 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:43:51.0695 1388 hidserv - ok
09:43:51.0758 1388 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
09:43:51.0789 1388 HidUsb - ok
09:43:51.0836 1388 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:43:51.0945 1388 hkmsvc - ok
09:43:51.0976 1388 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:43:52.0054 1388 HomeGroupListener - ok
09:43:52.0101 1388 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:43:52.0163 1388 HomeGroupProvider - ok
09:43:52.0226 1388 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:43:52.0272 1388 HpSAMD - ok
09:43:52.0335 1388 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:43:52.0428 1388 HTTP - ok
09:43:52.0475 1388 [ D96A290F699081AE737390C0FE329D7C ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
09:43:52.0538 1388 hwdatacard - ok
09:43:52.0584 1388 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:43:52.0600 1388 hwpolicy - ok
09:43:52.0647 1388 [ E0C7255498640FC64B19AAE17FD6F965 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
09:43:52.0709 1388 hwusbdev - ok
09:43:52.0756 1388 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:43:52.0787 1388 i8042prt - ok
09:43:52.0881 1388 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:43:52.0928 1388 IAANTMON - ok
09:43:52.0959 1388 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:43:52.0990 1388 iaStor - ok
09:43:53.0068 1388 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:43:53.0115 1388 iaStorV - ok
09:43:53.0255 1388 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:43:53.0271 1388 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:43:53.0271 1388 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:43:53.0349 1388 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:43:53.0411 1388 idsvc - ok
09:43:53.0942 1388 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:43:54.0472 1388 igfx - ok
09:43:54.0519 1388 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:43:54.0550 1388 iirsp - ok
09:43:54.0644 1388 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:43:54.0753 1388 IKEEXT - ok
09:43:54.0956 1388 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:43:55.0034 1388 IntcAzAudAddService - ok
09:43:55.0080 1388 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:43:55.0096 1388 intelide - ok
09:43:55.0143 1388 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:43:55.0174 1388 intelppm - ok
09:43:55.0205 1388 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:43:55.0283 1388 IPBusEnum - ok
09:43:55.0330 1388 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:43:55.0408 1388 IpFilterDriver - ok
09:43:55.0471 1388 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:43:55.0564 1388 iphlpsvc - ok
09:43:55.0611 1388 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:43:55.0673 1388 IPMIDRV - ok
09:43:55.0705 1388 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:43:55.0783 1388 IPNAT - ok
09:43:55.0814 1388 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:43:55.0907 1388 IRENUM - ok
09:43:55.0970 1388 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:43:56.0001 1388 isapnp - ok
09:43:56.0048 1388 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:43:56.0095 1388 iScsiPrt - ok
09:43:56.0126 1388 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:43:56.0157 1388 kbdclass - ok
09:43:56.0204 1388 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:43:56.0235 1388 kbdhid - ok
09:43:56.0266 1388 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:43:56.0282 1388 KeyIso - ok
09:43:56.0329 1388 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:43:56.0360 1388 KSecDD - ok
09:43:56.0391 1388 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:43:56.0453 1388 KSecPkg - ok
09:43:56.0485 1388 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:43:56.0578 1388 ksthunk - ok
09:43:56.0703 1388 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:43:56.0828 1388 KtmRm - ok
09:43:56.0890 1388 [ 2377EC4CC3E356655B996F39B43486B6 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
09:43:56.0937 1388 L1C - ok
09:43:57.0015 1388 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:43:57.0109 1388 LanmanServer - ok
09:43:57.0155 1388 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:43:57.0265 1388 LanmanWorkstation - ok
09:43:57.0327 1388 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:43:57.0405 1388 lltdio - ok
09:43:57.0514 1388 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:43:57.0608 1388 lltdsvc - ok
09:43:57.0639 1388 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:43:57.0701 1388 lmhosts - ok
09:43:57.0733 1388 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:43:57.0764 1388 LSI_FC - ok
09:43:57.0779 1388 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:43:57.0811 1388 LSI_SAS - ok
09:43:57.0826 1388 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:43:57.0857 1388 LSI_SAS2 - ok
09:43:57.0889 1388 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:43:57.0920 1388 LSI_SCSI - ok
09:43:57.0951 1388 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:43:58.0029 1388 luafv - ok
09:43:58.0123 1388 [ F6963E48385A5637FC4E51DC0F8234A0 ] lxebCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe
09:43:58.0169 1388 lxebCATSCustConnectService - ok
09:43:58.0185 1388 lxeb_device - ok
09:43:58.0232 1388 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:43:58.0279 1388 Mcx2Svc - ok
09:43:58.0310 1388 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:43:58.0341 1388 megasas - ok
09:43:58.0388 1388 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:43:58.0419 1388 MegaSR - ok
09:43:58.0544 1388 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:43:58.0575 1388 Microsoft Office Groove Audit Service - ok
09:43:58.0622 1388 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:43:58.0731 1388 MMCSS - ok
09:43:58.0747 1388 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:43:58.0809 1388 Modem - ok
09:43:58.0840 1388 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:43:58.0887 1388 monitor - ok
09:43:58.0903 1388 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
09:43:58.0934 1388 mouclass - ok
09:43:58.0981 1388 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:43:59.0027 1388 mouhid - ok
09:43:59.0059 1388 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:43:59.0090 1388 mountmgr - ok
09:43:59.0168 1388 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:43:59.0215 1388 MozillaMaintenance - ok
09:43:59.0277 1388 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:43:59.0324 1388 mpio - ok
09:43:59.0355 1388 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:43:59.0433 1388 mpsdrv - ok
09:43:59.0542 1388 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:43:59.0667 1388 MpsSvc - ok
09:43:59.0729 1388 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:43:59.0792 1388 MRxDAV - ok
09:43:59.0839 1388 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:43:59.0917 1388 mrxsmb - ok
09:43:59.0963 1388 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:44:00.0010 1388 mrxsmb10 - ok
09:44:00.0026 1388 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:44:00.0088 1388 mrxsmb20 - ok
09:44:00.0119 1388 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:44:00.0166 1388 msahci - ok
09:44:00.0213 1388 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:44:00.0244 1388 msdsm - ok
09:44:00.0275 1388 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:44:00.0322 1388 MSDTC - ok
09:44:00.0369 1388 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:44:00.0431 1388 Msfs - ok
09:44:00.0463 1388 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:44:00.0541 1388 mshidkmdf - ok
09:44:00.0572 1388 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:44:00.0603 1388 msisadrv - ok
09:44:00.0650 1388 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:44:00.0743 1388 MSiSCSI - ok
09:44:00.0759 1388 msiserver - ok
09:44:00.0821 1388 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:44:00.0899 1388 MSKSSRV - ok
09:44:00.0931 1388 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:44:01.0009 1388 MSPCLOCK - ok
09:44:01.0009 1388 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:44:01.0102 1388 MSPQM - ok
09:44:01.0149 1388 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:44:01.0196 1388 MsRPC - ok
09:44:01.0258 1388 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:44:01.0274 1388 mssmbios - ok
09:44:01.0367 1388 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:44:01.0461 1388 MSTEE - ok
09:44:01.0477 1388 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:44:01.0523 1388 MTConfig - ok
09:44:01.0555 1388 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:44:01.0586 1388 Mup - ok
09:44:01.0601 1388 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
09:44:01.0633 1388 mwlPSDFilter - ok
09:44:01.0648 1388 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
09:44:01.0679 1388 mwlPSDNServ - ok
09:44:01.0695 1388 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
09:44:01.0726 1388 mwlPSDVDisk - ok
09:44:01.0804 1388 [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
09:44:01.0835 1388 MWLService - ok
09:44:01.0913 1388 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:44:01.0991 1388 napagent - ok
09:44:02.0054 1388 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:44:02.0116 1388 NativeWifiP - ok
09:44:02.0179 1388 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:44:02.0225 1388 NDIS - ok
09:44:02.0257 1388 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:44:02.0335 1388 NdisCap - ok
09:44:02.0366 1388 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:44:02.0444 1388 NdisTapi - ok
09:44:02.0491 1388 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:44:02.0584 1388 Ndisuio - ok
09:44:02.0631 1388 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:44:02.0709 1388 NdisWan - ok
09:44:02.0756 1388 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:44:02.0834 1388 NDProxy - ok
09:44:02.0881 1388 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:44:02.0974 1388 NetBIOS - ok
09:44:03.0021 1388 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:44:03.0099 1388 NetBT - ok
09:44:03.0115 1388 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:44:03.0146 1388 Netlogon - ok
09:44:03.0193 1388 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:44:03.0271 1388 Netman - ok
09:44:03.0333 1388 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:44:03.0442 1388 netprofm - ok
09:44:03.0458 1388 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:44:03.0505 1388 NetTcpPortSharing - ok
09:44:03.0520 1388 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:44:03.0551 1388 nfrd960 - ok
09:44:03.0629 1388 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:44:03.0723 1388 NlaSvc - ok
09:44:03.0770 1388 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
09:44:03.0848 1388 nmwcd - ok
09:44:03.0879 1388 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
09:44:03.0926 1388 nmwcdc - ok
09:44:03.0957 1388 [ B4B303FDF27B08268F675F6182918C18 ] nokiacpo C:\Windows\system32\DRIVERS\nokiacpo.sys
09:44:03.0988 1388 nokiacpo - ok
09:44:04.0019 1388 [ 0A47BB8A870B9A0DAE6471B9FAA3E7E5 ] nokiappo C:\Windows\system32\DRIVERS\nokiappo.sys
09:44:04.0051 1388 nokiappo - ok
09:44:04.0082 1388 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:44:04.0144 1388 Npfs - ok
09:44:04.0175 1388 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:44:04.0269 1388 nsi - ok
09:44:04.0285 1388 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:44:04.0363 1388 nsiproxy - ok
09:44:04.0472 1388 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:44:04.0597 1388 Ntfs - ok
09:44:04.0628 1388 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:44:04.0706 1388 Null - ok
09:44:04.0784 1388 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:44:04.0815 1388 nvraid - ok
09:44:04.0831 1388 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:44:04.0877 1388 nvstor - ok
09:44:04.0893 1388 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:44:04.0924 1388 nv_agp - ok
09:44:05.0049 1388 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:44:05.0111 1388 odserv - ok
09:44:05.0143 1388 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:44:05.0189 1388 ohci1394 - ok
09:44:05.0236 1388 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:44:05.0283 1388 ose - ok
09:44:05.0361 1388 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:44:05.0423 1388 p2pimsvc - ok
09:44:05.0470 1388 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:44:05.0517 1388 p2psvc - ok
09:44:05.0564 1388 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:44:05.0611 1388 Parport - ok
09:44:05.0657 1388 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:44:05.0689 1388 partmgr - ok
09:44:05.0751 1388 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:44:05.0829 1388 PcaSvc - ok
09:44:05.0876 1388 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
09:44:05.0923 1388 pccsmcfd - ok
09:44:05.0985 1388 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:44:06.0016 1388 pci - ok
09:44:06.0047 1388 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:44:06.0079 1388 pciide - ok
09:44:06.0125 1388 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:44:06.0157 1388 pcmcia - ok
09:44:06.0203 1388 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:44:06.0235 1388 pcw - ok
09:44:06.0313 1388 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:44:06.0437 1388 PEAUTH - ok
09:44:06.0531 1388 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:44:06.0578 1388 PerfHost - ok
09:44:06.0687 1388 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:44:06.0827 1388 pla - ok
09:44:06.0937 1388 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:44:06.0999 1388 PlugPlay - ok
09:44:07.0015 1388 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:44:07.0077 1388 PNRPAutoReg - ok
09:44:07.0093 1388 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:44:07.0124 1388 PNRPsvc - ok
09:44:07.0202 1388 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:44:07.0311 1388 PolicyAgent - ok
09:44:07.0358 1388 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:44:07.0451 1388 Power - ok
09:44:07.0498 1388 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:44:07.0576 1388 PptpMiniport - ok
09:44:07.0607 1388 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:44:07.0654 1388 Processor - ok
09:44:07.0701 1388 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:44:07.0795 1388 ProfSvc - ok
09:44:07.0810 1388 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:44:07.0841 1388 ProtectedStorage - ok
09:44:07.0904 1388 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:44:07.0982 1388 Psched - ok
09:44:08.0044 1388 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:44:08.0138 1388 ql2300 - ok
09:44:08.0153 1388 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:44:08.0200 1388 ql40xx - ok
09:44:08.0247 1388 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:44:08.0294 1388 QWAVE - ok
09:44:08.0294 1388 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:44:08.0356 1388 QWAVEdrv - ok
09:44:08.0387 1388 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:44:08.0481 1388 RasAcd - ok
09:44:08.0528 1388 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:44:08.0590 1388 RasAgileVpn - ok
09:44:08.0621 1388 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:44:08.0699 1388 RasAuto - ok
09:44:08.0746 1388 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:44:08.0824 1388 Rasl2tp - ok
09:44:08.0887 1388 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:44:08.0996 1388 RasMan - ok
09:44:09.0043 1388 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:44:09.0121 1388 RasPppoe - ok
09:44:09.0167 1388 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:44:09.0245 1388 RasSstp - ok
09:44:09.0308 1388 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:44:09.0401 1388 rdbss - ok
09:44:09.0433 1388 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:44:09.0479 1388 rdpbus - ok
09:44:09.0495 1388 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:44:09.0589 1388 RDPCDD - ok
09:44:09.0620 1388 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:44:09.0698 1388 RDPENCDD - ok
09:44:09.0713 1388 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:44:09.0776 1388 RDPREFMP - ok
09:44:09.0823 1388 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:44:09.0885 1388 RDPWD - ok
09:44:09.0932 1388 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:44:09.0963 1388 rdyboost - ok
09:44:10.0010 1388 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:44:10.0103 1388 RemoteAccess - ok
09:44:10.0197 1388 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:44:10.0291 1388 RemoteRegistry - ok
09:44:10.0337 1388 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:44:10.0400 1388 RpcEptMapper - ok
09:44:10.0431 1388 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:44:10.0493 1388 RpcLocator - ok
09:44:10.0571 1388 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:44:10.0649 1388 RpcSs - ok
09:44:10.0681 1388 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:44:10.0774 1388 rspndr - ok
09:44:10.0821 1388 RSUSBSTOR - ok
09:44:10.0837 1388 RtsUIR - ok
09:44:10.0868 1388 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:44:10.0883 1388 SamSs - ok
09:44:10.0915 1388 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:44:10.0946 1388 sbp2port - ok
09:44:10.0977 1388 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:44:11.0055 1388 SCardSvr - ok
09:44:11.0102 1388 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:44:11.0195 1388 scfilter - ok
09:44:11.0336 1388 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:44:11.0461 1388 Schedule - ok
09:44:11.0492 1388 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:44:11.0554 1388 SCPolicySvc - ok
09:44:11.0601 1388 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:44:11.0695 1388 SDRSVC - ok
09:44:11.0741 1388 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:44:11.0819 1388 secdrv - ok
09:44:11.0851 1388 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:44:11.0944 1388 seclogon - ok
09:44:11.0960 1388 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:44:12.0038 1388 SENS - ok
09:44:12.0069 1388 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:44:12.0116 1388 SensrSvc - ok
09:44:12.0131 1388 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:44:12.0147 1388 Serenum - ok
09:44:12.0194 1388 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:44:12.0256 1388 Serial - ok
09:44:12.0303 1388 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:44:12.0334 1388 sermouse - ok
09:44:12.0537 1388 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
09:44:12.0584 1388 ServiceLayer - ok
09:44:12.0646 1388 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:44:12.0740 1388 SessionEnv - ok
09:44:12.0787 1388 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:44:12.0833 1388 sffdisk - ok
09:44:12.0849 1388 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:44:12.0896 1388 sffp_mmc - ok
09:44:12.0911 1388 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:44:12.0958 1388 sffp_sd - ok
09:44:13.0005 1388 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:44:13.0052 1388 sfloppy - ok
09:44:13.0099 1388 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:44:13.0192 1388 SharedAccess - ok
09:44:13.0223 1388 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:44:13.0317 1388 ShellHWDetection - ok
09:44:13.0348 1388 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:44:13.0379 1388 SiSRaid2 - ok
09:44:13.0411 1388 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:44:13.0442 1388 SiSRaid4 - ok
09:44:13.0520 1388 [ 8BD46E8C8A7AA245FC84044DB36180D0 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:44:13.0613 1388 SkypeUpdate - ok
09:44:13.0660 1388 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:44:13.0738 1388 Smb - ok
09:44:13.0785 1388 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:44:13.0832 1388 SNMPTRAP - ok
09:44:13.0847 1388 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:44:13.0879 1388 spldr - ok
09:44:13.0941 1388 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:44:14.0035 1388 Spooler - ok
09:44:14.0191 1388 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:44:14.0393 1388 sppsvc - ok
09:44:14.0440 1388 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:44:14.0534 1388 sppuinotify - ok
09:44:14.0596 1388 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:44:14.0674 1388 srv - ok
09:44:14.0737 1388 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:44:14.0799 1388 srv2 - ok
09:44:14.0846 1388 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:44:14.0893 1388 srvnet - ok
09:44:14.0955 1388 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:44:15.0049 1388 SSDPSRV - ok
09:44:15.0064 1388 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:44:15.0142 1388 SstpSvc - ok
09:44:15.0189 1388 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:44:15.0236 1388 stexstor - ok
09:44:15.0283 1388 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:44:15.0345 1388 stisvc - ok
09:44:15.0423 1388 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:44:15.0439 1388 swenum - ok
09:44:15.0485 1388 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:44:15.0595 1388 swprv - ok
09:44:15.0641 1388 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:44:15.0673 1388 SynTP - ok
09:44:15.0844 1388 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:44:15.0922 1388 SysMain - ok
09:44:15.0953 1388 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:44:16.0000 1388 TabletInputService - ok
09:44:16.0078 1388 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:44:16.0172 1388 TapiSrv - ok
09:44:16.0203 1388 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:44:16.0281 1388 TBS - ok
09:44:16.0468 1388 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:44:16.0624 1388 Tcpip - ok
09:44:16.0718 1388 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:44:16.0780 1388 TCPIP6 - ok
09:44:16.0827 1388 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:44:16.0921 1388 tcpipreg - ok
09:44:16.0967 1388 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:44:17.0014 1388 TDPIPE - ok
09:44:17.0061 1388 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:44:17.0108 1388 TDTCP - ok
09:44:17.0155 1388 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:44:17.0233 1388 tdx - ok
09:44:17.0279 1388 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:44:17.0311 1388 TermDD - ok
09:44:17.0357 1388 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:44:17.0482 1388 TermService - ok
09:44:17.0513 1388 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:44:17.0576 1388 Themes - ok
09:44:17.0623 1388 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:44:17.0685 1388 THREADORDER - ok
09:44:17.0716 1388 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:44:17.0825 1388 TrkWks - ok
09:44:17.0903 1388 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:44:17.0981 1388 TrustedInstaller - ok
09:44:18.0028 1388 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:44:18.0106 1388 tssecsrv - ok
09:44:18.0169 1388 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:44:18.0215 1388 TsUsbFlt - ok
09:44:18.0278 1388 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:44:18.0356 1388 tunnel - ok
09:44:18.0387 1388 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:44:18.0418 1388 uagp35 - ok
09:44:18.0465 1388 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:44:18.0574 1388 udfs - ok
09:44:18.0637 1388 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:44:18.0668 1388 UI0Detect - ok
09:44:18.0683 1388 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:44:18.0715 1388 uliagpkx - ok
09:44:18.0761 1388 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:44:18.0839 1388 umbus - ok
09:44:18.0871 1388 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:44:18.0917 1388 UmPass - ok
09:44:19.0151 1388 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
09:44:19.0198 1388 Updater Service - ok
09:44:19.0261 1388 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:44:19.0370 1388 upnphost - ok
09:44:19.0417 1388 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
09:44:19.0479 1388 upperdev - ok
09:44:19.0526 1388 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:44:19.0557 1388 usbccgp - ok
09:44:19.0588 1388 USBCCID - ok
09:44:19.0635 1388 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:44:19.0682 1388 usbcir - ok
09:44:19.0697 1388 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:44:19.0729 1388 usbehci - ok
09:44:19.0760 1388 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:44:19.0807 1388 usbhub - ok
09:44:19.0822 1388 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:44:19.0869 1388 usbohci - ok
09:44:19.0900 1388 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:44:19.0947 1388 usbprint - ok
09:44:19.0994 1388 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:44:20.0025 1388 usbscan - ok
09:44:20.0103 1388 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
09:44:20.0150 1388 usbser - ok
09:44:20.0181 1388 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
09:44:20.0243 1388 UsbserFilt - ok
09:44:20.0275 1388 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:44:20.0337 1388 USBSTOR - ok
09:44:20.0368 1388 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:44:20.0415 1388 usbuhci - ok
09:44:20.0446 1388 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:44:20.0493 1388 usbvideo - ok
09:44:20.0524 1388 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:44:20.0633 1388 UxSms - ok
09:44:20.0665 1388 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:44:20.0680 1388 VaultSvc - ok
09:44:20.0743 1388 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:44:20.0774 1388 vdrvroot - ok
09:44:20.0883 1388 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:44:20.0992 1388 vds - ok
09:44:21.0039 1388 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:44:21.0086 1388 vga - ok
09:44:21.0117 1388 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:44:21.0195 1388 VgaSave - ok
09:44:21.0273 1388 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:44:21.0309 1388 vhdmp - ok
09:44:21.0339 1388 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:44:21.0359 1388 viaide - ok
09:44:21.0379 1388 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:44:21.0399 1388 volmgr - ok
09:44:21.0449 1388 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:44:21.0479 1388 volmgrx - ok
09:44:21.0499 1388 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:44:21.0529 1388 volsnap - ok
09:44:21.0579 1388 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:44:21.0599 1388 vsmraid - ok
09:44:21.0719 1388 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:44:21.0869 1388 VSS - ok
09:44:21.0879 1388 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:44:21.0941 1388 vwifibus - ok
09:44:21.0972 1388 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:44:22.0019 1388 vwififlt - ok
09:44:22.0050 1388 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:44:22.0081 1388 vwifimp - ok
09:44:22.0175 1388 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:44:22.0284 1388 W32Time - ok
09:44:22.0315 1388 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:44:22.0378 1388 WacomPen - ok
09:44:22.0440 1388 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:44:22.0534 1388 WANARP - ok
09:44:22.0549 1388 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:44:22.0612 1388 Wanarpv6 - ok
09:44:22.0737 1388 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:44:22.0893 1388 WatAdminSvc - ok
09:44:23.0064 1388 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:44:23.0220 1388 wbengine - ok
09:44:23.0251 1388 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:44:23.0298 1388 WbioSrvc - ok
09:44:23.0345 1388 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:44:23.0423 1388 wcncsvc - ok
09:44:23.0439 1388 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:44:23.0470 1388 WcsPlugInService - ok
09:44:23.0501 1388 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:44:23.0532 1388 Wd - ok
09:44:23.0579 1388 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:44:23.0626 1388 Wdf01000 - ok
09:44:23.0657 1388 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:44:23.0766 1388 WdiServiceHost - ok
09:44:23.0782 1388 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:44:23.0813 1388 WdiSystemHost - ok
09:44:23.0875 1388 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:44:23.0938 1388 WebClient - ok
09:44:23.0969 1388 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:44:24.0078 1388 Wecsvc - ok
09:44:24.0094 1388 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:44:24.0172 1388 wercplsupport - ok
09:44:24.0219 1388 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:44:24.0328 1388 WerSvc - ok
09:44:24.0359 1388 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:44:24.0421 1388 WfpLwf - ok
09:44:24.0437 1388 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:44:24.0453 1388 WIMMount - ok
09:44:24.0484 1388 WinDefend - ok
09:44:24.0499 1388 WinHttpAutoProxySvc - ok
09:44:24.0577 1388 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:44:24.0655 1388 Winmgmt - ok
09:44:24.0811 1388 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:44:24.0983 1388 WinRM - ok
09:44:25.0061 1388 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:44:25.0123 1388 WinUsb - ok
09:44:25.0170 1388 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:44:25.0279 1388 Wlansvc - ok
09:44:25.0326 1388 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:44:25.0357 1388 WmiAcpi - ok
09:44:25.0420 1388 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:44:25.0467 1388 wmiApSrv - ok
09:44:25.0513 1388 WMPNetworkSvc - ok
09:44:25.0560 1388 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:44:25.0591 1388 WPCSvc - ok
09:44:25.0638 1388 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:44:25.0669 1388 WPDBusEnum - ok
09:44:25.0716 1388 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:44:25.0810 1388 ws2ifsl - ok
09:44:25.0825 1388 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:44:25.0888 1388 wscsvc - ok
09:44:25.0888 1388 WSearch - ok
09:44:26.0184 1388 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:44:26.0325 1388 wuauserv - ok
09:44:26.0371 1388 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:44:26.0481 1388 WudfPf - ok
09:44:26.0527 1388 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:44:26.0605 1388 WUDFRd - ok
09:44:26.0652 1388 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:44:26.0730 1388 wudfsvc - ok
09:44:26.0793 1388 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:44:26.0871 1388 WwanSvc - ok
09:44:26.0886 1388 ================ Scan global ===============================
09:44:26.0917 1388 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:44:26.0995 1388 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:44:27.0027 1388 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:44:27.0073 1388 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:44:27.0120 1388 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:44:27.0136 1388 [Global] - ok
09:44:27.0136 1388 ================ Scan MBR ==================================
09:44:27.0167 1388 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:44:27.0697 1388 \Device\Harddisk0\DR0 - ok
09:44:27.0697 1388 ================ Scan VBR ==================================
09:44:27.0744 1388 [ EF6173324CC03191085D45F43F01E791 ] \Device\Harddisk0\DR0\Partition1
09:44:27.0760 1388 \Device\Harddisk0\DR0\Partition1 - ok
09:44:27.0791 1388 [ 17BC189EEE351E9F9526B06726796A88 ] \Device\Harddisk0\DR0\Partition2
09:44:27.0791 1388 \Device\Harddisk0\DR0\Partition2 - ok
09:44:27.0791 1388 ============================================================
09:44:27.0791 1388 Scan finished
09:44:27.0791 1388 ============================================================
09:44:27.0822 3356 Detected object count: 1
09:44:27.0822 3356 Actual detected object count: 1
09:45:27.0679 3356 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:45:27.0679 3356 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:45:43.0467 1176 ============================================================
09:45:43.0467 1176 Scan started
09:45:43.0467 1176 Mode: Manual; SigCheck; TDLFS;
09:45:43.0467 1176 ============================================================
09:45:43.0701 1176 ================ Scan system memory ========================
09:45:43.0701 1176 System memory - ok
09:45:43.0701 1176 ================ Scan services =============================
09:45:43.0981 1176 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:45:44.0044 1176 1394ohci - ok
09:45:44.0075 1176 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:45:44.0106 1176 ACPI - ok
09:45:44.0153 1176 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:45:44.0184 1176 AcpiPmi - ok
09:45:44.0309 1176 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:45:44.0325 1176 AdobeARMservice - ok
09:45:44.0496 1176 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:45:44.0512 1176 AdobeFlashPlayerUpdateSvc - ok
09:45:44.0559 1176 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:45:44.0605 1176 adp94xx - ok
09:45:44.0668 1176 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:45:44.0699 1176 adpahci - ok
09:45:44.0839 1176 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:45:44.0855 1176 adpu320 - ok
09:45:44.0933 1176 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:45:45.0011 1176 AeLookupSvc - ok
09:45:45.0120 1176 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:45:45.0151 1176 AFD - ok
09:45:45.0229 1176 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:45:45.0245 1176 agp440 - ok
09:45:45.0307 1176 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:45:45.0339 1176 ALG - ok
09:45:45.0385 1176 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:45:45.0417 1176 aliide - ok
09:45:45.0432 1176 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:45:45.0463 1176 amdide - ok
09:45:45.0479 1176 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:45:45.0510 1176 AmdK8 - ok
09:45:45.0526 1176 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:45:45.0541 1176 AmdPPM - ok
09:45:45.0635 1176 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:45:45.0666 1176 amdsata - ok
09:45:45.0729 1176 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:45:45.0744 1176 amdsbs - ok
09:45:45.0760 1176 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:45:45.0791 1176 amdxata - ok
09:45:45.0853 1176 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:45:45.0885 1176 AntiVirSchedulerService - ok
09:45:45.0931 1176 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:45:45.0947 1176 AntiVirService - ok
09:45:46.0041 1176 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:45:46.0103 1176 AppID - ok
09:45:46.0134 1176 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:45:46.0197 1176 AppIDSvc - ok
09:45:46.0275 1176 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:45:46.0337 1176 Appinfo - ok
09:45:46.0399 1176 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:45:46.0415 1176 arc - ok
09:45:46.0446 1176 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:45:46.0462 1176 arcsas - ok
09:45:46.0477 1176 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:45:46.0540 1176 AsyncMac - ok
09:45:46.0618 1176 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:45:46.0633 1176 atapi - ok
09:45:46.0774 1176 [ B2C3A8618867404475228F7DD260698B ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:45:46.0836 1176 athr - ok
09:45:46.0945 1176 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:45:47.0008 1176 AudioEndpointBuilder - ok
09:45:47.0070 1176 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:45:47.0148 1176 AudioSrv - ok
09:45:47.0164 1176 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
09:45:47.0195 1176 avgntflt - ok
09:45:47.0273 1176 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
09:45:47.0289 1176 avipbb - ok
09:45:47.0335 1176 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
09:45:47.0351 1176 avkmgr - ok
09:45:47.0413 1176 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:45:47.0460 1176 AxInstSV - ok
09:45:47.0538 1176 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:45:47.0569 1176 b06bdrv - ok
09:45:47.0647 1176 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:45:47.0679 1176 b57nd60a - ok
09:45:47.0881 1176 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
09:45:47.0959 1176 BCM43XX - ok
09:45:48.0022 1176 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:45:48.0037 1176 BDESVC - ok
09:45:48.0100 1176 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:45:48.0162 1176 Beep - ok
09:45:48.0256 1176 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:45:48.0334 1176 BFE - ok
09:45:48.0443 1176 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:45:48.0521 1176 BITS - ok
09:45:48.0537 1176 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:45:48.0568 1176 blbdrive - ok
09:45:48.0615 1176 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:45:48.0646 1176 bowser - ok
09:45:48.0693 1176 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:45:48.0724 1176 BrFiltLo - ok
09:45:48.0755 1176 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:45:48.0786 1176 BrFiltUp - ok
09:45:48.0833 1176 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:45:48.0864 1176 Browser - ok
09:45:48.0927 1176 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:45:48.0958 1176 Brserid - ok
09:45:48.0973 1176 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:45:49.0005 1176 BrSerWdm - ok
09:45:49.0020 1176 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:45:49.0052 1176 BrUsbMdm - ok
09:45:49.0083 1176 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:45:49.0114 1176 BrUsbSer - ok
09:45:49.0130 1176 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:45:49.0161 1176 BTHMODEM - ok
09:45:49.0239 1176 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:45:49.0317 1176 bthserv - ok
09:45:49.0364 1176 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:45:49.0442 1176 cdfs - ok
09:45:49.0488 1176 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:45:49.0504 1176 cdrom - ok
09:45:49.0566 1176 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:45:49.0629 1176 CertPropSvc - ok
09:45:49.0660 1176 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:45:49.0691 1176 circlass - ok
09:45:49.0738 1176 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:45:49.0769 1176 CLFS - ok
09:45:49.0847 1176 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:45:49.0863 1176 clr_optimization_v2.0.50727_32 - ok
09:45:49.0894 1176 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:45:49.0910 1176 clr_optimization_v2.0.50727_64 - ok
09:45:50.0003 1176 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:45:50.0019 1176 clr_optimization_v4.0.30319_32 - ok
09:45:50.0050 1176 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:45:50.0066 1176 clr_optimization_v4.0.30319_64 - ok
09:45:50.0097 1176 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:45:50.0128 1176 CmBatt - ok
09:45:50.0144 1176 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:45:50.0159 1176 cmdide - ok
09:45:50.0206 1176 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:45:50.0253 1176 CNG - ok
09:45:50.0268 1176 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:45:50.0284 1176 Compbatt - ok
09:45:50.0315 1176 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:45:50.0346 1176 CompositeBus - ok
09:45:50.0362 1176 COMSysApp - ok
09:45:50.0393 1176 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:45:50.0409 1176 crcdisk - ok
09:45:50.0471 1176 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:45:50.0487 1176 CryptSvc - ok
09:45:50.0549 1176 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:45:50.0612 1176 DcomLaunch - ok
09:45:50.0658 1176 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:45:50.0721 1176 defragsvc - ok
09:45:50.0768 1176 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:45:50.0830 1176 DfsC - ok
09:45:50.0877 1176 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:45:50.0939 1176 Dhcp - ok
09:45:50.0970 1176 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:45:51.0033 1176 discache - ok
09:45:51.0048 1176 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:45:51.0064 1176 Disk - ok
09:45:51.0111 1176 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys
09:45:51.0126 1176 DKbFltr - ok
09:45:51.0173 1176 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:45:51.0189 1176 Dnscache - ok
09:45:51.0251 1176 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:45:51.0314 1176 dot3svc - ok
09:45:51.0392 1176 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:45:51.0470 1176 DPS - ok
09:45:51.0501 1176 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:45:51.0532 1176 drmkaud - ok
09:45:51.0672 1176 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:45:51.0719 1176 DXGKrnl - ok
09:45:51.0766 1176 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:45:51.0844 1176 EapHost - ok
09:45:52.0218 1176 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:45:52.0296 1176 ebdrv - ok
09:45:52.0359 1176 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:45:52.0374 1176 EFS - ok
09:45:52.0530 1176 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:45:52.0577 1176 ehRecvr - ok
09:45:52.0624 1176 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:45:52.0655 1176 ehSched - ok
09:45:52.0733 1176 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:45:52.0764 1176 elxstor - ok
09:45:53.0030 1176 [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
09:45:53.0061 1176 ePowerSvc - ok
09:45:53.0108 1176 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:45:53.0139 1176 ErrDev - ok
09:45:53.0279 1176 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:45:53.0357 1176 EventSystem - ok
09:45:53.0420 1176 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:45:53.0498 1176 exfat - ok
09:45:53.0544 1176 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:45:53.0607 1176 fastfat - ok
09:45:53.0685 1176 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:45:53.0716 1176 Fax - ok
09:45:53.0778 1176 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:45:53.0810 1176 fdc - ok
09:45:53.0856 1176 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:45:53.0934 1176 fdPHost - ok
09:45:53.0966 1176 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:45:54.0028 1176 FDResPub - ok
09:45:54.0059 1176 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:45:54.0090 1176 FileInfo - ok
09:45:54.0122 1176 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:45:54.0184 1176 Filetrace - ok
09:45:54.0215 1176 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:45:54.0246 1176 flpydisk - ok
09:45:54.0309 1176 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:45:54.0340 1176 FltMgr - ok
09:45:54.0512 1176 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:45:54.0558 1176 FontCache - ok
09:45:54.0668 1176 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:45:54.0699 1176 FontCache3.0.0.0 - ok
09:45:54.0746 1176 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:45:54.0761 1176 FsDepends - ok
09:45:54.0824 1176 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:45:54.0839 1176 Fs_Rec - ok
09:45:54.0917 1176 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:45:54.0948 1176 fvevol - ok
09:45:55.0026 1176 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:45:55.0042 1176 gagp30kx - ok
09:45:55.0198 1176 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:45:55.0276 1176 gpsvc - ok
09:45:55.0666 1176 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
09:45:55.0713 1176 Greg_Service - ok
09:45:55.0744 1176 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:45:55.0775 1176 hcw85cir - ok
09:45:55.0853 1176 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:45:55.0884 1176 HdAudAddService - ok
09:45:55.0931 1176 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:45:55.0962 1176 HDAudBus - ok
09:45:55.0994 1176 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:45:56.0009 1176 HidBatt - ok
09:45:56.0040 1176 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:45:56.0072 1176 HidBth - ok
09:45:56.0134 1176 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:45:56.0165 1176 HidIr - ok
09:45:56.0228 1176 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:45:56.0290 1176 hidserv - ok
09:45:56.0352 1176 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
09:45:56.0384 1176 HidUsb - ok
09:45:56.0430 1176 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:45:56.0493 1176 hkmsvc - ok
09:45:56.0586 1176 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:45:56.0618 1176 HomeGroupListener - ok
09:45:56.0727 1176 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:45:56.0742 1176 HomeGroupProvider - ok
09:45:56.0805 1176 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:45:56.0820 1176 HpSAMD - ok
09:45:56.0992 1176 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:45:57.0070 1176 HTTP - ok
09:45:57.0132 1176 [ D96A290F699081AE737390C0FE329D7C ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
09:45:57.0164 1176 hwdatacard - ok
09:45:57.0226 1176 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:45:57.0242 1176 hwpolicy - ok
09:45:57.0288 1176 [ E0C7255498640FC64B19AAE17FD6F965 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
09:45:57.0320 1176 hwusbdev - ok
09:45:57.0366 1176 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:45:57.0398 1176 i8042prt - ok
09:45:57.0522 1176 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:45:57.0554 1176 IAANTMON - ok
09:45:57.0694 1176 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:45:57.0725 1176 iaStor - ok
09:45:57.0819 1176 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:45:57.0850 1176 iaStorV - ok
09:45:58.0037 1176 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:45:58.0037 1176 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:45:58.0037 1176 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:45:58.0115 1176 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:45:58.0162 1176 idsvc - ok
09:45:58.0724 1176 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:45:58.0926 1176 igfx - ok
09:45:58.0958 1176 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:45:58.0973 1176 iirsp - ok
09:45:59.0082 1176 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:45:59.0145 1176 IKEEXT - ok
09:45:59.0254 1176 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:45:59.0316 1176 IntcAzAudAddService - ok
09:45:59.0410 1176 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:45:59.0441 1176 intelide - ok
09:45:59.0472 1176 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:45:59.0488 1176 intelppm - ok
09:45:59.0535 1176 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:45:59.0613 1176 IPBusEnum - ok
09:45:59.0644 1176 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:45:59.0722 1176 IpFilterDriver - ok
09:45:59.0753 1176 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:45:59.0816 1176 iphlpsvc - ok
09:45:59.0862 1176 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:45:59.0894 1176 IPMIDRV - ok
09:45:59.0940 1176 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:46:00.0003 1176 IPNAT - ok
09:46:00.0018 1176 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:46:00.0050 1176 IRENUM - ok
09:46:00.0096 1176 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:46:00.0112 1176 isapnp - ok
09:46:00.0206 1176 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:46:00.0221 1176 iScsiPrt - ok
09:46:00.0252 1176 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:46:00.0268 1176 kbdclass - ok
09:46:00.0284 1176 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:46:00.0315 1176 kbdhid - ok
09:46:00.0330 1176 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:46:00.0362 1176 KeyIso - ok
09:46:00.0408 1176 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:46:00.0424 1176 KSecDD - ok
09:46:00.0471 1176 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:46:00.0502 1176 KSecPkg - ok
09:46:00.0533 1176 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:46:00.0596 1176 ksthunk - ok
09:46:00.0642 1176 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:46:00.0720 1176 KtmRm - ok
09:46:00.0752 1176 [ 2377EC4CC3E356655B996F39B43486B6 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
09:46:00.0767 1176 L1C - ok
09:46:00.0830 1176 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:46:00.0892 1176 LanmanServer - ok
09:46:00.0939 1176 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:46:01.0017 1176 LanmanWorkstation - ok
09:46:01.0048 1176 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:46:01.0110 1176 lltdio - ok
09:46:01.0142 1176 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:46:01.0220 1176 lltdsvc - ok
09:46:01.0235 1176 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:46:01.0313 1176 lmhosts - ok
09:46:01.0344 1176 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:46:01.0376 1176 LSI_FC - ok
09:46:01.0391 1176 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:46:01.0422 1176 LSI_SAS - ok
09:46:01.0438 1176 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:46:01.0454 1176 LSI_SAS2 - ok
09:46:01.0485 1176 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:46:01.0500 1176 LSI_SCSI - ok
09:46:01.0532 1176 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:46:01.0610 1176 luafv - ok
09:46:01.0734 1176 [ F6963E48385A5637FC4E51DC0F8234A0 ] lxebCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe
09:46:01.0750 1176 lxebCATSCustConnectService - ok
09:46:01.0766 1176 lxeb_device - ok
09:46:01.0812 1176 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:46:01.0844 1176 Mcx2Svc - ok
09:46:01.0859 1176 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:46:01.0890 1176 megasas - ok
09:46:01.0937 1176 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:46:01.0968 1176 MegaSR - ok
09:46:02.0062 1176 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:46:02.0078 1176 Microsoft Office Groove Audit Service - ok
09:46:02.0124 1176 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:46:02.0187 1176 MMCSS - ok
09:46:02.0218 1176 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:46:02.0280 1176 Modem - ok
09:46:02.0312 1176 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:46:02.0343 1176 monitor - ok
09:46:02.0358 1176 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
09:46:02.0390 1176 mouclass - ok
09:46:02.0405 1176 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:46:02.0436 1176 mouhid - ok
09:46:02.0483 1176 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:46:02.0499 1176 mountmgr - ok
09:46:02.0546 1176 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:46:02.0577 1176 MozillaMaintenance - ok
09:46:02.0624 1176 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:46:02.0655 1176 mpio - ok
09:46:02.0686 1176 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:46:02.0748 1176 mpsdrv - ok
09:46:02.0858 1176 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:46:02.0936 1176 MpsSvc - ok
09:46:02.0982 1176 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:46:03.0014 1176 MRxDAV - ok
09:46:03.0060 1176 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:46:03.0092 1176 mrxsmb - ok
09:46:03.0154 1176 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:46:03.0185 1176 mrxsmb10 - ok
09:46:03.0216 1176 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:46:03.0232 1176 mrxsmb20 - ok
09:46:03.0263 1176 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:46:03.0294 1176 msahci - ok
09:46:03.0404 1176 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:46:03.0435 1176 msdsm - ok
09:46:03.0466 1176 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:46:03.0497 1176 MSDTC - ok
09:46:03.0544 1176 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:46:03.0606 1176 Msfs - ok
09:46:03.0638 1176 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:46:03.0700 1176 mshidkmdf - ok
09:46:03.0747 1176 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:46:03.0778 1176 msisadrv - ok
09:46:03.0809 1176 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:46:03.0872 1176 MSiSCSI - ok
09:46:03.0887 1176 msiserver - ok
09:46:03.0903 1176 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:46:03.0981 1176 MSKSSRV - ok
09:46:03.0996 1176 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:46:04.0059 1176 MSPCLOCK - ok
09:46:04.0074 1176 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:46:04.0137 1176 MSPQM - ok
09:46:04.0199 1176 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:46:04.0230 1176 MsRPC - ok
09:46:04.0293 1176 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:46:04.0308 1176 mssmbios - ok
09:46:04.0340 1176 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:46:04.0402 1176 MSTEE - ok
09:46:04.0433 1176 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:46:04.0449 1176 MTConfig - ok
09:46:04.0480 1176 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:46:04.0511 1176 Mup - ok
09:46:04.0542 1176 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
09:46:04.0558 1176 mwlPSDFilter - ok
09:46:04.0574 1176 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
09:46:04.0589 1176 mwlPSDNServ - ok
09:46:04.0605 1176 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
09:46:04.0620 1176 mwlPSDVDisk - ok
09:46:04.0698 1176 [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
09:46:04.0730 1176 MWLService - ok
09:46:04.0792 1176 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:46:04.0854 1176 napagent - ok
09:46:04.0917 1176 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:46:04.0948 1176 NativeWifiP - ok
09:46:05.0073 1176 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:46:05.0120 1176 NDIS - ok
09:46:05.0151 1176 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:46:05.0213 1176 NdisCap - ok
09:46:05.0244 1176 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:46:05.0322 1176 NdisTapi - ok
09:46:05.0369 1176 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:46:05.0432 1176 Ndisuio - ok
09:46:05.0494 1176 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:46:05.0556 1176 NdisWan - ok
09:46:05.0619 1176 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:46:05.0681 1176 NDProxy - ok
09:46:05.0712 1176 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:46:05.0775 1176 NetBIOS - ok
09:46:05.0853 1176 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:46:05.0915 1176 NetBT - ok
09:46:05.0931 1176 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:46:05.0962 1176 Netlogon - ok
09:46:06.0009 1176 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:46:06.0071 1176 Netman - ok
09:46:06.0134 1176 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:46:06.0212 1176 netprofm - ok
09:46:06.0258 1176 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:46:06.0274 1176 NetTcpPortSharing - ok
09:46:06.0305 1176 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:46:06.0336 1176 nfrd960 - ok
09:46:06.0399 1176 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:46:06.0461 1176 NlaSvc - ok
09:46:06.0508 1176 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
09:46:06.0555 1176 nmwcd - ok
09:46:06.0586 1176 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
09:46:06.0633 1176 nmwcdc - ok
09:46:06.0648 1176 [ B4B303FDF27B08268F675F6182918C18 ] nokiacpo C:\Windows\system32\DRIVERS\nokiacpo.sys
09:46:06.0680 1176 nokiacpo - ok
09:46:06.0726 1176 [ 0A47BB8A870B9A0DAE6471B9FAA3E7E5 ] nokiappo C:\Windows\system32\DRIVERS\nokiappo.sys
09:46:06.0742 1176 nokiappo - ok
09:46:06.0773 1176 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:46:06.0836 1176 Npfs - ok
09:46:06.0882 1176 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:46:06.0960 1176 nsi - ok
09:46:06.0976 1176 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:46:07.0054 1176 nsiproxy - ok
09:46:07.0226 1176 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:46:07.0288 1176 Ntfs - ok
09:46:07.0319 1176 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:46:07.0397 1176 Null - ok
09:46:07.0475 1176 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:46:07.0506 1176 nvraid - ok
09:46:07.0538 1176 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:46:07.0569 1176 nvstor - ok
09:46:07.0584 1176 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:46:07.0600 1176 nv_agp - ok
09:46:07.0678 1176 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:46:07.0709 1176 odserv - ok
09:46:07.0772 1176 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:46:07.0803 1176 ohci1394 - ok
09:46:07.0865 1176 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:46:07.0881 1176 ose - ok
09:46:07.0943 1176 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:46:07.0974 1176 p2pimsvc - ok
09:46:08.0052 1176 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:46:08.0084 1176 p2psvc - ok
09:46:08.0130 1176 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:46:08.0146 1176 Parport - ok
09:46:08.0208 1176 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:46:08.0224 1176 partmgr - ok
09:46:08.0286 1176 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:46:08.0318 1176 PcaSvc - ok
09:46:08.0364 1176 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
09:46:08.0380 1176 pccsmcfd - ok
09:46:08.0474 1176 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:46:08.0489 1176 pci - ok
09:46:08.0536 1176 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:46:08.0552 1176 pciide - ok
09:46:08.0661 1176 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:46:08.0692 1176 pcmcia - ok
09:46:08.0708 1176 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:46:08.0739 1176 pcw - ok
09:46:08.0864 1176 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:46:08.0942 1176 PEAUTH - ok
09:46:09.0035 1176 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:46:09.0066 1176 PerfHost - ok
09:46:09.0254 1176 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:46:09.0332 1176 pla - ok
09:46:09.0425 1176 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:46:09.0456 1176 PlugPlay - ok
09:46:09.0472 1176 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:46:09.0503 1176 PNRPAutoReg - ok
09:46:09.0519 1176 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:46:09.0550 1176 PNRPsvc - ok
09:46:09.0628 1176 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:46:09.0690 1176 PolicyAgent - ok
09:46:09.0737 1176 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:46:09.0800 1176 Power - ok
09:46:09.0846 1176 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:46:09.0924 1176 PptpMiniport - ok
09:46:09.0940 1176 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:46:09.0971 1176 Processor - ok
09:46:10.0002 1176 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:46:10.0034 1176 ProfSvc - ok
09:46:10.0049 1176 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:46:10.0080 1176 ProtectedStorage - ok
09:46:10.0112 1176 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:46:10.0190 1176 Psched - ok
09:46:10.0236 1176 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:46:10.0283 1176 ql2300 - ok
09:46:10.0314 1176 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:46:10.0346 1176 ql40xx - ok
09:46:10.0377 1176 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:46:10.0408 1176 QWAVE - ok
09:46:10.0424 1176 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:46:10.0455 1176 QWAVEdrv - ok
09:46:10.0470 1176 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:46:10.0548 1176 RasAcd - ok
09:46:10.0580 1176 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:46:10.0642 1176 RasAgileVpn - ok
09:46:10.0658 1176 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:46:10.0720 1176 RasAuto - ok
09:46:10.0767 1176 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:46:10.0829 1176 Rasl2tp - ok
09:46:10.0876 1176 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:46:10.0954 1176 RasMan - ok
09:46:10.0985 1176 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:46:11.0063 1176 RasPppoe - ok
09:46:11.0079 1176 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:46:11.0141 1176 RasSstp - ok
09:46:11.0157 1176 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:46:11.0219 1176 rdbss - ok
09:46:11.0250 1176 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:46:11.0282 1176 rdpbus - ok
09:46:11.0297 1176 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:46:11.0360 1176 RDPCDD - ok
09:46:11.0391 1176 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:46:11.0453 1176 RDPENCDD - ok
09:46:11.0469 1176 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:46:11.0531 1176 RDPREFMP - ok
09:46:11.0594 1176 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:46:11.0609 1176 RDPWD - ok
09:46:11.0656 1176 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:46:11.0687 1176 rdyboost - ok
09:46:11.0703 1176 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:46:11.0781 1176 RemoteAccess - ok
09:46:11.0796 1176 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:46:11.0874 1176 RemoteRegistry - ok
09:46:11.0890 1176 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:46:11.0952 1176 RpcEptMapper - ok
09:46:11.0984 1176 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:46:12.0015 1176 RpcLocator - ok
09:46:12.0062 1176 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:46:12.0124 1176 RpcSs - ok
09:46:12.0155 1176 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:46:12.0218 1176 rspndr - ok
09:46:12.0218 1176 RSUSBSTOR - ok
09:46:12.0233 1176 RtsUIR - ok
09:46:12.0249 1176 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:46:12.0280 1176 SamSs - ok
09:46:12.0327 1176 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:46:12.0342 1176 sbp2port - ok
09:46:12.0374 1176 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:46:12.0436 1176 SCardSvr - ok
09:46:12.0483 1176 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:46:12.0545 1176 scfilter - ok
09:46:12.0623 1176 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:46:12.0717 1176 Schedule - ok
09:46:12.0748 1176 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:46:12.0826 1176 SCPolicySvc - ok
09:46:12.0842 1176 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:46:12.0873 1176 SDRSVC - ok
09:46:12.0888 1176 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:46:12.0966 1176 secdrv - ok
09:46:12.0998 1176 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:46:13.0060 1176 seclogon - ok
09:46:13.0091 1176 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:46:13.0154 1176 SENS - ok
09:46:13.0169 1176 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:46:13.0200 1176 SensrSvc - ok
09:46:13.0216 1176 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:46:13.0247 1176 Serenum - ok
09:46:13.0247 1176 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:46:13.0278 1176 Serial - ok
09:46:13.0310 1176 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:46:13.0341 1176 sermouse - ok
09:46:13.0512 1176 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
09:46:13.0544 1176 ServiceLayer - ok
09:46:13.0606 1176 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:46:13.0684 1176 SessionEnv - ok
09:46:13.0731 1176 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:46:13.0746 1176 sffdisk - ok
09:46:13.0778 1176 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:46:13.0809 1176 sffp_mmc - ok
09:46:13.0824 1176 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:46:13.0856 1176 sffp_sd - ok
09:46:13.0887 1176 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:46:13.0902 1176 sfloppy - ok
09:46:13.0949 1176 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:46:14.0027 1176 SharedAccess - ok
09:46:14.0074 1176 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:46:14.0152 1176 ShellHWDetection - ok
09:46:14.0183 1176 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:46:14.0214 1176 SiSRaid2 - ok
09:46:14.0246 1176 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:46:14.0261 1176 SiSRaid4 - ok
09:46:14.0308 1176 [ 8BD46E8C8A7AA245FC84044DB36180D0 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:46:14.0339 1176 SkypeUpdate - ok
09:46:14.0355 1176 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:46:14.0417 1176 Smb - ok
09:46:14.0464 1176 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:46:14.0480 1176 SNMPTRAP - ok
09:46:14.0511 1176 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:46:14.0526 1176 spldr - ok
09:46:14.0604 1176 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:46:14.0636 1176 Spooler - ok
09:46:14.0776 1176 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:46:14.0901 1176 sppsvc - ok
09:46:14.0932 1176 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:46:14.0994 1176 sppuinotify - ok
09:46:15.0150 1176 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:46:15.0182 1176 srv - ok
09:46:15.0260 1176 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:46:15.0291 1176 srv2 - ok
09:46:15.0338 1176 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:46:15.0353 1176 srvnet - ok
09:46:15.0416 1176 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:46:15.0478 1176 SSDPSRV - ok
09:46:15.0494 1176 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:46:15.0572 1176 SstpSvc - ok
09:46:15.0587 1176 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:46:15.0603 1176 stexstor - ok
09:46:15.0728 1176 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:46:15.0774 1176 stisvc - ok
09:46:15.0837 1176 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:46:15.0868 1176 swenum - ok
09:46:15.0915 1176 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:46:15.0993 1176 swprv - ok
09:46:16.0024 1176 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:46:16.0040 1176 SynTP - ok
09:46:16.0258 1176 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:46:16.0320 1176 SysMain - ok
09:46:16.0367 1176 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:46:16.0414 1176 TabletInputService - ok
09:46:16.0570 1176 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:46:16.0648 1176 TapiSrv - ok
09:46:16.0679 1176 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:46:16.0757 1176 TBS - ok
09:46:16.0898 1176 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:46:16.0976 1176 Tcpip - ok
09:46:17.0085 1176 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:46:17.0163 1176 TCPIP6 - ok
09:46:17.0210 1176 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:46:17.0288 1176 tcpipreg - ok
09:46:17.0350 1176 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:46:17.0366 1176 TDPIPE - ok
09:46:17.0428 1176 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:46:17.0444 1176 TDTCP - ok
09:46:17.0522 1176 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:46:17.0584 1176 tdx - ok
09:46:17.0615 1176 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:46:17.0646 1176 TermDD - ok
09:46:17.0709 1176 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:46:17.0787 1176 TermService - ok
09:46:17.0896 1176 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:46:17.0943 1176 Themes - ok
09:46:17.0974 1176 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:46:18.0036 1176 THREADORDER - ok
09:46:18.0083 1176 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:46:18.0161 1176 TrkWks - ok
09:46:18.0286 1176 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:46:18.0348 1176 TrustedInstaller - ok
09:46:18.0411 1176 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:46:18.0473 1176 tssecsrv - ok
09:46:18.0520 1176 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:46:18.0536 1176 TsUsbFlt - ok
09:46:18.0629 1176 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:46:18.0692 1176 tunnel - ok
09:46:18.0738 1176 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:46:18.0754 1176 uagp35 - ok
09:46:18.0894 1176 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:46:18.0957 1176 udfs - ok
09:46:18.0988 1176 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:46:19.0019 1176 UI0Detect - ok
09:46:19.0035 1176 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:46:19.0066 1176 uliagpkx - ok
09:46:19.0113 1176 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:46:19.0144 1176 umbus - ok
09:46:19.0175 1176 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:46:19.0191 1176 UmPass - ok
09:46:19.0394 1176 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
09:46:19.0409 1176 Updater Service - ok
09:46:19.0518 1176 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
|
|
21.11.2012, 02:24
| #13 |
| | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) und hier nun der Rest des Log-Files vom TDSS-Killer (war immernoch zu groß) Code:
ATTFilter 09:46:19.0596 1176 upnphost - ok
09:46:19.0659 1176 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
09:46:19.0706 1176 upperdev - ok
09:46:19.0768 1176 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:46:19.0799 1176 usbccgp - ok
09:46:19.0799 1176 USBCCID - ok
09:46:19.0830 1176 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:46:19.0862 1176 usbcir - ok
09:46:19.0877 1176 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:46:19.0893 1176 usbehci - ok
09:46:19.0955 1176 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:46:19.0986 1176 usbhub - ok
09:46:20.0002 1176 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:46:20.0018 1176 usbohci - ok
09:46:20.0049 1176 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:46:20.0080 1176 usbprint - ok
09:46:20.0127 1176 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:46:20.0158 1176 usbscan - ok
09:46:20.0220 1176 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
09:46:20.0252 1176 usbser - ok
09:46:20.0283 1176 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
09:46:20.0330 1176 UsbserFilt - ok
09:46:20.0376 1176 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:46:20.0408 1176 USBSTOR - ok
09:46:20.0470 1176 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:46:20.0486 1176 usbuhci - ok
09:46:20.0579 1176 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:46:20.0610 1176 usbvideo - ok
09:46:20.0642 1176 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:46:20.0720 1176 UxSms - ok
09:46:20.0751 1176 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:46:20.0782 1176 VaultSvc - ok
09:46:20.0813 1176 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:46:20.0844 1176 vdrvroot - ok
09:46:20.0922 1176 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:46:21.0000 1176 vds - ok
09:46:21.0032 1176 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:46:21.0047 1176 vga - ok
09:46:21.0063 1176 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:46:21.0141 1176 VgaSave - ok
09:46:21.0203 1176 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:46:21.0234 1176 vhdmp - ok
09:46:21.0266 1176 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:46:21.0297 1176 viaide - ok
09:46:21.0312 1176 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:46:21.0328 1176 volmgr - ok
09:46:21.0453 1176 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:46:21.0484 1176 volmgrx - ok
09:46:21.0531 1176 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:46:21.0562 1176 volsnap - ok
09:46:21.0593 1176 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:46:21.0609 1176 vsmraid - ok
09:46:21.0734 1176 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:46:21.0827 1176 VSS - ok
09:46:21.0843 1176 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:46:21.0874 1176 vwifibus - ok
09:46:21.0905 1176 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:46:21.0952 1176 vwififlt - ok
09:46:21.0968 1176 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:46:21.0999 1176 vwifimp - ok
09:46:22.0186 1176 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:46:22.0264 1176 W32Time - ok
09:46:22.0295 1176 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:46:22.0311 1176 WacomPen - ok
09:46:22.0389 1176 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:46:22.0451 1176 WANARP - ok
09:46:22.0498 1176 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:46:22.0576 1176 Wanarpv6 - ok
09:46:22.0748 1176 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:46:22.0794 1176 WatAdminSvc - ok
09:46:23.0013 1176 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:46:23.0060 1176 wbengine - ok
09:46:23.0091 1176 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:46:23.0138 1176 WbioSrvc - ok
09:46:23.0216 1176 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:46:23.0262 1176 wcncsvc - ok
09:46:23.0309 1176 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:46:23.0340 1176 WcsPlugInService - ok
09:46:23.0387 1176 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:46:23.0418 1176 Wd - ok
09:46:23.0559 1176 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:46:23.0590 1176 Wdf01000 - ok
09:46:23.0652 1176 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:46:23.0684 1176 WdiServiceHost - ok
09:46:23.0715 1176 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:46:23.0746 1176 WdiSystemHost - ok
09:46:23.0777 1176 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:46:23.0824 1176 WebClient - ok
09:46:23.0871 1176 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:46:23.0933 1176 Wecsvc - ok
09:46:23.0980 1176 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:46:24.0042 1176 wercplsupport - ok
09:46:24.0074 1176 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:46:24.0152 1176 WerSvc - ok
09:46:24.0183 1176 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:46:24.0245 1176 WfpLwf - ok
09:46:24.0292 1176 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:46:24.0308 1176 WIMMount - ok
09:46:24.0339 1176 WinDefend - ok
09:46:24.0354 1176 WinHttpAutoProxySvc - ok
09:46:24.0464 1176 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:46:24.0542 1176 Winmgmt - ok
09:46:24.0713 1176 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:46:24.0807 1176 WinRM - ok
09:46:24.0869 1176 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:46:24.0900 1176 WinUsb - ok
09:46:24.0963 1176 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:46:25.0025 1176 Wlansvc - ok
09:46:25.0088 1176 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:46:25.0119 1176 WmiAcpi - ok
09:46:25.0181 1176 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:46:25.0197 1176 wmiApSrv - ok
09:46:25.0228 1176 WMPNetworkSvc - ok
09:46:25.0275 1176 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:46:25.0290 1176 WPCSvc - ok
09:46:25.0368 1176 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:46:25.0400 1176 WPDBusEnum - ok
09:46:25.0431 1176 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:46:25.0493 1176 ws2ifsl - ok
09:46:25.0509 1176 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:46:25.0556 1176 wscsvc - ok
09:46:25.0556 1176 WSearch - ok
09:46:25.0665 1176 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:46:25.0758 1176 wuauserv - ok
09:46:25.0805 1176 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:46:25.0868 1176 WudfPf - ok
09:46:25.0883 1176 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:46:25.0961 1176 WUDFRd - ok
09:46:26.0008 1176 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:46:26.0070 1176 wudfsvc - ok
09:46:26.0102 1176 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:46:26.0148 1176 WwanSvc - ok
09:46:26.0164 1176 ================ Scan global ===============================
09:46:26.0195 1176 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:46:26.0242 1176 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:46:26.0258 1176 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:46:26.0273 1176 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:46:26.0304 1176 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:46:26.0320 1176 [Global] - ok
09:46:26.0320 1176 ================ Scan MBR ==================================
09:46:26.0336 1176 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:46:26.0585 1176 \Device\Harddisk0\DR0 - ok
09:46:26.0585 1176 ================ Scan VBR ==================================
09:46:26.0616 1176 [ EF6173324CC03191085D45F43F01E791 ] \Device\Harddisk0\DR0\Partition1
09:46:26.0632 1176 \Device\Harddisk0\DR0\Partition1 - ok
09:46:26.0648 1176 [ 17BC189EEE351E9F9526B06726796A88 ] \Device\Harddisk0\DR0\Partition2
09:46:26.0663 1176 \Device\Harddisk0\DR0\Partition2 - ok
09:46:26.0663 1176 ============================================================
09:46:26.0663 1176 Scan finished
09:46:26.0663 1176 ============================================================
09:46:26.0679 1724 Detected object count: 1
09:46:26.0679 1724 Actual detected object count: 1
09:46:31.0858 1724 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:46:31.0874 1724 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.11.2012, 12:59
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) Bitte mal den aktuellen adwCleaner v2.008 runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com) |
| .com, adobe, antivir, autorun, avg, avira, bho, browser, excel, fehler, firefox, flash player, format, google, googlesuche weiterleitung auf werbung, helper, home, ihavenet.com, install.exe, internet browser, launch, logfile, mozilla, mywinlocker, office 2007, plug-in, problem, realtek, registrierungsdatenbank, registry, richtlinie, rundll, software, svchost.exe, usb 2.0, win32/kryptik.akco, win32/ponmocup.aa, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
