| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ATRAPS.gen2 von AVIRA gemeldetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.10.2012, 06:55
| #1 |
 |  ATRAPS.gen2 von AVIRA gemeldet Seit ner Stunde meldet mein AVIRA ne INfektion mit ATRAPS.gen2 Im Anhang die Logdatei von Malwarebytes. Hoffe dat kann man wieder gerade biegen. Gruß Andi |
|
23.10.2012, 07:39
| #2 |
| /// Malwareteam    | ATRAPS.gen2 von AVIRA gemeldet Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
Schritt 3: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 4: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
23.10.2012, 11:42
| #3 |
| | ATRAPS.gen2 von AVIRA gemeldet Ok, hier die OTL Datei:
__________________Code:
ATTFilter OTL logfile created on: 23.10.2012 12:28:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas Tickert\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,85% Memory free 7,71 Gb Paging File | 5,66 Gb Available in Paging File | 73,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 44,10 Gb Free Space | 37,87% Space Free | Partition Type: NTFS Drive D: | 329,79 Gb Total Space | 235,28 Gb Free Space | 71,34% Space Free | Partition Type: NTFS Computer Name: TICKERT | User Name: Andreas Tickert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.23 12:26:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Tickert\Desktop\OTL.exe PRC - [2012.10.13 14:23:14 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.09 18:33:28 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.08.08 18:39:56 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.27 13:41:02 | 001,073,744 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe PRC - [2012.04.27 13:41:02 | 000,884,816 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe PRC - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe PRC - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe PRC - [2010.09.20 08:56:19 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.02.24 05:14:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2010.01.05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009.11.10 04:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.10.27 05:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009.10.26 19:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.08.20 05:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2009.08.12 21:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009.07.06 23:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2009.05.19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2012.10.13 14:23:14 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.10.09 18:33:27 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2012.06.14 18:53:54 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll MOD - [2012.06.14 18:53:43 | 000,148,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll MOD - [2012.06.14 13:39:58 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll MOD - [2012.06.14 13:39:47 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll MOD - [2012.06.14 13:39:45 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll MOD - [2012.06.14 13:39:38 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll MOD - [2012.06.14 13:39:36 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll MOD - [2012.05.11 17:32:52 | 001,885,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b37cc0aa41e7feaba9f290da4da91d71\System.Web.Services.ni.dll MOD - [2012.05.11 17:32:44 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll MOD - [2012.05.11 17:32:25 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll MOD - [2012.05.11 17:31:13 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll MOD - [2012.05.11 17:31:13 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll MOD - [2012.05.11 17:31:12 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll MOD - [2012.05.11 17:31:12 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll MOD - [2012.05.11 17:31:11 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll MOD - [2012.05.11 17:31:11 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll MOD - [2012.05.11 17:31:08 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll MOD - [2012.05.11 07:51:44 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 07:48:52 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll MOD - [2012.05.11 07:48:43 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll MOD - [2012.05.11 07:48:40 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.11 07:48:36 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll MOD - [2012.05.11 07:48:34 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.11 07:48:29 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010.01.05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.12.08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.11.27 05:39:45 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.11.11 10:29:13 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.08.06 23:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2012.10.13 14:23:14 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 18:33:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.27 05:39:45 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe -- (STacSV) SRV - [2009.11.10 04:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2011.03.26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2011.03.26 10:37:12 | 000,123,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2011.03.26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.26 04:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.04.28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.27 05:39:45 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.11.13 11:47:35 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.11.11 11:02:11 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.11 11:02:11 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2009.10.26 06:39:43 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009.10.05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.30 03:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.08.12 05:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.08.06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.08.06 23:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.02.24 20:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/09/19 23:23:50] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 14:23:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.23 07:43:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 14:23:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.23 07:43:19 | 000,000,000 | ---D | M] [2012.08.05 21:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Extensions [2012.10.23 09:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions [2012.10.05 15:03:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.12 18:49:12 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.09.12 18:39:52 | 000,003,915 | ---- | M] () -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\firefox\profiles\wkarz4j6.default\searchplugins\sweetim.xml [2012.10.13 14:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.13 14:23:11 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2012.10.13 14:23:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.13 14:23:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.08.31 11:51:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 11:51:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.31 11:51:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.31 11:51:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.31 11:51:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.31 11:51:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKLM..\RunOnce: [UNINST1] rundll32 c:\users\andrea~1\appdata\local\temp\uninstmanager.dll,UninstallFinalizeFromNonMsiCaller {AC76BA86-0000-0000-0000-000000000000} File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Andreas Tickert\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Andreas Tickert\Desktop\PartyPoker.lnk File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{266B6562-B205-4206-BD0C-CC0327319233}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3bd14919-037a-11e0-8aef-20cf3062b3b1}\Shell - "" = AutoRun O33 - MountPoints2\{3bd14919-037a-11e0-8aef-20cf3062b3b1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{c100d1dd-77e4-11e0-9bbe-20cf3062b3b1}\Shell - "" = AutoRun O33 - MountPoints2\{c100d1dd-77e4-11e0-9bbe-20cf3062b3b1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1D37E1D2-4097-AACE-5788-E8742E670540} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.23 12:29:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.10.23 12:28:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Andreas Tickert\Desktop\aswMBR.exe [2012.10.23 12:26:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas Tickert\Desktop\OTL.exe [2012.10.23 07:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky [2012.10.22 17:10:44 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\Documents\Updater [2012.10.22 17:03:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2012.10.22 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2012.10.22 16:58:45 | 000,000,000 | ---D | C] -- C:\Programme [2012.10.16 17:12:31 | 000,179,136 | ---- | C] (Q+E Software, Inc.) -- C:\Windows\SysWow64\Tbdbf04.dll [2012.10.13 14:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.05 15:04:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Roaming\TuneUp Software [2012.10.05 15:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.10.05 15:04:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.10.05 15:04:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.09.30 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\.phet [2012.09.30 16:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chemie - Aber Sicher [2012.09.30 16:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chemie_Aber_Sicher [2012.09.30 15:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared [2012.09.30 15:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chisela 5 [2012.09.30 15:56:24 | 000,229,376 | ---- | C] (dBASE Inc.) -- C:\Windows\SysWow64\Resource.DLL [2012.09.30 15:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chisela 5 [2012.09.29 12:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.09.29 12:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.09.29 12:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.09.29 12:42:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Local\Apple [2012.09.29 12:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.09.29 12:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.09.29 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Roaming\Klett [2012.09.29 12:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klett [2012.09.29 12:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Klett [2012.09.29 12:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.02.14 20:33:16 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.23 12:28:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Andreas Tickert\Desktop\aswMBR.exe [2012.10.23 12:26:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Tickert\Desktop\OTL.exe [2012.10.23 12:26:28 | 000,000,000 | ---- | M] () -- C:\Users\Andreas Tickert\defogger_reenable [2012.10.23 12:19:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.23 11:33:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.23 08:43:10 | 000,050,477 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\Defogger.exe [2012.10.23 07:44:05 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.23 07:44:05 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.23 07:36:14 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.23 07:36:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.23 07:35:56 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys [2012.10.23 07:22:18 | 000,000,014 | ---- | M] () -- C:\end [2012.10.22 19:38:27 | 000,002,326 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.10.22 19:38:19 | 000,001,353 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.10.22 19:38:02 | 000,418,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.21 12:10:20 | 000,000,584 | ---- | M] () -- C:\Users\Andreas Tickert\Documents\grstyles.stl [2012.10.17 18:59:19 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.17 18:59:19 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.17 18:59:19 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.17 18:59:19 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.17 18:59:19 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.05 23:40:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.29 12:50:30 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 2.lnk [2012.09.29 12:43:21 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.09.29 12:41:11 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 1.lnk [2012.09.27 13:18:54 | 001,319,805 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\DSCF8611.JPG [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.23 12:26:28 | 000,000,000 | ---- | C] () -- C:\Users\Andreas Tickert\defogger_reenable [2012.10.23 08:43:09 | 000,050,477 | ---- | C] () -- C:\Users\Andreas Tickert\Desktop\Defogger.exe [2012.10.23 07:22:01 | 000,000,014 | ---- | C] () -- C:\end [2012.10.22 17:03:59 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2012.10.16 17:12:32 | 000,000,440 | ---- | C] () -- C:\Windows\SysWow64\Qeasymtx.lic [2012.09.30 15:56:34 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL [2012.09.30 15:56:34 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\BDEADMIN.CPL [2012.09.30 15:56:24 | 004,120,608 | ---- | C] () -- C:\Windows\SysWow64\db2kRUN.EXE [2012.09.30 15:56:24 | 000,423,936 | ---- | C] () -- C:\Windows\SysWow64\db2kr_de.DLL [2012.09.29 12:50:30 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 2.lnk [2012.09.29 12:43:21 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.09.29 12:42:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.09.29 12:41:11 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 1.lnk [2012.04.15 11:07:55 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2012.03.21 22:57:02 | 000,002,054 | ---- | C] () -- C:\Users\Andreas Tickert\.powerupdate.user.properties [2012.03.11 17:47:43 | 000,000,066 | ---- | C] () -- C:\Windows\SHISETUP.SYS [2012.02.13 14:24:54 | 000,293,712 | ---- | C] () -- C:\Windows\SysWow64\Tbsql03.dll [2012.02.13 14:24:54 | 000,246,368 | ---- | C] () -- C:\Windows\SysWow64\Tbqry03.dll [2012.02.13 14:24:54 | 000,145,696 | ---- | C] () -- C:\Windows\SysWow64\Tblib.dll [2012.02.13 14:24:54 | 000,090,688 | ---- | C] () -- C:\Windows\SysWow64\Tbutl03.dll [2012.02.13 14:24:54 | 000,014,512 | ---- | C] () -- C:\Windows\SysWow64\Tbgui03.dll [2012.02.13 14:24:54 | 000,005,488 | ---- | C] () -- C:\Windows\SysWow64\Tbmds03.dll [2011.01.06 12:02:16 | 000,003,584 | ---- | C] () -- C:\Users\Andreas Tickert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.26 20:35:00 | 000,000,360 | ---- | C] () -- C:\Users\Andreas Tickert\AppData\Roaming\burnaware.ini [2010.12.26 20:29:25 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat [2010.12.09 11:43:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.20 08:35:12 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\@ [2012.10.23 07:36:05 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L [2012.10.23 07:40:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U [2012.10.23 07:36:05 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L\00000004.@ [2012.10.23 07:20:21 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000004.@ [2012.10.23 07:40:41 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000008.@ [2012.10.23 07:40:37 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\000000cb.@ [2012.10.23 07:40:37 | 000,016,896 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000000.@ [2012.10.23 07:24:19 | 000,087,040 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000032.@ [2012.10.23 07:29:10 | 000,073,216 | ---- | M] () -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000064.@ [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2012.10.23 07:36:02 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2012.10.23 07:36:02 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.25 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Advanced Chemistry Development [2010.12.09 11:56:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Asus WebStorage [2011.03.20 10:48:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Audacity [2012.01.06 10:17:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Canneverbe Limited [2012.09.14 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\CmapTools [2012.10.05 15:03:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoft [2012.04.28 11:35:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.17 18:39:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\EndNote [2012.05.18 20:01:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Iminent [2012.09.29 12:52:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Klett [2012.10.05 15:03:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\OpenCandy [2011.11.09 13:00:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\PacificPoker [2011.11.21 12:20:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\PanoramaStudio2 [2012.09.06 11:20:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\Party [2012.08.09 11:52:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\pdfforge [2012.10.05 15:04:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas Tickert\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.09 11:32:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.25 10:56:23 | 000,000,000 | ---D | M] -- C:\ACDFREE12 [2010.12.24 17:24:27 | 000,000,000 | ---D | M] -- C:\AMD [2010.12.09 11:33:13 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2010.12.24 17:28:51 | 000,000,000 | ---D | M] -- C:\ATI [2011.07.24 18:31:25 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.09.20 08:56:39 | 000,000,000 | ---D | M] -- C:\eSupport [2010.09.20 08:43:13 | 000,000,000 | ---D | M] -- C:\Intel [2010.12.13 10:27:10 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.12.26 20:30:20 | 000,000,000 | ---D | M] -- C:\output media [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.08 10:54:45 | 000,000,000 | ---D | M] -- C:\Poker [2012.09.10 20:31:02 | 000,000,000 | R--D | M] -- C:\Program Files [2012.10.23 07:22:01 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.10.23 07:53:13 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.10.23 07:53:11 | 000,000,000 | ---D | M] -- C:\Programme [2011.12.20 19:58:21 | 000,000,000 | ---D | M] -- C:\Programs [2010.12.09 11:23:31 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.10.23 12:30:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.07.20 15:12:00 | 000,000,000 | ---D | M] -- C:\UserData [2010.12.09 11:25:07 | 000,000,000 | R--D | M] -- C:\Users [2012.10.16 17:14:43 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010.09.20 08:41:42 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010.09.20 08:29:21 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.09.20 08:41:42 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.09.20 08:29:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.09.20 08:41:42 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.09.20 08:29:21 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010.09.20 08:41:42 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010.09.20 08:29:21 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.09.20 08:41:42 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.09.20 08:41:42 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.09.20 08:33:58 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.09.20 08:33:59 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.01.22 00:40:09 | 000,000,334 | ---- | C] () -- C:\Windows\Tasks\MT66 Software Update.job [2012.04.02 08:34:56 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.10.2012 12:28:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas Tickert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,85% Memory free
7,71 Gb Paging File | 5,66 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 44,10 Gb Free Space | 37,87% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 235,28 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
Computer Name: TICKERT | User Name: Andreas Tickert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46FE2A95-DD8A-9F52-DD44-6C22D715493D}" = ATI Catalyst Install Manager
"{485867C4-605B-30FD-397E-CDBA21690855}" = ccc-utility64
"{83A33E54-147D-2D1A-75EB-DE27584DD3E2}" = WMV9/VC-1 Video Playback
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASUS USB2.0 UVC VGA WebCam" = ASUS USB2.0 UVC VGA WebCam
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PanoramaStudio2" = PanoramaStudio 2.2 ((deinstallieren))
"PDF-XChange 3_is1" = PDF-XChange 3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A64BFD0-0511-4C67-A3BF-D4C0C1055255}_is1" = Chemie_Aber_Sicher Version 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A505EBCB-C827-433F-B5A1-D242F20A4B23}" = Elemente Chemie Multimedial 1
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB91071A-F029-4B98-B6EE-EBA3AB14D530}" = Elemente Chemie Multimedial 2
"{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE
"{BC664850-5586-CF15-F9E1-97C7429E1D4F}" = Catalyst Control Center InstallProxy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2739D43-F30E-4294-87C1-0F814CCEB9E9}" = Catalyst Control Center InstallProxy
"{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1" = MT66 Software Update
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"7-Zip" = 7-Zip 9.20
"888poker" = 888poker
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Chisela 5_is1" = Chisela 5.2.2
"DealPly" = DealPly
"Diablo III" = Diablo III
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 3.1.25.423
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.1004
"Google Chrome" = Google Chrome
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IMBoosterARP" = Iminent
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PartyPoker" = PartyPoker
"PDF Blender" = PDF Blender
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PROPLUS" = Microsoft Office Professional Plus 2007
"Rainlendar2" = Rainlendar2 (remove only)
"RB-DATA Notentabelle für Excel_is1" = RB-DATA Notentabelle für Excel
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"StarCraft II" = StarCraft II
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.2
"WEKA Chemie unterrichten 4.0" = WEKA Chemie unterrichten 4.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.10.2012 06:17:36 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x750ec9f1 ID des fehlerhaften
Prozesses: 0x17bc Startzeit der fehlerhaften Anwendung: 0x01cdb1079fad18f5 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: dd6991f7-1cfa-11e2-8c2d-20cf3062b3b1
Error - 23.10.2012 06:18:36 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x750ec9f1 ID des fehlerhaften
Prozesses: 0x970 Startzeit der fehlerhaften Anwendung: 0x01cdb107c3891ab8 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 013c6bf9-1cfb-11e2-8c2d-20cf3062b3b1
Error - 23.10.2012 06:19:36 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x750ec9f1 ID des fehlerhaften
Prozesses: 0xefc Startzeit der fehlerhaften Anwendung: 0x01cdb107e75ba68b Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 251698ed-1cfb-11e2-8c2d-20cf3062b3b1
Error - 23.10.2012 06:20:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x750ec9f1 ID des fehlerhaften
Prozesses: 0x1464 Startzeit der fehlerhaften Anwendung: 0x01cdb1080b37e6ba Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 48e9b15b-1cfb-11e2-8c2d-20cf3062b3b1
Error - 23.10.2012 06:21:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x750ec9f1 ID des fehlerhaften
Prozesses: 0x1654 Startzeit der fehlerhaften Anwendung: 0x01cdb1082f0affb7 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 6cc5d2d9-1cfb-11e2-8c2d-20cf3062b3b1
Error - 23.10.2012 06:22:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x750ec9f1 ID des fehlerhaften
Prozesses: 0x524 Startzeit der fehlerhaften Anwendung: 0x01cdb10852e74078 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 90988e19-1cfb-11e2-8c2d-20cf3062b3b1
Error - 23.10.2012 06:23:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x750ec9f1 ID des fehlerhaften
Prozesses: 0x524 Startzeit der fehlerhaften Anwendung: 0x01cdb10876b8e269 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: b473b58b-1cfb-11e2-8c2d-20cf3062b3b1
Error - 23.10.2012 06:24:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x750ec9f1 ID des fehlerhaften
Prozesses: 0x1360 Startzeit der fehlerhaften Anwendung: 0x01cdb1089a95cf09 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: d8471caa-1cfb-11e2-8c2d-20cf3062b3b1
Error - 23.10.2012 06:25:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x750ec9f1 ID des fehlerhaften
Prozesses: 0x8b4 Startzeit der fehlerhaften Anwendung: 0x01cdb108be68f7aa Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: fc23cacc-1cfb-11e2-8c2d-20cf3062b3b1
Error - 23.10.2012 06:26:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x750ec9f1 ID des fehlerhaften
Prozesses: 0x1698 Startzeit der fehlerhaften Anwendung: 0x01cdb108e2459636 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 1ff6e3d7-1cfc-11e2-8c2d-20cf3062b3b1
Error - 23.10.2012 06:27:37 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x750ec9f1 ID des fehlerhaften
Prozesses: 0xa00 Startzeit der fehlerhaften Anwendung: 0x01cdb1090617f3ca Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 43d2c6ec-1cfc-11e2-8c2d-20cf3062b3b1
[ Media Center Events ]
Error - 16.12.2011 04:21:33 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:21:33 - Fehler beim Herstellen der Internetverbindung. 09:21:33
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2011 04:21:43 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:21:38 - Fehler beim Herstellen der Internetverbindung. 09:21:38
- Serververbindung konnte nicht hergestellt werden..
Error - 18.12.2011 14:05:50 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 19:05:50 - Fehler beim Herstellen der Internetverbindung. 19:05:50
- Serververbindung konnte nicht hergestellt werden..
Error - 18.12.2011 14:05:59 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 19:05:55 - Fehler beim Herstellen der Internetverbindung. 19:05:55
- Serververbindung konnte nicht hergestellt werden..
Error - 19.12.2011 04:25:52 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:25:52 - Fehler beim Herstellen der Internetverbindung. 09:25:52
- Serververbindung konnte nicht hergestellt werden..
Error - 19.12.2011 04:26:03 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:25:57 - Fehler beim Herstellen der Internetverbindung. 09:25:57
- Serververbindung konnte nicht hergestellt werden..
Error - 20.12.2011 04:01:32 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:01:32 - Fehler beim Herstellen der Internetverbindung. 09:01:32
- Serververbindung konnte nicht hergestellt werden..
Error - 20.12.2011 04:01:43 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:01:38 - Fehler beim Herstellen der Internetverbindung. 09:01:38
- Serververbindung konnte nicht hergestellt werden..
Error - 21.12.2011 04:39:11 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:39:11 - Fehler beim Herstellen der Internetverbindung. 09:39:11
- Serververbindung konnte nicht hergestellt werden..
Error - 21.12.2011 04:39:20 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:39:16 - Fehler beim Herstellen der Internetverbindung. 09:39:16
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 26.02.2012 08:43:30 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16050
seconds with 8220 seconds of active time. This session ended with a crash.
Error - 22.09.2012 15:01:59 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 31775
seconds with 5580 seconds of active time. This session ended with a crash.
Error - 05.10.2012 04:45:15 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3033
seconds with 2040 seconds of active time. This session ended with a crash.
Error - 07.10.2012 05:27:51 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8388
seconds with 3780 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.10.2012 07:10:04 | Computer Name = Tickert | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 15.10.2012 07:10:05 | Computer Name = Tickert | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 15.10.2012 09:44:37 | Computer Name = Tickert | Source = DCOM | ID = 10010
Description =
Error - 17.10.2012 12:56:13 | Computer Name = Tickert | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 23.10.2012 01:36:24 | Computer Name = Tickert | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 23.10.2012 01:36:24 | Computer Name = Tickert | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 23.10.2012 01:36:27 | Computer Name = Tickert | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 23.10.2012 01:37:34 | Computer Name = Tickert | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 23.10.2012 02:47:07 | Computer Name = Tickert | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error - 23.10.2012 02:47:09 | Computer Name = Tickert | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
< End of report >
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-23 15:38:10
-----------------------------
15:38:10.618 OS Version: Windows x64 6.1.7601 Service Pack 1
15:38:10.618 Number of processors: 4 586 0x2505
15:38:10.618 ComputerName: TICKERT UserName:
15:38:11.289 Initialize success
15:38:20.993 AVAST engine defs: 12102300
15:38:59.203 The log file has been saved successfully to "C:\Users\Andreas Tickert\Desktop\aswMBR.txt"
15:39:10.870 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:39:10.886 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
15:39:10.902 Disk 0 MBR read successfully
15:39:10.902 Disk 0 MBR scan
15:39:10.917 Disk 0 Windows 7 default MBR code
15:39:10.933 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
15:39:10.933 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 40965750
15:39:10.948 Disk 0 Partition - 00 0F Extended LBA 337704 MB offset 285153280
15:39:10.980 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 337703 MB offset 285155328
15:39:11.026 Disk 0 scanning C:\Windows\system32\drivers
15:39:23.366 Service scanning
15:39:52.850 Modules scanning
15:39:53.365 Disk 0 trace - called modules:
15:39:53.427 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:39:53.443 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c63060]
15:39:53.443 3 CLASSPNP.SYS[fffff88001bce43f] -> nt!IofCallDriver -> [0xfffffa80049cd040]
15:39:53.458 5 ACPI.sys[fffff88000ede7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d2050]
15:39:54.644 AVAST engine scan C:\Windows
15:39:57.374 AVAST engine scan C:\Windows\system32
15:41:18.869 File: C:\Windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
15:41:55.466 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:41:57.866 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:43:22.355 AVAST engine scan C:\Windows\system32\drivers
15:43:52.369 AVAST engine scan C:\Users\Andreas Tickert
15:50:40.105 AVAST engine scan C:\ProgramData
15:56:23.456 Scan finished successfully
15:56:24.064 Disk 0 MBR has been saved successfully to "C:\Users\Andreas Tickert\Desktop\MBR.dat"
15:56:24.064 The log file has been saved successfully to "C:\Users\Andreas Tickert\Desktop\aswMBR.txt"
|
|
23.10.2012, 16:04
| #4 |
| | ATRAPS.gen2 von AVIRA gemeldet Und zu guter letzt TDSS Killer Report: Code:
ATTFilter 17:02:02.0191 1216 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:02:02.0394 1216 ============================================================
17:02:02.0394 1216 Current date / time: 2012/10/23 17:02:02.0394
17:02:02.0394 1216 SystemInfo:
17:02:02.0394 1216
17:02:02.0394 1216 OS Version: 6.1.7601 ServicePack: 1.0
17:02:02.0394 1216 Product type: Workstation
17:02:02.0394 1216 ComputerName: TICKERT
17:02:02.0394 1216 UserName: Andreas Tickert
17:02:02.0394 1216 Windows directory: C:\Windows
17:02:02.0394 1216 System windows directory: C:\Windows
17:02:02.0394 1216 Running under WOW64
17:02:02.0394 1216 Processor architecture: Intel x64
17:02:02.0394 1216 Number of processors: 4
17:02:02.0394 1216 Page size: 0x1000
17:02:02.0394 1216 Boot type: Normal boot
17:02:02.0394 1216 ============================================================
17:02:02.0975 1216 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:02:02.0985 1216 ============================================================
17:02:02.0985 1216 \Device\Harddisk0\DR0:
17:02:02.0985 1216 MBR partitions:
17:02:02.0985 1216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0xE8E0168
17:02:03.0015 1216 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2000, BlocksNum 0x29393800
17:02:03.0015 1216 ============================================================
17:02:03.0065 1216 C: <-> \Device\Harddisk0\DR0\Partition1
17:02:03.0095 1216 D: <-> \Device\Harddisk0\DR0\Partition2
17:02:03.0095 1216 ============================================================
17:02:03.0095 1216 Initialize success
17:02:03.0095 1216 ============================================================
17:02:12.0325 3728 ============================================================
17:02:12.0325 3728 Scan started
17:02:12.0325 3728 Mode: Manual;
17:02:12.0325 3728 ============================================================
17:02:13.0235 3728 ================ Scan system memory ========================
17:02:13.0235 3728 System memory - ok
17:02:13.0235 3728 ================ Scan services =============================
17:02:13.0435 3728 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:02:13.0435 3728 1394ohci - ok
17:02:13.0475 3728 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:02:13.0485 3728 ACPI - ok
17:02:13.0505 3728 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:02:13.0505 3728 AcpiPmi - ok
17:02:13.0645 3728 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:02:13.0645 3728 AdobeFlashPlayerUpdateSvc - ok
17:02:13.0705 3728 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:02:13.0715 3728 adp94xx - ok
17:02:13.0735 3728 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:02:13.0745 3728 adpahci - ok
17:02:13.0765 3728 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:02:13.0775 3728 adpu320 - ok
17:02:13.0805 3728 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:02:13.0805 3728 AeLookupSvc - ok
17:02:13.0865 3728 [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent C:\Windows\system32\FBAgent.exe
17:02:13.0865 3728 AFBAgent - ok
17:02:13.0925 3728 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:02:13.0935 3728 AFD - ok
17:02:13.0965 3728 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:02:13.0975 3728 agp440 - ok
17:02:13.0995 3728 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:02:13.0995 3728 ALG - ok
17:02:14.0025 3728 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:02:14.0025 3728 aliide - ok
17:02:14.0055 3728 [ 46693222FCDB3175AAAED017EAA6FCC7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:02:14.0065 3728 AMD External Events Utility - ok
17:02:14.0075 3728 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:02:14.0085 3728 amdide - ok
17:02:14.0125 3728 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:02:14.0125 3728 AmdK8 - ok
17:02:14.0295 3728 [ 99C262242A279976206ECE1D3C74DF27 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:02:14.0435 3728 amdkmdag - ok
17:02:14.0475 3728 [ 20B63276A1920B41E1C56720B395049B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:02:14.0475 3728 amdkmdap - ok
17:02:14.0495 3728 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:02:14.0505 3728 AmdPPM - ok
17:02:14.0525 3728 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:02:14.0525 3728 amdsata - ok
17:02:14.0555 3728 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:02:14.0555 3728 amdsbs - ok
17:02:14.0570 3728 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:02:14.0570 3728 amdxata - ok
17:02:14.0617 3728 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
17:02:14.0617 3728 AmUStor - ok
17:02:14.0680 3728 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:02:14.0680 3728 AntiVirSchedulerService - ok
17:02:14.0726 3728 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:02:14.0726 3728 AntiVirService - ok
17:02:14.0773 3728 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:02:14.0773 3728 AppID - ok
17:02:14.0789 3728 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:02:14.0804 3728 AppIDSvc - ok
17:02:14.0820 3728 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:02:14.0820 3728 Appinfo - ok
17:02:14.0836 3728 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:02:14.0851 3728 arc - ok
17:02:14.0851 3728 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:02:14.0867 3728 arcsas - ok
17:02:14.0929 3728 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
17:02:14.0929 3728 ASLDRService - ok
17:02:14.0945 3728 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
17:02:14.0960 3728 ASMMAP64 - ok
17:02:14.0976 3728 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:02:14.0992 3728 AsyncMac - ok
17:02:15.0023 3728 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:02:15.0023 3728 atapi - ok
17:02:15.0085 3728 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:02:15.0116 3728 athr - ok
17:02:15.0179 3728 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:02:15.0179 3728 AtiHdmiService - ok
17:02:15.0304 3728 [ 99C262242A279976206ECE1D3C74DF27 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:02:15.0335 3728 atikmdag - ok
17:02:15.0366 3728 [ 63F1212FFE13E62CA1E8D8EE19ABD9A7 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
17:02:15.0366 3728 ATKGFNEXSrv - ok
17:02:15.0397 3728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:02:15.0397 3728 AudioEndpointBuilder - ok
17:02:15.0413 3728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:02:15.0413 3728 AudioSrv - ok
17:02:15.0460 3728 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:02:15.0460 3728 avgntflt - ok
17:02:15.0506 3728 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:02:15.0506 3728 avipbb - ok
17:02:15.0522 3728 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:02:15.0522 3728 avkmgr - ok
17:02:15.0584 3728 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:02:15.0584 3728 AxInstSV - ok
17:02:15.0616 3728 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:02:15.0631 3728 b06bdrv - ok
17:02:15.0662 3728 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:02:15.0662 3728 b57nd60a - ok
17:02:15.0725 3728 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:02:15.0725 3728 BDESVC - ok
17:02:15.0740 3728 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:02:15.0740 3728 Beep - ok
17:02:15.0756 3728 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:02:15.0756 3728 blbdrive - ok
17:02:15.0772 3728 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:02:15.0787 3728 bowser - ok
17:02:15.0803 3728 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:02:15.0803 3728 BrFiltLo - ok
17:02:15.0818 3728 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:02:15.0818 3728 BrFiltUp - ok
17:02:15.0850 3728 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:02:15.0850 3728 Browser - ok
17:02:15.0881 3728 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:02:15.0881 3728 Brserid - ok
17:02:15.0896 3728 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:02:15.0896 3728 BrSerWdm - ok
17:02:15.0912 3728 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:02:15.0912 3728 BrUsbMdm - ok
17:02:15.0928 3728 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:02:15.0928 3728 BrUsbSer - ok
17:02:15.0943 3728 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:02:15.0959 3728 BTHMODEM - ok
17:02:15.0990 3728 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:02:15.0990 3728 bthserv - ok
17:02:15.0990 3728 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:02:16.0006 3728 cdfs - ok
17:02:16.0037 3728 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:02:16.0037 3728 cdrom - ok
17:02:16.0084 3728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:02:16.0084 3728 CertPropSvc - ok
17:02:16.0115 3728 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:02:16.0115 3728 circlass - ok
17:02:16.0146 3728 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:02:16.0162 3728 CLFS - ok
17:02:16.0242 3728 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:02:16.0242 3728 clr_optimization_v2.0.50727_32 - ok
17:02:16.0292 3728 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:02:16.0302 3728 clr_optimization_v2.0.50727_64 - ok
17:02:16.0372 3728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:02:16.0372 3728 clr_optimization_v4.0.30319_32 - ok
17:02:16.0422 3728 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:02:16.0422 3728 clr_optimization_v4.0.30319_64 - ok
17:02:16.0452 3728 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:02:16.0452 3728 CmBatt - ok
17:02:16.0472 3728 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:02:16.0472 3728 cmdide - ok
17:02:16.0522 3728 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:02:16.0522 3728 CNG - ok
17:02:16.0562 3728 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:02:16.0562 3728 Compbatt - ok
17:02:16.0582 3728 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:02:16.0582 3728 CompositeBus - ok
17:02:16.0602 3728 COMSysApp - ok
17:02:16.0622 3728 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:02:16.0622 3728 crcdisk - ok
17:02:16.0662 3728 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:02:16.0662 3728 CryptSvc - ok
17:02:16.0692 3728 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
17:02:16.0692 3728 CVirtA - ok
17:02:16.0762 3728 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
17:02:16.0802 3728 CVPND - ok
17:02:16.0842 3728 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
17:02:16.0852 3728 CVPNDRVA - ok
17:02:16.0892 3728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:02:16.0902 3728 DcomLaunch - ok
17:02:16.0922 3728 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:02:16.0932 3728 defragsvc - ok
17:02:16.0962 3728 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:02:16.0962 3728 DfsC - ok
17:02:17.0002 3728 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:02:17.0012 3728 Dhcp - ok
17:02:17.0042 3728 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:02:17.0042 3728 discache - ok
17:02:17.0082 3728 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:02:17.0082 3728 Disk - ok
17:02:17.0122 3728 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
17:02:17.0122 3728 DNE - ok
17:02:17.0152 3728 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:02:17.0162 3728 Dnscache - ok
17:02:17.0192 3728 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:02:17.0202 3728 dot3svc - ok
17:02:17.0232 3728 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:02:17.0232 3728 DPS - ok
17:02:17.0262 3728 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:02:17.0272 3728 drmkaud - ok
17:02:17.0302 3728 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:02:17.0342 3728 DXGKrnl - ok
17:02:17.0392 3728 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:02:17.0392 3728 EapHost - ok
17:02:17.0502 3728 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:02:17.0592 3728 ebdrv - ok
17:02:17.0632 3728 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:02:17.0632 3728 EFS - ok
17:02:17.0722 3728 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:02:17.0752 3728 ehRecvr - ok
17:02:17.0772 3728 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:02:17.0782 3728 ehSched - ok
17:02:17.0832 3728 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:02:17.0842 3728 elxstor - ok
17:02:17.0862 3728 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:02:17.0872 3728 ErrDev - ok
17:02:17.0902 3728 [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
17:02:17.0902 3728 ETD - ok
17:02:17.0952 3728 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:02:17.0952 3728 EventSystem - ok
17:02:17.0982 3728 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:02:17.0982 3728 exfat - ok
17:02:18.0002 3728 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:02:18.0002 3728 fastfat - ok
17:02:18.0052 3728 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:02:18.0072 3728 Fax - ok
17:02:18.0092 3728 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:02:18.0102 3728 fdc - ok
17:02:18.0142 3728 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:02:18.0142 3728 fdPHost - ok
17:02:18.0152 3728 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:02:18.0152 3728 FDResPub - ok
17:02:18.0182 3728 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:02:18.0182 3728 FileInfo - ok
17:02:18.0192 3728 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:02:18.0192 3728 Filetrace - ok
17:02:18.0212 3728 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:02:18.0212 3728 flpydisk - ok
17:02:18.0232 3728 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:02:18.0242 3728 FltMgr - ok
17:02:18.0282 3728 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:02:18.0312 3728 FontCache - ok
17:02:18.0362 3728 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:02:18.0362 3728 FontCache3.0.0.0 - ok
17:02:18.0392 3728 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:02:18.0392 3728 FsDepends - ok
17:02:18.0432 3728 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:02:18.0432 3728 fssfltr - ok
17:02:18.0512 3728 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:02:18.0542 3728 fsssvc - ok
17:02:18.0562 3728 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:02:18.0572 3728 Fs_Rec - ok
17:02:18.0602 3728 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:02:18.0602 3728 fvevol - ok
17:02:18.0642 3728 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:02:18.0642 3728 gagp30kx - ok
17:02:18.0682 3728 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:02:18.0702 3728 gpsvc - ok
17:02:18.0792 3728 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:02:18.0792 3728 gupdate - ok
17:02:18.0822 3728 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:02:18.0822 3728 gupdatem - ok
17:02:18.0872 3728 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:02:18.0872 3728 gusvc - ok
17:02:18.0892 3728 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:02:18.0892 3728 hcw85cir - ok
17:02:18.0932 3728 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:02:18.0942 3728 HdAudAddService - ok
17:02:18.0962 3728 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:02:18.0962 3728 HDAudBus - ok
17:02:18.0992 3728 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:02:18.0992 3728 HECIx64 - ok
17:02:19.0012 3728 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:02:19.0012 3728 HidBatt - ok
17:02:19.0032 3728 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:02:19.0042 3728 HidBth - ok
17:02:19.0052 3728 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:02:19.0052 3728 HidIr - ok
17:02:19.0072 3728 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:02:19.0072 3728 hidserv - ok
17:02:19.0112 3728 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:02:19.0112 3728 HidUsb - ok
17:02:19.0152 3728 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:02:19.0152 3728 hkmsvc - ok
17:02:19.0182 3728 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:02:19.0182 3728 HomeGroupListener - ok
17:02:19.0228 3728 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:02:19.0228 3728 HomeGroupProvider - ok
17:02:19.0275 3728 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:02:19.0275 3728 HpSAMD - ok
17:02:19.0322 3728 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:02:19.0353 3728 HTTP - ok
17:02:19.0384 3728 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:02:19.0384 3728 hwpolicy - ok
17:02:19.0416 3728 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:02:19.0416 3728 i8042prt - ok
17:02:19.0462 3728 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:02:19.0462 3728 iaStor - ok
17:02:19.0494 3728 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:02:19.0494 3728 iaStorV - ok
17:02:19.0572 3728 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:02:19.0603 3728 idsvc - ok
17:02:19.0634 3728 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:02:19.0634 3728 iirsp - ok
17:02:19.0696 3728 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:02:19.0712 3728 IKEEXT - ok
17:02:19.0743 3728 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
17:02:19.0743 3728 Impcd - ok
17:02:19.0759 3728 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:02:19.0774 3728 intelide - ok
17:02:19.0806 3728 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:02:19.0806 3728 intelppm - ok
17:02:19.0837 3728 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:02:19.0837 3728 IPBusEnum - ok
17:02:19.0868 3728 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:02:19.0868 3728 IpFilterDriver - ok
17:02:19.0899 3728 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:02:19.0899 3728 IPMIDRV - ok
17:02:19.0915 3728 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:02:19.0930 3728 IPNAT - ok
17:02:19.0946 3728 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:02:19.0946 3728 IRENUM - ok
17:02:19.0962 3728 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:02:19.0962 3728 isapnp - ok
17:02:19.0977 3728 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:02:19.0977 3728 iScsiPrt - ok
17:02:20.0003 3728 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:02:20.0003 3728 kbdclass - ok
17:02:20.0033 3728 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:02:20.0033 3728 kbdhid - ok
17:02:20.0063 3728 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
17:02:20.0073 3728 kbfiltr - ok
17:02:20.0083 3728 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:02:20.0083 3728 KeyIso - ok
17:02:20.0113 3728 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:02:20.0113 3728 KSecDD - ok
17:02:20.0143 3728 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:02:20.0143 3728 KSecPkg - ok
17:02:20.0173 3728 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:02:20.0173 3728 ksthunk - ok
17:02:20.0213 3728 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:02:20.0223 3728 KtmRm - ok
17:02:20.0263 3728 [ 9C46A5421DE9D116C47155317CABB522 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
17:02:20.0263 3728 L1C - ok
17:02:20.0293 3728 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:02:20.0303 3728 LanmanServer - ok
17:02:20.0323 3728 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:02:20.0333 3728 LanmanWorkstation - ok
17:02:20.0363 3728 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:02:20.0373 3728 lltdio - ok
17:02:20.0403 3728 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:02:20.0423 3728 lltdsvc - ok
17:02:20.0433 3728 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:02:20.0433 3728 lmhosts - ok
17:02:20.0503 3728 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:02:20.0503 3728 LMS - ok
17:02:20.0543 3728 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:02:20.0553 3728 LSI_FC - ok
17:02:20.0563 3728 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:02:20.0573 3728 LSI_SAS - ok
17:02:20.0583 3728 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:02:20.0593 3728 LSI_SAS2 - ok
17:02:20.0613 3728 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:02:20.0613 3728 LSI_SCSI - ok
17:02:20.0633 3728 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:02:20.0633 3728 luafv - ok
17:02:20.0683 3728 [ 035C83CD72E06C47000793D32B1A642D ] massfilter C:\Windows\system32\drivers\massfilter.sys
17:02:20.0693 3728 massfilter - ok
17:02:20.0763 3728 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:02:20.0763 3728 MBAMProtector - ok
17:02:20.0823 3728 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:02:20.0823 3728 MBAMScheduler - ok
17:02:20.0883 3728 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:02:20.0893 3728 MBAMService - ok
17:02:20.0923 3728 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:02:20.0933 3728 Mcx2Svc - ok
17:02:20.0963 3728 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:02:20.0963 3728 megasas - ok
17:02:20.0983 3728 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:02:20.0993 3728 MegaSR - ok
17:02:21.0013 3728 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:02:21.0013 3728 MMCSS - ok
17:02:21.0023 3728 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:02:21.0033 3728 Modem - ok
17:02:21.0053 3728 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:02:21.0053 3728 monitor - ok
17:02:21.0083 3728 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:02:21.0083 3728 mouclass - ok
17:02:21.0113 3728 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:02:21.0113 3728 mouhid - ok
17:02:21.0153 3728 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:02:21.0153 3728 mountmgr - ok
17:02:21.0223 3728 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:02:21.0233 3728 MozillaMaintenance - ok
17:02:21.0243 3728 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:02:21.0253 3728 mpio - ok
17:02:21.0273 3728 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:02:21.0273 3728 mpsdrv - ok
17:02:21.0303 3728 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:02:21.0303 3728 MRxDAV - ok
17:02:21.0333 3728 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:02:21.0333 3728 mrxsmb - ok
17:02:21.0373 3728 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:02:21.0373 3728 mrxsmb10 - ok
17:02:21.0393 3728 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:02:21.0393 3728 mrxsmb20 - ok
17:02:21.0423 3728 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:02:21.0423 3728 msahci - ok
17:02:21.0453 3728 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:02:21.0453 3728 msdsm - ok
17:02:21.0473 3728 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:02:21.0483 3728 MSDTC - ok
17:02:21.0503 3728 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:02:21.0503 3728 Msfs - ok
17:02:21.0533 3728 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:02:21.0533 3728 mshidkmdf - ok
17:02:21.0553 3728 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:02:21.0553 3728 msisadrv - ok
17:02:21.0583 3728 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:02:21.0583 3728 MSiSCSI - ok
17:02:21.0593 3728 msiserver - ok
17:02:21.0613 3728 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:02:21.0623 3728 MSKSSRV - ok
17:02:21.0633 3728 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:02:21.0643 3728 MSPCLOCK - ok
17:02:21.0653 3728 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:02:21.0663 3728 MSPQM - ok
17:02:21.0683 3728 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:02:21.0693 3728 MsRPC - ok
17:02:21.0713 3728 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:02:21.0713 3728 mssmbios - ok
17:02:21.0733 3728 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:02:21.0733 3728 MSTEE - ok
17:02:21.0743 3728 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:02:21.0743 3728 MTConfig - ok
17:02:21.0803 3728 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
17:02:21.0803 3728 MTsensor - ok
17:02:21.0823 3728 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:02:21.0823 3728 Mup - ok
17:02:21.0863 3728 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:02:21.0863 3728 napagent - ok
17:02:21.0913 3728 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:02:21.0923 3728 NativeWifiP - ok
17:02:21.0993 3728 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:02:22.0013 3728 NDIS - ok
17:02:22.0043 3728 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:02:22.0043 3728 NdisCap - ok
17:02:22.0053 3728 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:02:22.0063 3728 NdisTapi - ok
17:02:22.0093 3728 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:02:22.0093 3728 Ndisuio - ok
17:02:22.0133 3728 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:02:22.0133 3728 NdisWan - ok
17:02:22.0163 3728 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:02:22.0163 3728 NDProxy - ok
17:02:22.0193 3728 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:02:22.0193 3728 NetBIOS - ok
17:02:22.0223 3728 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:02:22.0233 3728 NetBT - ok
17:02:22.0243 3728 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:02:22.0243 3728 Netlogon - ok
17:02:22.0273 3728 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:02:22.0283 3728 Netman - ok
17:02:22.0303 3728 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:02:22.0313 3728 netprofm - ok
17:02:22.0323 3728 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:02:22.0333 3728 NetTcpPortSharing - ok
17:02:22.0363 3728 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:02:22.0363 3728 nfrd960 - ok
17:02:22.0403 3728 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:02:22.0413 3728 NlaSvc - ok
17:02:22.0443 3728 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:02:22.0443 3728 Npfs - ok
17:02:22.0463 3728 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:02:22.0473 3728 nsi - ok
17:02:22.0503 3728 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:02:22.0503 3728 nsiproxy - ok
17:02:22.0573 3728 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:02:22.0613 3728 Ntfs - ok
17:02:22.0633 3728 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:02:22.0633 3728 Null - ok
17:02:22.0673 3728 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:02:22.0683 3728 nvraid - ok
17:02:22.0693 3728 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:02:22.0703 3728 nvstor - ok
17:02:22.0723 3728 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:02:22.0733 3728 nv_agp - ok
17:02:22.0873 3728 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:02:22.0883 3728 odserv - ok
17:02:22.0913 3728 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:02:22.0913 3728 ohci1394 - ok
17:02:22.0983 3728 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:02:22.0983 3728 ose - ok
17:02:23.0013 3728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:02:23.0023 3728 p2pimsvc - ok
17:02:23.0043 3728 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:02:23.0043 3728 p2psvc - ok
17:02:23.0073 3728 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:02:23.0083 3728 Parport - ok
17:02:23.0103 3728 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:02:23.0103 3728 partmgr - ok
17:02:23.0123 3728 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:02:23.0123 3728 PcaSvc - ok
17:02:23.0153 3728 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:02:23.0163 3728 pci - ok
17:02:23.0183 3728 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:02:23.0183 3728 pciide - ok
17:02:23.0223 3728 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:02:23.0223 3728 pcmcia - ok
17:02:23.0243 3728 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:02:23.0253 3728 pcw - ok
17:02:23.0273 3728 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:02:23.0283 3728 PEAUTH - ok
17:02:23.0373 3728 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:02:23.0373 3728 PerfHost - ok
17:02:23.0433 3728 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:02:23.0483 3728 pla - ok
17:02:23.0523 3728 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:02:23.0533 3728 PlugPlay - ok
17:02:23.0543 3728 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:02:23.0553 3728 PNRPAutoReg - ok
17:02:23.0563 3728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:02:23.0573 3728 PNRPsvc - ok
17:02:23.0603 3728 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:02:23.0623 3728 PolicyAgent - ok
17:02:23.0653 3728 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:02:23.0663 3728 Power - ok
17:02:23.0693 3728 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:02:23.0693 3728 PptpMiniport - ok
17:02:23.0723 3728 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:02:23.0733 3728 Processor - ok
17:02:23.0763 3728 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:02:23.0763 3728 ProfSvc - ok
17:02:23.0783 3728 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:02:23.0783 3728 ProtectedStorage - ok
17:02:23.0813 3728 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:02:23.0823 3728 Psched - ok
17:02:23.0883 3728 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:02:23.0933 3728 ql2300 - ok
17:02:23.0953 3728 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:02:23.0953 3728 ql40xx - ok
17:02:23.0973 3728 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:02:23.0983 3728 QWAVE - ok
17:02:24.0003 3728 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:02:24.0003 3728 QWAVEdrv - ok
17:02:24.0013 3728 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:02:24.0023 3728 RasAcd - ok
17:02:24.0053 3728 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:02:24.0053 3728 RasAgileVpn - ok
17:02:24.0073 3728 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:02:24.0083 3728 RasAuto - ok
17:02:24.0103 3728 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:02:24.0113 3728 Rasl2tp - ok
17:02:24.0173 3728 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:02:24.0183 3728 RasMan - ok
17:02:24.0223 3728 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:02:24.0223 3728 RasPppoe - ok
17:02:24.0253 3728 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:02:24.0253 3728 RasSstp - ok
17:02:24.0283 3728 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:02:24.0293 3728 rdbss - ok
17:02:24.0303 3728 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:02:24.0303 3728 rdpbus - ok
17:02:24.0323 3728 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:02:24.0323 3728 RDPCDD - ok
17:02:24.0343 3728 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:02:24.0343 3728 RDPENCDD - ok
17:02:24.0363 3728 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:02:24.0363 3728 RDPREFMP - ok
17:02:24.0393 3728 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:02:24.0393 3728 RDPWD - ok
17:02:24.0433 3728 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:02:24.0433 3728 rdyboost - ok
17:02:24.0473 3728 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:02:24.0473 3728 RemoteAccess - ok
17:02:24.0523 3728 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:02:24.0523 3728 RemoteRegistry - ok
17:02:24.0543 3728 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:02:24.0543 3728 RpcEptMapper - ok
17:02:24.0553 3728 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:02:24.0563 3728 RpcLocator - ok
17:02:24.0593 3728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:02:24.0603 3728 RpcSs - ok
17:02:24.0633 3728 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:02:24.0633 3728 rspndr - ok
17:02:24.0643 3728 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:02:24.0643 3728 SamSs - ok
17:02:24.0683 3728 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:02:24.0683 3728 sbp2port - ok
17:02:24.0713 3728 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:02:24.0713 3728 SCardSvr - ok
17:02:24.0743 3728 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:02:24.0753 3728 scfilter - ok
17:02:24.0793 3728 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:02:24.0823 3728 Schedule - ok
17:02:24.0853 3728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:02:24.0853 3728 SCPolicySvc - ok
17:02:24.0893 3728 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:02:24.0893 3728 SDRSVC - ok
17:02:24.0933 3728 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:02:24.0933 3728 secdrv - ok
17:02:24.0953 3728 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:02:24.0963 3728 seclogon - ok
17:02:24.0983 3728 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:02:24.0993 3728 SENS - ok
17:02:25.0003 3728 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:02:25.0003 3728 SensrSvc - ok
17:02:25.0023 3728 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:02:25.0023 3728 Serenum - ok
17:02:25.0053 3728 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:02:25.0063 3728 Serial - ok
17:02:25.0093 3728 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:02:25.0093 3728 sermouse - ok
17:02:25.0133 3728 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:02:25.0133 3728 SessionEnv - ok
17:02:25.0163 3728 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:02:25.0163 3728 sffdisk - ok
17:02:25.0183 3728 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:02:25.0183 3728 sffp_mmc - ok
17:02:25.0203 3728 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:02:25.0203 3728 sffp_sd - ok
17:02:25.0223 3728 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:02:25.0233 3728 sfloppy - ok
17:02:25.0278 3728 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:02:25.0278 3728 ShellHWDetection - ok
17:02:25.0310 3728 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
17:02:25.0310 3728 SiSGbeLH - ok
17:02:25.0341 3728 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:02:25.0341 3728 SiSRaid2 - ok
17:02:25.0351 3728 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:02:25.0361 3728 SiSRaid4 - ok
17:02:25.0441 3728 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:02:25.0441 3728 SkypeUpdate - ok
17:02:25.0461 3728 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:02:25.0461 3728 Smb - ok
17:02:25.0501 3728 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:02:25.0511 3728 SNMPTRAP - ok
17:02:25.0571 3728 [ F06A6DE8438F7446BFF9E61F31356521 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
17:02:25.0611 3728 SNP2UVC - ok
17:02:25.0641 3728 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:02:25.0641 3728 spldr - ok
17:02:25.0681 3728 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:02:25.0691 3728 Spooler - ok
17:02:25.0781 3728 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:02:25.0871 3728 sppsvc - ok
17:02:25.0901 3728 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:02:25.0901 3728 sppuinotify - ok
17:02:25.0941 3728 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:02:25.0951 3728 srv - ok
17:02:25.0971 3728 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:02:25.0971 3728 srv2 - ok
17:02:25.0991 3728 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:02:25.0991 3728 srvnet - ok
17:02:26.0011 3728 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:02:26.0011 3728 SSDPSRV - ok
17:02:26.0031 3728 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:02:26.0031 3728 SstpSvc - ok
17:02:26.0111 3728 [ 94A6522AC9F3E05FD039AD105ADE96D0 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe
17:02:26.0111 3728 STacSV - ok
17:02:26.0141 3728 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:02:26.0141 3728 stexstor - ok
17:02:26.0171 3728 [ DDB811B13D827081E7C1DDFF302AB334 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:02:26.0181 3728 STHDA - ok
17:02:26.0221 3728 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:02:26.0221 3728 StillCam - ok
17:02:26.0261 3728 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:02:26.0291 3728 stisvc - ok
17:02:26.0311 3728 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:02:26.0311 3728 swenum - ok
17:02:26.0351 3728 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:02:26.0361 3728 swprv - ok
17:02:26.0431 3728 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:02:26.0471 3728 SysMain - ok
17:02:26.0491 3728 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:02:26.0491 3728 TabletInputService - ok
17:02:26.0531 3728 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:02:26.0531 3728 TapiSrv - ok
17:02:26.0561 3728 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:02:26.0561 3728 TBS - ok
17:02:26.0631 3728 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:02:26.0701 3728 Tcpip - ok
17:02:26.0761 3728 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:02:26.0771 3728 TCPIP6 - ok
17:02:26.0791 3728 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:02:26.0791 3728 tcpipreg - ok
17:02:26.0831 3728 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:02:26.0831 3728 TDPIPE - ok
17:02:26.0861 3728 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:02:26.0861 3728 TDTCP - ok
17:02:26.0881 3728 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:02:26.0881 3728 tdx - ok
17:02:26.0901 3728 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:02:26.0901 3728 TermDD - ok
17:02:26.0941 3728 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:02:26.0961 3728 TermService - ok
17:02:27.0001 3728 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:02:27.0001 3728 Themes - ok
17:02:27.0021 3728 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:02:27.0021 3728 THREADORDER - ok
17:02:27.0081 3728 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:02:27.0081 3728 TrkWks - ok
17:02:27.0121 3728 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:02:27.0121 3728 TrustedInstaller - ok
17:02:27.0151 3728 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:02:27.0151 3728 tssecsrv - ok
17:02:27.0191 3728 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:02:27.0191 3728 TsUsbFlt - ok
17:02:27.0231 3728 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:02:27.0241 3728 tunnel - ok
17:02:27.0281 3728 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
17:02:27.0281 3728 TurboB - ok
17:02:27.0331 3728 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:02:27.0341 3728 TurboBoost - ok
17:02:27.0371 3728 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:02:27.0371 3728 uagp35 - ok
17:02:27.0411 3728 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:02:27.0411 3728 udfs - ok
17:02:27.0491 3728 [ 2E071263A409931F8AFF3A6A656E920C ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
17:02:27.0501 3728 UI Assistant Service - ok
17:02:27.0531 3728 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:02:27.0531 3728 UI0Detect - ok
17:02:27.0561 3728 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:02:27.0561 3728 uliagpkx - ok
17:02:27.0591 3728 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:02:27.0591 3728 umbus - ok
17:02:27.0621 3728 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:02:27.0621 3728 UmPass - ok
17:02:27.0711 3728 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:02:27.0761 3728 UNS - ok
17:02:27.0791 3728 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:02:27.0801 3728 upnphost - ok
17:02:27.0841 3728 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:02:27.0851 3728 usbccgp - ok
17:02:27.0871 3728 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:02:27.0871 3728 usbcir - ok
17:02:27.0891 3728 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:02:27.0901 3728 usbehci - ok
17:02:27.0931 3728 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:02:27.0941 3728 usbhub - ok
17:02:27.0951 3728 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:02:27.0961 3728 usbohci - ok
17:02:27.0991 3728 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:02:28.0001 3728 usbprint - ok
17:02:28.0031 3728 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:02:28.0031 3728 usbscan - ok
17:02:28.0041 3728 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:02:28.0051 3728 USBSTOR - ok
17:02:28.0071 3728 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:02:28.0071 3728 usbuhci - ok
17:02:28.0131 3728 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:02:28.0131 3728 usbvideo - ok
17:02:28.0161 3728 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:02:28.0161 3728 UxSms - ok
17:02:28.0171 3728 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:02:28.0181 3728 VaultSvc - ok
17:02:28.0201 3728 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:02:28.0201 3728 vdrvroot - ok
17:02:28.0231 3728 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:02:28.0251 3728 vds - ok
17:02:28.0281 3728 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:02:28.0281 3728 vga - ok
17:02:28.0301 3728 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:02:28.0301 3728 VgaSave - ok
17:02:28.0331 3728 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:02:28.0331 3728 vhdmp - ok
17:02:28.0361 3728 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:02:28.0361 3728 viaide - ok
17:02:28.0401 3728 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:02:28.0401 3728 volmgr - ok
17:02:28.0441 3728 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:02:28.0441 3728 volmgrx - ok
17:02:28.0461 3728 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:02:28.0471 3728 volsnap - ok
17:02:28.0511 3728 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:02:28.0511 3728 vsmraid - ok
17:02:28.0571 3728 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:02:28.0611 3728 VSS - ok
17:02:28.0631 3728 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:02:28.0631 3728 vwifibus - ok
17:02:28.0651 3728 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:02:28.0651 3728 vwififlt - ok
17:02:28.0681 3728 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:02:28.0681 3728 vwifimp - ok
17:02:28.0731 3728 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:02:28.0741 3728 W32Time - ok
17:02:28.0761 3728 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:02:28.0761 3728 WacomPen - ok
17:02:28.0791 3728 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:02:28.0791 3728 WANARP - ok
17:02:28.0801 3728 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:02:28.0801 3728 Wanarpv6 - ok
17:02:28.0871 3728 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:02:28.0911 3728 WatAdminSvc - ok
17:02:28.0971 3728 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:02:29.0021 3728 wbengine - ok
17:02:29.0041 3728 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:02:29.0051 3728 WbioSrvc - ok
17:02:29.0091 3728 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:02:29.0091 3728 wcncsvc - ok
17:02:29.0121 3728 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:02:29.0121 3728 WcsPlugInService - ok
17:02:29.0141 3728 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:02:29.0151 3728 Wd - ok
17:02:29.0171 3728 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:02:29.0201 3728 Wdf01000 - ok
17:02:29.0221 3728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:02:29.0221 3728 WdiServiceHost - ok
17:02:29.0231 3728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:02:29.0231 3728 WdiSystemHost - ok
17:02:29.0261 3728 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:02:29.0261 3728 WebClient - ok
17:02:29.0291 3728 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:02:29.0301 3728 Wecsvc - ok
17:02:29.0331 3728 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:02:29.0341 3728 wercplsupport - ok
17:02:29.0371 3728 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:02:29.0381 3728 WerSvc - ok
17:02:29.0401 3728 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:02:29.0411 3728 WfpLwf - ok
17:02:29.0451 3728 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
17:02:29.0461 3728 WimFltr - ok
17:02:29.0471 3728 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:02:29.0481 3728 WIMMount - ok
17:02:29.0481 3728 WinHttpAutoProxySvc - ok
17:02:29.0541 3728 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:02:29.0551 3728 Winmgmt - ok
17:02:29.0621 3728 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:02:29.0691 3728 WinRM - ok
17:02:29.0761 3728 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:02:29.0761 3728 WinUsb - ok
17:02:29.0791 3728 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:02:29.0821 3728 Wlansvc - ok
17:02:29.0841 3728 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:02:29.0841 3728 WmiAcpi - ok
17:02:29.0871 3728 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:02:29.0871 3728 wmiApSrv - ok
17:02:29.0901 3728 WMPNetworkSvc - ok
17:02:29.0931 3728 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:02:29.0931 3728 WPCSvc - ok
17:02:29.0951 3728 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:02:29.0951 3728 WPDBusEnum - ok
17:02:29.0991 3728 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:02:29.0991 3728 ws2ifsl - ok
17:02:29.0991 3728 WSearch - ok
17:02:30.0011 3728 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:02:30.0011 3728 WudfPf - ok
17:02:30.0061 3728 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:02:30.0061 3728 WUDFRd - ok
17:02:30.0081 3728 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:02:30.0091 3728 wudfsvc - ok
17:02:30.0121 3728 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:02:30.0131 3728 WwanSvc - ok
17:02:30.0171 3728 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
17:02:30.0181 3728 ZTEusbmdm6k - ok
17:02:30.0201 3728 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
17:02:30.0211 3728 ZTEusbnmea - ok
17:02:30.0241 3728 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
17:02:30.0241 3728 ZTEusbser6k - ok
17:02:30.0311 3728 [ 74983ADDCA2D9618512C088D856D6615 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
17:02:30.0311 3728 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
17:02:30.0341 3728 ================ Scan global ===============================
17:02:30.0361 3728 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:02:30.0391 3728 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:02:30.0401 3728 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:02:30.0421 3728 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:02:30.0461 3728 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
17:02:30.0471 3728 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
17:02:30.0471 3728 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
17:02:30.0471 3728 ================ Scan MBR ==================================
17:02:30.0491 3728 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:02:30.0871 3728 \Device\Harddisk0\DR0 - ok
17:02:30.0871 3728 ================ Scan VBR ==================================
17:02:30.0871 3728 [ 2CE15AE69BD2EA14D1E16594C9F40589 ] \Device\Harddisk0\DR0\Partition1
17:02:30.0881 3728 \Device\Harddisk0\DR0\Partition1 - ok
17:02:30.0901 3728 [ 5BA4E991FFDBB372F353561123237AA1 ] \Device\Harddisk0\DR0\Partition2
17:02:30.0911 3728 \Device\Harddisk0\DR0\Partition2 - ok
17:02:30.0911 3728 ============================================================
17:02:30.0911 3728 Scan finished
17:02:30.0911 3728 ============================================================
17:02:30.0921 3512 Detected object count: 1
17:02:30.0921 3512 Actual detected object count: 1
17:03:32.0891 3512 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
17:03:32.0891 3512 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
Wenn nicht heisst das wohl dass ich format C machen sollte und Win 7 neu installieren muss. Das Problem is, dass die Hersteller bei den Recovery DVDs sparen und ich mir selbst eine erstellen muss. Brenn ich damit nicht den Malware scheiss mit drauf? gruß Ich hoffe das hier liest noch jemand.....ich brauch den PC (wie wahrscheinlich jeder  ) dringenst für die Arbeit.Schonmal danke im Vorraus für eure Hilfe! Gruß Andi Ich hoffe das hier liest noch jemand.....ich brauch den PC (wie wahrscheinlich jeder ) dringenst für die Arbeit. Schonmal danke im Vorraus für eure Hilfe! Gruß Andi |
|
24.10.2012, 08:16
| #5 |
| /// Malwareteam | ATRAPS.gen2 von AVIRA gemeldet Schritt 1: Fix mit TDSS-Killer Dowloade Dir bitte TDSSKiller.exe und speichere die Datei am Desktop.
Schritt 2: Neues TDSS-Killer-Log Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
24.10.2012, 08:31
| #6 |
| | ATRAPS.gen2 von AVIRA gemeldet Hier die logfile von TDSS Killer nach Kopieren in Quarantäne: Code:
ATTFilter 09:26:32.0878 3352 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:26:33.0096 3352 ============================================================
09:26:33.0096 3352 Current date / time: 2012/10/24 09:26:33.0096
09:26:33.0096 3352 SystemInfo:
09:26:33.0096 3352
09:26:33.0096 3352 OS Version: 6.1.7601 ServicePack: 1.0
09:26:33.0096 3352 Product type: Workstation
09:26:33.0096 3352 ComputerName: TICKERT
09:26:33.0096 3352 UserName: Andreas Tickert
09:26:33.0096 3352 Windows directory: C:\Windows
09:26:33.0096 3352 System windows directory: C:\Windows
09:26:33.0096 3352 Running under WOW64
09:26:33.0096 3352 Processor architecture: Intel x64
09:26:33.0096 3352 Number of processors: 4
09:26:33.0096 3352 Page size: 0x1000
09:26:33.0096 3352 Boot type: Normal boot
09:26:33.0096 3352 ============================================================
09:26:35.0967 3352 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:26:35.0967 3352 ============================================================
09:26:35.0967 3352 \Device\Harddisk0\DR0:
09:26:35.0967 3352 MBR partitions:
09:26:35.0967 3352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0xE8E0168
09:26:35.0982 3352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2000, BlocksNum 0x29393800
09:26:35.0982 3352 ============================================================
09:26:36.0045 3352 C: <-> \Device\Harddisk0\DR0\Partition1
09:26:36.0060 3352 D: <-> \Device\Harddisk0\DR0\Partition2
09:26:36.0060 3352 ============================================================
09:26:36.0060 3352 Initialize success
09:26:36.0060 3352 ============================================================
09:26:44.0063 0768 ============================================================
09:26:44.0063 0768 Scan started
09:26:44.0063 0768 Mode: Manual;
09:26:44.0063 0768 ============================================================
09:26:45.0545 0768 ================ Scan system memory ========================
09:26:45.0545 0768 System memory - ok
09:26:45.0545 0768 ================ Scan services =============================
09:26:46.0902 0768 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:26:46.0902 0768 1394ohci - ok
09:26:46.0996 0768 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:26:46.0996 0768 ACPI - ok
09:26:47.0058 0768 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:26:47.0074 0768 AcpiPmi - ok
09:26:48.0369 0768 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:26:48.0369 0768 AdobeFlashPlayerUpdateSvc - ok
09:26:48.0462 0768 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:26:48.0478 0768 adp94xx - ok
09:26:48.0509 0768 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:26:48.0509 0768 adpahci - ok
09:26:48.0525 0768 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:26:48.0540 0768 adpu320 - ok
09:26:48.0572 0768 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:26:48.0572 0768 AeLookupSvc - ok
09:26:48.0634 0768 [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent C:\Windows\system32\FBAgent.exe
09:26:48.0634 0768 AFBAgent - ok
09:26:48.0681 0768 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:26:48.0681 0768 AFD - ok
09:26:48.0728 0768 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:26:48.0728 0768 agp440 - ok
09:26:48.0743 0768 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:26:48.0743 0768 ALG - ok
09:26:48.0774 0768 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:26:48.0790 0768 aliide - ok
09:26:48.0806 0768 [ 46693222FCDB3175AAAED017EAA6FCC7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:26:48.0806 0768 AMD External Events Utility - ok
09:26:48.0837 0768 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:26:48.0837 0768 amdide - ok
09:26:48.0868 0768 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:26:48.0868 0768 AmdK8 - ok
09:26:49.0008 0768 [ 99C262242A279976206ECE1D3C74DF27 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:26:49.0149 0768 amdkmdag - ok
09:26:49.0196 0768 [ 20B63276A1920B41E1C56720B395049B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:26:49.0196 0768 amdkmdap - ok
09:26:49.0227 0768 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:26:49.0227 0768 AmdPPM - ok
09:26:49.0274 0768 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:26:49.0274 0768 amdsata - ok
09:26:49.0305 0768 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:26:49.0320 0768 amdsbs - ok
09:26:49.0320 0768 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:26:49.0320 0768 amdxata - ok
09:26:49.0367 0768 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
09:26:49.0367 0768 AmUStor - ok
09:26:49.0445 0768 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:26:49.0445 0768 AntiVirSchedulerService - ok
09:26:49.0476 0768 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:26:49.0476 0768 AntiVirService - ok
09:26:49.0523 0768 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:26:49.0523 0768 AppID - ok
09:26:49.0539 0768 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:26:49.0539 0768 AppIDSvc - ok
09:26:49.0570 0768 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:26:49.0570 0768 Appinfo - ok
09:26:49.0586 0768 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:26:49.0586 0768 arc - ok
09:26:49.0617 0768 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:26:49.0617 0768 arcsas - ok
09:26:49.0695 0768 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
09:26:49.0695 0768 ASLDRService - ok
09:26:49.0710 0768 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
09:26:49.0710 0768 ASMMAP64 - ok
09:26:49.0742 0768 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:26:49.0742 0768 AsyncMac - ok
09:26:49.0773 0768 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:26:49.0788 0768 atapi - ok
09:26:49.0835 0768 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:26:49.0866 0768 athr - ok
09:26:49.0929 0768 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
09:26:49.0929 0768 AtiHdmiService - ok
09:26:50.0069 0768 [ 99C262242A279976206ECE1D3C74DF27 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:26:50.0100 0768 atikmdag - ok
09:26:50.0132 0768 [ 63F1212FFE13E62CA1E8D8EE19ABD9A7 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
09:26:50.0132 0768 ATKGFNEXSrv - ok
09:26:50.0163 0768 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:26:50.0163 0768 AudioEndpointBuilder - ok
09:26:50.0178 0768 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:26:50.0178 0768 AudioSrv - ok
09:26:50.0225 0768 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
09:26:50.0225 0768 avgntflt - ok
09:26:50.0272 0768 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
09:26:50.0272 0768 avipbb - ok
09:26:50.0288 0768 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
09:26:50.0288 0768 avkmgr - ok
09:26:50.0334 0768 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:26:50.0334 0768 AxInstSV - ok
09:26:50.0381 0768 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:26:50.0381 0768 b06bdrv - ok
09:26:50.0412 0768 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:26:50.0428 0768 b57nd60a - ok
09:26:50.0475 0768 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:26:50.0490 0768 BDESVC - ok
09:26:50.0490 0768 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:26:50.0506 0768 Beep - ok
09:26:50.0522 0768 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:26:50.0522 0768 blbdrive - ok
09:26:50.0553 0768 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:26:50.0553 0768 bowser - ok
09:26:50.0568 0768 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:26:50.0600 0768 BrFiltLo - ok
09:26:50.0678 0768 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:26:50.0678 0768 BrFiltUp - ok
09:26:50.0724 0768 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:26:50.0724 0768 Browser - ok
09:26:50.0740 0768 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:26:50.0756 0768 Brserid - ok
09:26:50.0802 0768 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:26:50.0802 0768 BrSerWdm - ok
09:26:50.0818 0768 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:26:50.0818 0768 BrUsbMdm - ok
09:26:50.0834 0768 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:26:50.0834 0768 BrUsbSer - ok
09:26:50.0849 0768 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:26:50.0849 0768 BTHMODEM - ok
09:26:50.0896 0768 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:26:50.0896 0768 bthserv - ok
09:26:50.0912 0768 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:26:50.0912 0768 cdfs - ok
09:26:50.0943 0768 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:26:50.0958 0768 cdrom - ok
09:26:50.0990 0768 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:26:50.0990 0768 CertPropSvc - ok
09:26:51.0021 0768 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:26:51.0021 0768 circlass - ok
09:26:51.0068 0768 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:26:51.0068 0768 CLFS - ok
09:26:51.0146 0768 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:26:51.0146 0768 clr_optimization_v2.0.50727_32 - ok
09:26:51.0208 0768 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:26:51.0208 0768 clr_optimization_v2.0.50727_64 - ok
09:26:51.0286 0768 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:26:51.0317 0768 clr_optimization_v4.0.30319_32 - ok
09:26:51.0364 0768 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:26:51.0364 0768 clr_optimization_v4.0.30319_64 - ok
09:26:51.0395 0768 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:26:51.0395 0768 CmBatt - ok
09:26:51.0411 0768 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:26:51.0411 0768 cmdide - ok
09:26:51.0442 0768 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:26:51.0458 0768 CNG - ok
09:26:51.0489 0768 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:26:51.0489 0768 Compbatt - ok
09:26:51.0520 0768 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:26:51.0520 0768 CompositeBus - ok
09:26:51.0536 0768 COMSysApp - ok
09:26:51.0567 0768 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:26:51.0567 0768 crcdisk - ok
09:26:51.0614 0768 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:26:51.0614 0768 CryptSvc - ok
09:26:51.0645 0768 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
09:26:51.0645 0768 CVirtA - ok
09:26:51.0707 0768 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
09:26:51.0738 0768 CVPND - ok
09:26:51.0785 0768 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
09:26:51.0785 0768 CVPNDRVA - ok
09:26:51.0832 0768 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:26:51.0848 0768 DcomLaunch - ok
09:26:51.0863 0768 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:26:51.0879 0768 defragsvc - ok
09:26:51.0894 0768 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:26:51.0894 0768 DfsC - ok
09:26:51.0941 0768 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:26:51.0957 0768 Dhcp - ok
09:26:51.0988 0768 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:26:52.0004 0768 discache - ok
09:26:52.0035 0768 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:26:52.0035 0768 Disk - ok
09:26:52.0066 0768 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
09:26:52.0066 0768 DNE - ok
09:26:52.0113 0768 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:26:52.0113 0768 Dnscache - ok
09:26:52.0144 0768 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:26:52.0144 0768 dot3svc - ok
09:26:52.0175 0768 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:26:52.0191 0768 DPS - ok
09:26:52.0222 0768 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:26:52.0222 0768 drmkaud - ok
09:26:52.0253 0768 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:26:52.0269 0768 DXGKrnl - ok
09:26:52.0300 0768 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:26:52.0300 0768 EapHost - ok
09:26:52.0394 0768 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:26:52.0503 0768 ebdrv - ok
09:26:52.0534 0768 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:26:52.0534 0768 EFS - ok
09:26:52.0596 0768 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:26:52.0612 0768 ehRecvr - ok
09:26:52.0643 0768 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:26:52.0643 0768 ehSched - ok
09:26:52.0706 0768 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:26:52.0721 0768 elxstor - ok
09:26:52.0737 0768 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:26:52.0737 0768 ErrDev - ok
09:26:52.0768 0768 [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
09:26:52.0784 0768 ETD - ok
09:26:52.0815 0768 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:26:52.0830 0768 EventSystem - ok
09:26:52.0846 0768 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:26:52.0862 0768 exfat - ok
09:26:52.0877 0768 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:26:52.0877 0768 fastfat - ok
09:26:52.0924 0768 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:26:52.0940 0768 Fax - ok
09:26:52.0986 0768 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:26:52.0986 0768 fdc - ok
09:26:53.0018 0768 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:26:53.0018 0768 fdPHost - ok
09:26:53.0033 0768 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:26:53.0033 0768 FDResPub - ok
09:26:53.0033 0768 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:26:53.0049 0768 FileInfo - ok
09:26:53.0064 0768 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:26:53.0064 0768 Filetrace - ok
09:26:53.0080 0768 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:26:53.0080 0768 flpydisk - ok
09:26:53.0111 0768 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:26:53.0111 0768 FltMgr - ok
09:26:53.0174 0768 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:26:53.0205 0768 FontCache - ok
09:26:53.0267 0768 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:26:53.0267 0768 FontCache3.0.0.0 - ok
09:26:53.0298 0768 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:26:53.0298 0768 FsDepends - ok
09:26:53.0330 0768 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:26:53.0345 0768 fssfltr - ok
09:26:53.0423 0768 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:26:53.0454 0768 fsssvc - ok
09:26:53.0470 0768 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:26:53.0470 0768 Fs_Rec - ok
09:26:53.0517 0768 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:26:53.0517 0768 fvevol - ok
09:26:53.0564 0768 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:26:53.0564 0768 gagp30kx - ok
09:26:53.0642 0768 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:26:53.0673 0768 gpsvc - ok
09:26:53.0782 0768 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:26:53.0782 0768 gupdate - ok
09:26:53.0813 0768 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:26:53.0813 0768 gupdatem - ok
09:26:53.0844 0768 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:26:53.0844 0768 gusvc - ok
09:26:53.0876 0768 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:26:53.0876 0768 hcw85cir - ok
09:26:53.0922 0768 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:26:53.0922 0768 HdAudAddService - ok
09:26:53.0954 0768 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:26:53.0954 0768 HDAudBus - ok
09:26:53.0969 0768 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:26:53.0969 0768 HECIx64 - ok
09:26:53.0985 0768 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:26:53.0985 0768 HidBatt - ok
09:26:54.0016 0768 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:26:54.0016 0768 HidBth - ok
09:26:54.0032 0768 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:26:54.0032 0768 HidIr - ok
09:26:54.0063 0768 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:26:54.0063 0768 hidserv - ok
09:26:54.0110 0768 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:26:54.0110 0768 HidUsb - ok
09:26:54.0141 0768 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:26:54.0156 0768 hkmsvc - ok
09:26:54.0188 0768 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:26:54.0188 0768 HomeGroupListener - ok
09:26:54.0219 0768 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:26:54.0219 0768 HomeGroupProvider - ok
09:26:54.0266 0768 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:26:54.0281 0768 HpSAMD - ok
09:26:54.0328 0768 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:26:54.0344 0768 HTTP - ok
09:26:54.0375 0768 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:26:54.0375 0768 hwpolicy - ok
09:26:54.0422 0768 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:26:54.0422 0768 i8042prt - ok
09:26:54.0453 0768 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:26:54.0468 0768 iaStor - ok
09:26:54.0500 0768 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:26:54.0500 0768 iaStorV - ok
09:26:54.0562 0768 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:26:54.0593 0768 idsvc - ok
09:26:54.0624 0768 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:26:54.0624 0768 iirsp - ok
09:26:54.0687 0768 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:26:54.0718 0768 IKEEXT - ok
09:26:54.0749 0768 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
09:26:54.0749 0768 Impcd - ok
09:26:54.0765 0768 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:26:54.0765 0768 intelide - ok
09:26:54.0796 0768 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:26:54.0796 0768 intelppm - ok
09:26:54.0843 0768 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:26:54.0843 0768 IPBusEnum - ok
09:26:54.0874 0768 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:26:54.0874 0768 IpFilterDriver - ok
09:26:54.0905 0768 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:26:54.0905 0768 IPMIDRV - ok
09:26:54.0936 0768 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:26:54.0952 0768 IPNAT - ok
09:26:54.0968 0768 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:26:54.0968 0768 IRENUM - ok
09:26:54.0983 0768 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:26:54.0983 0768 isapnp - ok
09:26:54.0999 0768 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:26:54.0999 0768 iScsiPrt - ok
09:26:55.0014 0768 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:26:55.0030 0768 kbdclass - ok
09:26:55.0046 0768 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:26:55.0061 0768 kbdhid - ok
09:26:55.0077 0768 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
09:26:55.0092 0768 kbfiltr - ok
09:26:55.0092 0768 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:26:55.0092 0768 KeyIso - ok
09:26:55.0124 0768 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:26:55.0124 0768 KSecDD - ok
09:26:55.0155 0768 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:26:55.0155 0768 KSecPkg - ok
09:26:55.0186 0768 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:26:55.0186 0768 ksthunk - ok
09:26:55.0217 0768 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:26:55.0233 0768 KtmRm - ok
09:26:55.0264 0768 [ 9C46A5421DE9D116C47155317CABB522 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
09:26:55.0280 0768 L1C - ok
09:26:55.0295 0768 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:26:55.0311 0768 LanmanServer - ok
09:26:55.0342 0768 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:26:55.0342 0768 LanmanWorkstation - ok
09:26:55.0373 0768 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:26:55.0373 0768 lltdio - ok
09:26:55.0404 0768 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:26:55.0420 0768 lltdsvc - ok
09:26:55.0436 0768 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:26:55.0436 0768 lmhosts - ok
09:26:55.0482 0768 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:26:55.0482 0768 LMS - ok
09:26:55.0514 0768 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:26:55.0529 0768 LSI_FC - ok
09:26:55.0560 0768 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:26:55.0560 0768 LSI_SAS - ok
09:26:55.0592 0768 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:26:55.0592 0768 LSI_SAS2 - ok
09:26:55.0623 0768 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:26:55.0623 0768 LSI_SCSI - ok
09:26:55.0716 0768 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:26:55.0716 0768 luafv - ok
09:26:55.0763 0768 [ 035C83CD72E06C47000793D32B1A642D ] massfilter C:\Windows\system32\drivers\massfilter.sys
09:26:55.0763 0768 massfilter - ok
09:26:55.0826 0768 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:26:55.0826 0768 MBAMProtector - ok
09:26:55.0888 0768 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:26:55.0888 0768 MBAMScheduler - ok
09:26:55.0950 0768 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:26:55.0950 0768 MBAMService - ok
09:26:55.0982 0768 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:26:55.0997 0768 Mcx2Svc - ok
09:26:56.0028 0768 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:26:56.0028 0768 megasas - ok
09:26:56.0044 0768 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:26:56.0060 0768 MegaSR - ok
09:26:56.0075 0768 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:26:56.0075 0768 MMCSS - ok
09:26:56.0091 0768 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:26:56.0091 0768 Modem - ok
09:26:56.0106 0768 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:26:56.0106 0768 monitor - ok
09:26:56.0138 0768 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:26:56.0138 0768 mouclass - ok
09:26:56.0169 0768 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:26:56.0184 0768 mouhid - ok
09:26:56.0216 0768 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:26:56.0216 0768 mountmgr - ok
09:26:56.0294 0768 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:26:56.0294 0768 MozillaMaintenance - ok
09:26:56.0325 0768 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:26:56.0325 0768 mpio - ok
09:26:56.0340 0768 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:26:56.0356 0768 mpsdrv - ok
09:26:56.0387 0768 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:26:56.0387 0768 MRxDAV - ok
09:26:56.0418 0768 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:26:56.0418 0768 mrxsmb - ok
09:26:56.0450 0768 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:26:56.0465 0768 mrxsmb10 - ok
09:26:56.0481 0768 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:26:56.0481 0768 mrxsmb20 - ok
09:26:56.0512 0768 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:26:56.0512 0768 msahci - ok
09:26:56.0543 0768 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:26:56.0543 0768 msdsm - ok
09:26:56.0559 0768 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:26:56.0559 0768 MSDTC - ok
09:26:56.0590 0768 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:26:56.0590 0768 Msfs - ok
09:26:56.0606 0768 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:26:56.0606 0768 mshidkmdf - ok
09:26:56.0621 0768 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:26:56.0621 0768 msisadrv - ok
09:26:56.0652 0768 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:26:56.0652 0768 MSiSCSI - ok
09:26:56.0668 0768 msiserver - ok
09:26:56.0684 0768 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:26:56.0699 0768 MSKSSRV - ok
09:26:56.0715 0768 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:26:56.0715 0768 MSPCLOCK - ok
09:26:56.0730 0768 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:26:56.0730 0768 MSPQM - ok
09:26:56.0762 0768 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:26:56.0762 0768 MsRPC - ok
09:26:56.0793 0768 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:26:56.0793 0768 mssmbios - ok
09:26:56.0808 0768 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:26:56.0808 0768 MSTEE - ok
09:26:56.0808 0768 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:26:56.0824 0768 MTConfig - ok
09:26:56.0855 0768 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
09:26:56.0855 0768 MTsensor - ok
09:26:56.0886 0768 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:26:56.0886 0768 Mup - ok
09:26:56.0918 0768 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:26:56.0933 0768 napagent - ok
09:26:56.0980 0768 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:26:56.0980 0768 NativeWifiP - ok
09:26:57.0058 0768 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:26:57.0074 0768 NDIS - ok
09:26:57.0120 0768 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:26:57.0120 0768 NdisCap - ok
09:26:57.0136 0768 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:26:57.0136 0768 NdisTapi - ok
09:26:57.0167 0768 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:26:57.0167 0768 Ndisuio - ok
09:26:57.0183 0768 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:26:57.0198 0768 NdisWan - ok
09:26:57.0230 0768 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:26:57.0230 0768 NDProxy - ok
09:26:57.0261 0768 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:26:57.0276 0768 NetBIOS - ok
09:26:57.0292 0768 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:26:57.0308 0768 NetBT - ok
09:26:57.0323 0768 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:26:57.0323 0768 Netlogon - ok
09:26:57.0354 0768 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:26:57.0354 0768 Netman - ok
09:26:57.0370 0768 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:26:57.0386 0768 netprofm - ok
09:26:57.0417 0768 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:26:57.0417 0768 NetTcpPortSharing - ok
09:26:57.0432 0768 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:26:57.0448 0768 nfrd960 - ok
09:26:57.0479 0768 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:26:57.0479 0768 NlaSvc - ok
09:26:57.0510 0768 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:26:57.0510 0768 Npfs - ok
09:26:57.0542 0768 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:26:57.0542 0768 nsi - ok
09:26:57.0573 0768 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:26:57.0573 0768 nsiproxy - ok
09:26:57.0698 0768 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:26:57.0760 0768 Ntfs - ok
09:26:57.0791 0768 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:26:57.0791 0768 Null - ok
09:26:57.0822 0768 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:26:57.0822 0768 nvraid - ok
09:26:57.0854 0768 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:26:57.0854 0768 nvstor - ok
09:26:57.0885 0768 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:26:57.0885 0768 nv_agp - ok
09:26:57.0994 0768 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:26:57.0994 0768 odserv - ok
09:26:58.0025 0768 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:26:58.0041 0768 ohci1394 - ok
09:26:58.0088 0768 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:26:58.0088 0768 ose - ok
09:26:58.0119 0768 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:26:58.0134 0768 p2pimsvc - ok
09:26:58.0150 0768 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:26:58.0150 0768 p2psvc - ok
09:26:58.0181 0768 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:26:58.0181 0768 Parport - ok
09:26:58.0212 0768 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:26:58.0212 0768 partmgr - ok
09:26:58.0228 0768 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:26:58.0244 0768 PcaSvc - ok
09:26:58.0259 0768 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:26:58.0259 0768 pci - ok
09:26:58.0275 0768 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:26:58.0275 0768 pciide - ok
09:26:58.0306 0768 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:26:58.0306 0768 pcmcia - ok
09:26:58.0322 0768 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:26:58.0322 0768 pcw - ok
09:26:58.0337 0768 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:26:58.0353 0768 PEAUTH - ok
09:26:58.0431 0768 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:26:58.0431 0768 PerfHost - ok
09:26:58.0493 0768 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:26:58.0540 0768 pla - ok
09:26:58.0587 0768 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:26:58.0602 0768 PlugPlay - ok
09:26:58.0602 0768 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:26:58.0618 0768 PNRPAutoReg - ok
09:26:58.0634 0768 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:26:58.0634 0768 PNRPsvc - ok
09:26:58.0665 0768 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:26:58.0665 0768 PolicyAgent - ok
09:26:58.0712 0768 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:26:58.0712 0768 Power - ok
09:26:58.0743 0768 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:26:58.0743 0768 PptpMiniport - ok
09:26:58.0774 0768 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:26:58.0774 0768 Processor - ok
09:26:58.0821 0768 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:26:58.0821 0768 ProfSvc - ok
09:26:58.0836 0768 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:26:58.0836 0768 ProtectedStorage - ok
09:26:58.0868 0768 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:26:58.0868 0768 Psched - ok
09:26:58.0930 0768 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:26:58.0977 0768 ql2300 - ok
09:26:58.0992 0768 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:26:59.0008 0768 ql40xx - ok
09:26:59.0024 0768 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:26:59.0024 0768 QWAVE - ok
09:26:59.0055 0768 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:26:59.0055 0768 QWAVEdrv - ok
09:26:59.0070 0768 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:26:59.0070 0768 RasAcd - ok
09:26:59.0102 0768 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:26:59.0102 0768 RasAgileVpn - ok
09:26:59.0133 0768 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:26:59.0148 0768 RasAuto - ok
09:26:59.0164 0768 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:26:59.0180 0768 Rasl2tp - ok
09:26:59.0211 0768 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:26:59.0226 0768 RasMan - ok
09:26:59.0242 0768 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:26:59.0258 0768 RasPppoe - ok
09:26:59.0273 0768 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:26:59.0289 0768 RasSstp - ok
09:26:59.0304 0768 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:26:59.0320 0768 rdbss - ok
09:26:59.0336 0768 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:26:59.0336 0768 rdpbus - ok
09:26:59.0351 0768 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:26:59.0351 0768 RDPCDD - ok
09:26:59.0367 0768 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:26:59.0367 0768 RDPENCDD - ok
09:26:59.0382 0768 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:26:59.0398 0768 RDPREFMP - ok
09:26:59.0414 0768 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:26:59.0429 0768 RDPWD - ok
09:26:59.0460 0768 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:26:59.0476 0768 rdyboost - ok
09:26:59.0523 0768 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:26:59.0523 0768 RemoteAccess - ok
09:26:59.0570 0768 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:26:59.0585 0768 RemoteRegistry - ok
09:26:59.0601 0768 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:26:59.0601 0768 RpcEptMapper - ok
09:26:59.0648 0768 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:26:59.0648 0768 RpcLocator - ok
09:26:59.0741 0768 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:26:59.0741 0768 RpcSs - ok
09:26:59.0772 0768 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:26:59.0788 0768 rspndr - ok
09:26:59.0788 0768 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:26:59.0788 0768 SamSs - ok
09:26:59.0835 0768 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:26:59.0835 0768 sbp2port - ok
09:26:59.0866 0768 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:26:59.0866 0768 SCardSvr - ok
09:26:59.0897 0768 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:26:59.0897 0768 scfilter - ok
09:26:59.0944 0768 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:26:59.0975 0768 Schedule - ok
09:27:00.0022 0768 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:27:00.0022 0768 SCPolicySvc - ok
09:27:00.0053 0768 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:27:00.0053 0768 SDRSVC - ok
09:27:00.0100 0768 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:27:00.0100 0768 secdrv - ok
09:27:00.0100 0768 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:27:00.0116 0768 seclogon - ok
09:27:00.0147 0768 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:27:00.0147 0768 SENS - ok
09:27:00.0162 0768 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:27:00.0162 0768 SensrSvc - ok
09:27:00.0178 0768 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:27:00.0178 0768 Serenum - ok
09:27:00.0225 0768 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:27:00.0225 0768 Serial - ok
09:27:00.0256 0768 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:27:00.0256 0768 sermouse - ok
09:27:00.0287 0768 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:27:00.0287 0768 SessionEnv - ok
09:27:00.0318 0768 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:27:00.0334 0768 sffdisk - ok
09:27:00.0350 0768 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:27:00.0350 0768 sffp_mmc - ok
09:27:00.0365 0768 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:27:00.0365 0768 sffp_sd - ok
09:27:00.0396 0768 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:27:00.0396 0768 sfloppy - ok
09:27:00.0428 0768 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:27:00.0428 0768 ShellHWDetection - ok
09:27:00.0474 0768 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
09:27:00.0474 0768 SiSGbeLH - ok
09:27:00.0506 0768 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:27:00.0506 0768 SiSRaid2 - ok
09:27:00.0521 0768 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:27:00.0521 0768 SiSRaid4 - ok
09:27:00.0584 0768 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:27:00.0584 0768 SkypeUpdate - ok
09:27:00.0615 0768 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:27:00.0615 0768 Smb - ok
09:27:00.0646 0768 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:27:00.0646 0768 SNMPTRAP - ok
09:27:00.0724 0768 [ F06A6DE8438F7446BFF9E61F31356521 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
09:27:00.0786 0768 SNP2UVC - ok
09:27:00.0818 0768 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:27:00.0818 0768 spldr - ok
09:27:00.0849 0768 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:27:00.0849 0768 Spooler - ok
09:27:00.0958 0768 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:27:01.0052 0768 sppsvc - ok
09:27:01.0083 0768 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:27:01.0083 0768 sppuinotify - ok
09:27:01.0114 0768 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:27:01.0130 0768 srv - ok
09:27:01.0145 0768 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:27:01.0145 0768 srv2 - ok
09:27:01.0161 0768 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:27:01.0161 0768 srvnet - ok
09:27:01.0176 0768 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:27:01.0192 0768 SSDPSRV - ok
09:27:01.0192 0768 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:27:01.0208 0768 SstpSvc - ok
09:27:01.0301 0768 [ 94A6522AC9F3E05FD039AD105ADE96D0 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe
09:27:01.0301 0768 STacSV - ok
09:27:01.0332 0768 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:27:01.0332 0768 stexstor - ok
09:27:01.0379 0768 [ DDB811B13D827081E7C1DDFF302AB334 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
09:27:01.0395 0768 STHDA - ok
09:27:01.0426 0768 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
09:27:01.0426 0768 StillCam - ok
09:27:01.0473 0768 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:27:01.0488 0768 stisvc - ok
09:27:01.0520 0768 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:27:01.0520 0768 swenum - ok
09:27:01.0613 0768 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:27:01.0613 0768 swprv - ok
09:27:01.0722 0768 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:27:01.0769 0768 SysMain - ok
09:27:01.0800 0768 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:27:01.0800 0768 TabletInputService - ok
09:27:01.0816 0768 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:27:01.0832 0768 TapiSrv - ok
09:27:01.0847 0768 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:27:01.0847 0768 TBS - ok
09:27:01.0910 0768 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:27:01.0956 0768 Tcpip - ok
09:27:02.0019 0768 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:27:02.0034 0768 TCPIP6 - ok
09:27:02.0066 0768 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:27:02.0066 0768 tcpipreg - ok
09:27:02.0081 0768 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:27:02.0097 0768 TDPIPE - ok
09:27:02.0112 0768 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:27:02.0112 0768 TDTCP - ok
09:27:02.0128 0768 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:27:02.0128 0768 tdx - ok
09:27:02.0144 0768 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:27:02.0144 0768 TermDD - ok
09:27:02.0175 0768 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:27:02.0206 0768 TermService - ok
09:27:02.0237 0768 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:27:02.0237 0768 Themes - ok
09:27:02.0253 0768 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:27:02.0268 0768 THREADORDER - ok
09:27:02.0300 0768 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:27:02.0300 0768 TrkWks - ok
09:27:02.0346 0768 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:27:02.0346 0768 TrustedInstaller - ok
09:27:02.0378 0768 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:27:02.0378 0768 tssecsrv - ok
09:27:02.0424 0768 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:27:02.0424 0768 TsUsbFlt - ok
09:27:02.0456 0768 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:27:02.0456 0768 tunnel - ok
09:27:02.0502 0768 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
09:27:02.0502 0768 TurboB - ok
09:27:02.0549 0768 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
09:27:02.0549 0768 TurboBoost - ok
09:27:02.0580 0768 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:27:02.0580 0768 uagp35 - ok
09:27:02.0627 0768 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:27:02.0627 0768 udfs - ok
09:27:02.0705 0768 [ 2E071263A409931F8AFF3A6A656E920C ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
09:27:02.0721 0768 UI Assistant Service - ok
09:27:02.0736 0768 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:27:02.0752 0768 UI0Detect - ok
09:27:02.0768 0768 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:27:02.0783 0768 uliagpkx - ok
09:27:02.0799 0768 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:27:02.0799 0768 umbus - ok
09:27:02.0830 0768 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:27:02.0846 0768 UmPass - ok
09:27:02.0939 0768 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:27:03.0002 0768 UNS - ok
09:27:03.0033 0768 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:27:03.0048 0768 upnphost - ok
09:27:03.0080 0768 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:27:03.0080 0768 usbccgp - ok
09:27:03.0095 0768 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:27:03.0095 0768 usbcir - ok
09:27:03.0126 0768 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:27:03.0126 0768 usbehci - ok
09:27:03.0142 0768 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:27:03.0158 0768 usbhub - ok
09:27:03.0173 0768 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:27:03.0173 0768 usbohci - ok
09:27:03.0204 0768 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:27:03.0220 0768 usbprint - ok
09:27:03.0251 0768 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:27:03.0251 0768 usbscan - ok
09:27:03.0267 0768 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:27:03.0267 0768 USBSTOR - ok
09:27:03.0298 0768 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:27:03.0298 0768 usbuhci - ok
09:27:03.0345 0768 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:27:03.0345 0768 usbvideo - ok
09:27:03.0376 0768 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:27:03.0376 0768 UxSms - ok
09:27:03.0392 0768 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:27:03.0392 0768 VaultSvc - ok
09:27:03.0423 0768 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:27:03.0423 0768 vdrvroot - ok
09:27:03.0454 0768 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:27:03.0470 0768 vds - ok
09:27:03.0501 0768 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:27:03.0501 0768 vga - ok
09:27:03.0516 0768 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:27:03.0516 0768 VgaSave - ok
09:27:03.0548 0768 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:27:03.0548 0768 vhdmp - ok
09:27:03.0579 0768 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:27:03.0594 0768 viaide - ok
09:27:03.0610 0768 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:27:03.0610 0768 volmgr - ok
09:27:03.0704 0768 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:27:03.0704 0768 volmgrx - ok
09:27:03.0735 0768 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:27:03.0735 0768 volsnap - ok
09:27:03.0782 0768 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:27:03.0782 0768 vsmraid - ok
09:27:03.0844 0768 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:27:03.0891 0768 VSS - ok
09:27:03.0906 0768 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:27:03.0906 0768 vwifibus - ok
09:27:03.0922 0768 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:27:03.0922 0768 vwififlt - ok
09:27:03.0953 0768 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:27:03.0953 0768 vwifimp - ok
09:27:04.0000 0768 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:27:04.0016 0768 W32Time - ok
09:27:04.0031 0768 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:27:04.0031 0768 WacomPen - ok
09:27:04.0078 0768 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:27:04.0078 0768 WANARP - ok
09:27:04.0094 0768 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:27:04.0094 0768 Wanarpv6 - ok
09:27:04.0218 0768 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:27:04.0250 0768 WatAdminSvc - ok
09:27:04.0312 0768 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:27:04.0359 0768 wbengine - ok
09:27:04.0374 0768 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:27:04.0390 0768 WbioSrvc - ok
09:27:04.0421 0768 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:27:04.0437 0768 wcncsvc - ok
09:27:04.0452 0768 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:27:04.0452 0768 WcsPlugInService - ok
09:27:04.0468 0768 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:27:04.0468 0768 Wd - ok
09:27:04.0499 0768 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:27:04.0530 0768 Wdf01000 - ok
09:27:04.0546 0768 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:27:04.0546 0768 WdiServiceHost - ok
09:27:04.0562 0768 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:27:04.0562 0768 WdiSystemHost - ok
09:27:04.0593 0768 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:27:04.0593 0768 WebClient - ok
09:27:04.0608 0768 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:27:04.0608 0768 Wecsvc - ok
09:27:04.0624 0768 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:27:04.0640 0768 wercplsupport - ok
09:27:04.0655 0768 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:27:04.0655 0768 WerSvc - ok
09:27:04.0686 0768 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:27:04.0686 0768 WfpLwf - ok
09:27:04.0718 0768 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
09:27:04.0733 0768 WimFltr - ok
09:27:04.0749 0768 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:27:04.0749 0768 WIMMount - ok
09:27:04.0749 0768 WinHttpAutoProxySvc - ok
09:27:04.0811 0768 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:27:04.0827 0768 Winmgmt - ok
09:27:04.0889 0768 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:27:04.0952 0768 WinRM - ok
09:27:05.0014 0768 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:27:05.0014 0768 WinUsb - ok
09:27:05.0061 0768 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:27:05.0092 0768 Wlansvc - ok
09:27:05.0108 0768 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:27:05.0108 0768 WmiAcpi - ok
09:27:05.0123 0768 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:27:05.0139 0768 wmiApSrv - ok
09:27:05.0154 0768 WMPNetworkSvc - ok
09:27:05.0186 0768 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:27:05.0186 0768 WPCSvc - ok
09:27:05.0217 0768 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:27:05.0217 0768 WPDBusEnum - ok
09:27:05.0248 0768 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:27:05.0248 0768 ws2ifsl - ok
09:27:05.0248 0768 WSearch - ok
09:27:05.0279 0768 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:27:05.0279 0768 WudfPf - ok
09:27:05.0310 0768 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:27:05.0326 0768 WUDFRd - ok
09:27:05.0342 0768 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:27:05.0357 0768 wudfsvc - ok
09:27:05.0388 0768 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:27:05.0388 0768 WwanSvc - ok
09:27:05.0435 0768 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
09:27:05.0435 0768 ZTEusbmdm6k - ok
09:27:05.0466 0768 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
09:27:05.0466 0768 ZTEusbnmea - ok
09:27:05.0498 0768 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
09:27:05.0498 0768 ZTEusbser6k - ok
09:27:05.0576 0768 [ 74983ADDCA2D9618512C088D856D6615 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
09:27:05.0576 0768 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
09:27:05.0622 0768 ================ Scan global ===============================
09:27:05.0654 0768 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:27:05.0732 0768 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:27:05.0747 0768 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:27:05.0763 0768 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:27:05.0810 0768 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
09:27:05.0810 0768 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
09:27:05.0810 0768 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
09:27:05.0810 0768 ================ Scan MBR ==================================
09:27:05.0825 0768 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:27:06.0106 0768 \Device\Harddisk0\DR0 - ok
09:27:06.0106 0768 ================ Scan VBR ==================================
09:27:06.0122 0768 [ 2CE15AE69BD2EA14D1E16594C9F40589 ] \Device\Harddisk0\DR0\Partition1
09:27:06.0122 0768 \Device\Harddisk0\DR0\Partition1 - ok
09:27:06.0137 0768 [ 5BA4E991FFDBB372F353561123237AA1 ] \Device\Harddisk0\DR0\Partition2
09:27:06.0153 0768 \Device\Harddisk0\DR0\Partition2 - ok
09:27:06.0153 0768 ============================================================
09:27:06.0153 0768 Scan finished
09:27:06.0153 0768 ============================================================
09:27:06.0168 2976 Detected object count: 1
09:27:06.0168 2976 Actual detected object count: 1
09:27:11.0160 2976 C:\Windows\system32\services.exe - copied to quarantine
09:27:12.0908 2976 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
09:27:12.0923 2976 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
09:27:13.0017 2976 C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\@ - copied to quarantine
09:27:13.0032 2976 C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L\00000004.@ - copied to quarantine
09:27:13.0032 2976 C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L\201d3dde - copied to quarantine
09:27:13.0032 2976 C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000004.@ - copied to quarantine
09:27:13.0032 2976 C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000008.@ - copied to quarantine
09:27:13.0048 2976 C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\000000cb.@ - copied to quarantine
09:27:13.0048 2976 C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000000.@ - copied to quarantine
09:27:13.0048 2976 C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000032.@ - copied to quarantine
09:27:13.0064 2976 C:\Windows\installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000064.@ - copied to quarantine
09:27:13.0376 2976 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Quarantine
09:27:17.0634 4140 Deinitialize success
|
|
24.10.2012, 08:34
| #7 |
| | ATRAPS.gen2 von AVIRA gemeldet Hier die neue logfile nach dem 2.Scan: Code:
ATTFilter 09:31:54.0550 2336 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:31:54.0768 2336 ============================================================
09:31:54.0768 2336 Current date / time: 2012/10/24 09:31:54.0768
09:31:54.0768 2336 SystemInfo:
09:31:54.0768 2336
09:31:54.0768 2336 OS Version: 6.1.7601 ServicePack: 1.0
09:31:54.0768 2336 Product type: Workstation
09:31:54.0768 2336 ComputerName: TICKERT
09:31:54.0768 2336 UserName: Andreas Tickert
09:31:54.0768 2336 Windows directory: C:\Windows
09:31:54.0768 2336 System windows directory: C:\Windows
09:31:54.0768 2336 Running under WOW64
09:31:54.0768 2336 Processor architecture: Intel x64
09:31:54.0768 2336 Number of processors: 4
09:31:54.0768 2336 Page size: 0x1000
09:31:54.0768 2336 Boot type: Normal boot
09:31:54.0768 2336 ============================================================
09:31:57.0404 2336 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:31:57.0420 2336 ============================================================
09:31:57.0420 2336 \Device\Harddisk0\DR0:
09:31:57.0420 2336 MBR partitions:
09:31:57.0420 2336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0xE8E0168
09:31:57.0436 2336 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2000, BlocksNum 0x29393800
09:31:57.0436 2336 ============================================================
09:31:57.0482 2336 C: <-> \Device\Harddisk0\DR0\Partition1
09:31:57.0514 2336 D: <-> \Device\Harddisk0\DR0\Partition2
09:31:57.0514 2336 ============================================================
09:31:57.0514 2336 Initialize success
09:31:57.0514 2336 ============================================================
09:32:03.0052 2932 ============================================================
09:32:03.0052 2932 Scan started
09:32:03.0052 2932 Mode: Manual;
09:32:03.0052 2932 ============================================================
09:32:04.0190 2932 ================ Scan system memory ========================
09:32:04.0190 2932 System memory - ok
09:32:04.0190 2932 ================ Scan services =============================
09:32:04.0378 2932 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:32:04.0378 2932 1394ohci - ok
09:32:04.0409 2932 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:32:04.0424 2932 ACPI - ok
09:32:04.0440 2932 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:32:04.0440 2932 AcpiPmi - ok
09:32:04.0580 2932 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:32:04.0580 2932 AdobeFlashPlayerUpdateSvc - ok
09:32:04.0627 2932 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:32:04.0643 2932 adp94xx - ok
09:32:04.0674 2932 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:32:04.0674 2932 adpahci - ok
09:32:04.0705 2932 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:32:04.0705 2932 adpu320 - ok
09:32:04.0736 2932 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:32:04.0736 2932 AeLookupSvc - ok
09:32:04.0799 2932 [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent C:\Windows\system32\FBAgent.exe
09:32:04.0814 2932 AFBAgent - ok
09:32:04.0939 2932 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:32:04.0955 2932 AFD - ok
09:32:05.0002 2932 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:32:05.0002 2932 agp440 - ok
09:32:05.0033 2932 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:32:05.0033 2932 ALG - ok
09:32:05.0080 2932 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:32:05.0080 2932 aliide - ok
09:32:05.0111 2932 [ 46693222FCDB3175AAAED017EAA6FCC7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:32:05.0111 2932 AMD External Events Utility - ok
09:32:05.0126 2932 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:32:05.0126 2932 amdide - ok
09:32:05.0158 2932 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:32:05.0158 2932 AmdK8 - ok
09:32:05.0345 2932 [ 99C262242A279976206ECE1D3C74DF27 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:32:05.0470 2932 amdkmdag - ok
09:32:05.0516 2932 [ 20B63276A1920B41E1C56720B395049B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:32:05.0516 2932 amdkmdap - ok
09:32:05.0532 2932 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:32:05.0548 2932 AmdPPM - ok
09:32:05.0563 2932 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:32:05.0563 2932 amdsata - ok
09:32:05.0610 2932 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:32:05.0610 2932 amdsbs - ok
09:32:05.0641 2932 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:32:05.0641 2932 amdxata - ok
09:32:05.0672 2932 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
09:32:05.0688 2932 AmUStor - ok
09:32:05.0750 2932 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:32:05.0750 2932 AntiVirSchedulerService - ok
09:32:05.0813 2932 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:32:05.0813 2932 AntiVirService - ok
09:32:05.0875 2932 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:32:05.0891 2932 AppID - ok
09:32:06.0031 2932 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:32:06.0031 2932 AppIDSvc - ok
09:32:06.0094 2932 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:32:06.0094 2932 Appinfo - ok
09:32:06.0125 2932 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:32:06.0125 2932 arc - ok
09:32:06.0125 2932 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:32:06.0140 2932 arcsas - ok
09:32:06.0203 2932 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
09:32:06.0203 2932 ASLDRService - ok
09:32:06.0218 2932 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
09:32:06.0218 2932 ASMMAP64 - ok
09:32:06.0250 2932 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:32:06.0265 2932 AsyncMac - ok
09:32:06.0296 2932 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:32:06.0296 2932 atapi - ok
09:32:06.0359 2932 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:32:06.0406 2932 athr - ok
09:32:06.0468 2932 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
09:32:06.0468 2932 AtiHdmiService - ok
09:32:06.0702 2932 [ 99C262242A279976206ECE1D3C74DF27 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:32:06.0733 2932 atikmdag - ok
09:32:06.0764 2932 [ 63F1212FFE13E62CA1E8D8EE19ABD9A7 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
09:32:06.0764 2932 ATKGFNEXSrv - ok
09:32:06.0889 2932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:32:06.0905 2932 AudioEndpointBuilder - ok
09:32:06.0936 2932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:32:06.0936 2932 AudioSrv - ok
09:32:07.0092 2932 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
09:32:07.0092 2932 avgntflt - ok
09:32:07.0186 2932 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
09:32:07.0186 2932 avipbb - ok
09:32:07.0248 2932 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
09:32:07.0248 2932 avkmgr - ok
09:32:07.0388 2932 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:32:07.0388 2932 AxInstSV - ok
09:32:07.0466 2932 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:32:07.0482 2932 b06bdrv - ok
09:32:07.0544 2932 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:32:07.0544 2932 b57nd60a - ok
09:32:07.0576 2932 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:32:07.0576 2932 BDESVC - ok
09:32:07.0591 2932 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:32:07.0591 2932 Beep - ok
09:32:07.0622 2932 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:32:07.0622 2932 blbdrive - ok
09:32:07.0654 2932 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:32:07.0654 2932 bowser - ok
09:32:07.0669 2932 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:32:07.0669 2932 BrFiltLo - ok
09:32:07.0685 2932 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:32:07.0685 2932 BrFiltUp - ok
09:32:07.0716 2932 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:32:07.0732 2932 Browser - ok
09:32:07.0747 2932 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:32:07.0747 2932 Brserid - ok
09:32:07.0763 2932 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:32:07.0778 2932 BrSerWdm - ok
09:32:07.0794 2932 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:32:07.0794 2932 BrUsbMdm - ok
09:32:07.0810 2932 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:32:07.0810 2932 BrUsbSer - ok
09:32:07.0825 2932 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:32:07.0825 2932 BTHMODEM - ok
09:32:07.0872 2932 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:32:07.0872 2932 bthserv - ok
09:32:07.0888 2932 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:32:07.0888 2932 cdfs - ok
09:32:07.0934 2932 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:32:07.0934 2932 cdrom - ok
09:32:07.0981 2932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:32:07.0981 2932 CertPropSvc - ok
09:32:08.0012 2932 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:32:08.0012 2932 circlass - ok
09:32:08.0044 2932 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:32:08.0059 2932 CLFS - ok
09:32:08.0137 2932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:32:08.0137 2932 clr_optimization_v2.0.50727_32 - ok
09:32:08.0184 2932 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:32:08.0184 2932 clr_optimization_v2.0.50727_64 - ok
09:32:08.0293 2932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:32:08.0309 2932 clr_optimization_v4.0.30319_32 - ok
09:32:08.0387 2932 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:32:08.0402 2932 clr_optimization_v4.0.30319_64 - ok
09:32:08.0418 2932 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:32:08.0418 2932 CmBatt - ok
09:32:08.0465 2932 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:32:08.0465 2932 cmdide - ok
09:32:08.0543 2932 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:32:08.0574 2932 CNG - ok
09:32:08.0605 2932 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:32:08.0605 2932 Compbatt - ok
09:32:08.0636 2932 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:32:08.0636 2932 CompositeBus - ok
09:32:08.0652 2932 COMSysApp - ok
09:32:08.0668 2932 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:32:08.0683 2932 crcdisk - ok
09:32:08.0948 2932 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:32:08.0948 2932 CryptSvc - ok
09:32:08.0980 2932 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
09:32:08.0995 2932 CVirtA - ok
09:32:09.0058 2932 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
09:32:09.0089 2932 CVPND - ok
09:32:09.0136 2932 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
09:32:09.0136 2932 CVPNDRVA - ok
09:32:09.0182 2932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:32:09.0182 2932 DcomLaunch - ok
09:32:09.0214 2932 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:32:09.0214 2932 defragsvc - ok
09:32:09.0245 2932 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:32:09.0245 2932 DfsC - ok
09:32:09.0292 2932 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:32:09.0292 2932 Dhcp - ok
09:32:09.0323 2932 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:32:09.0323 2932 discache - ok
09:32:09.0354 2932 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:32:09.0370 2932 Disk - ok
09:32:09.0401 2932 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
09:32:09.0401 2932 DNE - ok
09:32:09.0432 2932 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:32:09.0448 2932 Dnscache - ok
09:32:09.0479 2932 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:32:09.0479 2932 dot3svc - ok
09:32:09.0510 2932 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:32:09.0510 2932 DPS - ok
09:32:09.0557 2932 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:32:09.0557 2932 drmkaud - ok
09:32:09.0588 2932 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:32:09.0604 2932 DXGKrnl - ok
09:32:09.0635 2932 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:32:09.0635 2932 EapHost - ok
09:32:09.0728 2932 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:32:09.0822 2932 ebdrv - ok
09:32:09.0838 2932 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:32:09.0838 2932 EFS - ok
09:32:09.0916 2932 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:32:09.0931 2932 ehRecvr - ok
09:32:09.0962 2932 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:32:09.0978 2932 ehSched - ok
09:32:10.0072 2932 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:32:10.0103 2932 elxstor - ok
09:32:10.0134 2932 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:32:10.0134 2932 ErrDev - ok
09:32:10.0165 2932 [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
09:32:10.0181 2932 ETD - ok
09:32:10.0337 2932 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:32:10.0368 2932 EventSystem - ok
09:32:10.0477 2932 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:32:10.0508 2932 exfat - ok
09:32:10.0633 2932 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:32:10.0633 2932 fastfat - ok
09:32:10.0696 2932 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:32:10.0711 2932 Fax - ok
09:32:10.0758 2932 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:32:10.0758 2932 fdc - ok
09:32:10.0789 2932 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:32:10.0789 2932 fdPHost - ok
09:32:10.0805 2932 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:32:10.0805 2932 FDResPub - ok
09:32:10.0805 2932 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:32:10.0820 2932 FileInfo - ok
09:32:10.0836 2932 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:32:10.0836 2932 Filetrace - ok
09:32:10.0836 2932 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:32:10.0852 2932 flpydisk - ok
09:32:10.0867 2932 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:32:10.0883 2932 FltMgr - ok
09:32:10.0930 2932 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:32:10.0961 2932 FontCache - ok
09:32:11.0008 2932 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:32:11.0008 2932 FontCache3.0.0.0 - ok
09:32:11.0039 2932 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:32:11.0039 2932 FsDepends - ok
09:32:11.0070 2932 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:32:11.0070 2932 fssfltr - ok
09:32:11.0164 2932 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:32:11.0179 2932 fsssvc - ok
09:32:11.0210 2932 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:32:11.0210 2932 Fs_Rec - ok
09:32:11.0257 2932 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:32:11.0257 2932 fvevol - ok
09:32:11.0288 2932 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:32:11.0304 2932 gagp30kx - ok
09:32:11.0335 2932 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:32:11.0366 2932 gpsvc - ok
09:32:11.0444 2932 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:32:11.0444 2932 gupdate - ok
09:32:11.0491 2932 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:32:11.0491 2932 gupdatem - ok
09:32:11.0538 2932 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:32:11.0538 2932 gusvc - ok
09:32:11.0554 2932 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:32:11.0569 2932 hcw85cir - ok
09:32:11.0600 2932 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:32:11.0600 2932 HdAudAddService - ok
09:32:11.0632 2932 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:32:11.0632 2932 HDAudBus - ok
09:32:11.0647 2932 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:32:11.0647 2932 HECIx64 - ok
09:32:11.0663 2932 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:32:11.0663 2932 HidBatt - ok
09:32:11.0678 2932 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:32:11.0678 2932 HidBth - ok
09:32:11.0694 2932 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:32:11.0694 2932 HidIr - ok
09:32:11.0725 2932 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:32:11.0725 2932 hidserv - ok
09:32:11.0741 2932 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:32:11.0741 2932 HidUsb - ok
09:32:11.0772 2932 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:32:11.0772 2932 hkmsvc - ok
09:32:11.0819 2932 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:32:11.0819 2932 HomeGroupListener - ok
09:32:11.0850 2932 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:32:11.0850 2932 HomeGroupProvider - ok
09:32:11.0897 2932 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:32:11.0897 2932 HpSAMD - ok
09:32:11.0944 2932 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:32:11.0959 2932 HTTP - ok
09:32:11.0990 2932 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:32:11.0990 2932 hwpolicy - ok
09:32:12.0006 2932 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:32:12.0006 2932 i8042prt - ok
09:32:12.0053 2932 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:32:12.0053 2932 iaStor - ok
09:32:12.0084 2932 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:32:12.0084 2932 iaStorV - ok
09:32:12.0146 2932 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:32:12.0178 2932 idsvc - ok
09:32:12.0209 2932 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:32:12.0209 2932 iirsp - ok
09:32:12.0271 2932 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:32:12.0287 2932 IKEEXT - ok
09:32:12.0318 2932 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
09:32:12.0318 2932 Impcd - ok
09:32:12.0349 2932 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:32:12.0349 2932 intelide - ok
09:32:12.0380 2932 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:32:12.0380 2932 intelppm - ok
09:32:12.0427 2932 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:32:12.0427 2932 IPBusEnum - ok
09:32:12.0443 2932 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:32:12.0443 2932 IpFilterDriver - ok
09:32:12.0474 2932 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:32:12.0490 2932 IPMIDRV - ok
09:32:12.0505 2932 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:32:12.0505 2932 IPNAT - ok
09:32:12.0536 2932 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:32:12.0536 2932 IRENUM - ok
09:32:12.0536 2932 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:32:12.0552 2932 isapnp - ok
09:32:12.0568 2932 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:32:12.0583 2932 iScsiPrt - ok
09:32:12.0599 2932 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:32:12.0599 2932 kbdclass - ok
09:32:12.0630 2932 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:32:12.0630 2932 kbdhid - ok
09:32:12.0661 2932 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
09:32:12.0661 2932 kbfiltr - ok
09:32:12.0692 2932 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:32:12.0692 2932 KeyIso - ok
09:32:12.0724 2932 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:32:12.0724 2932 KSecDD - ok
09:32:12.0739 2932 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:32:12.0739 2932 KSecPkg - ok
09:32:12.0770 2932 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:32:12.0770 2932 ksthunk - ok
09:32:12.0817 2932 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:32:12.0833 2932 KtmRm - ok
09:32:12.0864 2932 [ 9C46A5421DE9D116C47155317CABB522 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
09:32:12.0864 2932 L1C - ok
09:32:12.0895 2932 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:32:12.0911 2932 LanmanServer - ok
09:32:12.0926 2932 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:32:12.0942 2932 LanmanWorkstation - ok
09:32:12.0973 2932 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:32:12.0973 2932 lltdio - ok
09:32:13.0004 2932 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:32:13.0020 2932 lltdsvc - ok
09:32:13.0020 2932 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:32:13.0020 2932 lmhosts - ok
09:32:13.0067 2932 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:32:13.0067 2932 LMS - ok
09:32:13.0098 2932 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:32:13.0098 2932 LSI_FC - ok
09:32:13.0114 2932 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:32:13.0114 2932 LSI_SAS - ok
09:32:13.0129 2932 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:32:13.0129 2932 LSI_SAS2 - ok
09:32:13.0160 2932 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:32:13.0160 2932 LSI_SCSI - ok
09:32:13.0176 2932 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:32:13.0192 2932 luafv - ok
09:32:13.0223 2932 [ 035C83CD72E06C47000793D32B1A642D ] massfilter C:\Windows\system32\drivers\massfilter.sys
09:32:13.0223 2932 massfilter - ok
09:32:13.0301 2932 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:32:13.0301 2932 MBAMProtector - ok
09:32:13.0348 2932 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:32:13.0348 2932 MBAMScheduler - ok
09:32:13.0410 2932 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:32:13.0426 2932 MBAMService - ok
09:32:13.0441 2932 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:32:13.0441 2932 Mcx2Svc - ok
09:32:13.0488 2932 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:32:13.0488 2932 megasas - ok
09:32:13.0519 2932 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:32:13.0519 2932 MegaSR - ok
09:32:13.0550 2932 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:32:13.0550 2932 MMCSS - ok
09:32:13.0582 2932 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:32:13.0582 2932 Modem - ok
09:32:13.0613 2932 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:32:13.0613 2932 monitor - ok
09:32:13.0644 2932 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:32:13.0644 2932 mouclass - ok
09:32:13.0691 2932 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:32:13.0691 2932 mouhid - ok
09:32:13.0722 2932 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:32:13.0738 2932 mountmgr - ok
09:32:13.0816 2932 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:32:13.0816 2932 MozillaMaintenance - ok
09:32:13.0831 2932 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:32:13.0847 2932 mpio - ok
09:32:13.0862 2932 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:32:13.0862 2932 mpsdrv - ok
09:32:13.0894 2932 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:32:13.0894 2932 MRxDAV - ok
09:32:13.0925 2932 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:32:13.0925 2932 mrxsmb - ok
09:32:13.0972 2932 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:32:13.0987 2932 mrxsmb10 - ok
09:32:14.0003 2932 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:32:14.0003 2932 mrxsmb20 - ok
09:32:14.0018 2932 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:32:14.0018 2932 msahci - ok
09:32:14.0050 2932 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:32:14.0065 2932 msdsm - ok
09:32:14.0081 2932 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:32:14.0081 2932 MSDTC - ok
09:32:14.0112 2932 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:32:14.0112 2932 Msfs - ok
09:32:14.0128 2932 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:32:14.0128 2932 mshidkmdf - ok
09:32:14.0159 2932 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:32:14.0159 2932 msisadrv - ok
09:32:14.0174 2932 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:32:14.0174 2932 MSiSCSI - ok
09:32:14.0190 2932 msiserver - ok
09:32:14.0206 2932 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:32:14.0206 2932 MSKSSRV - ok
09:32:14.0221 2932 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:32:14.0237 2932 MSPCLOCK - ok
09:32:14.0252 2932 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:32:14.0252 2932 MSPQM - ok
09:32:14.0284 2932 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:32:14.0284 2932 MsRPC - ok
09:32:14.0315 2932 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:32:14.0315 2932 mssmbios - ok
09:32:14.0330 2932 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:32:14.0330 2932 MSTEE - ok
09:32:14.0346 2932 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:32:14.0346 2932 MTConfig - ok
09:32:14.0393 2932 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
09:32:14.0393 2932 MTsensor - ok
09:32:14.0408 2932 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:32:14.0408 2932 Mup - ok
09:32:14.0440 2932 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:32:14.0440 2932 napagent - ok
09:32:14.0502 2932 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:32:14.0502 2932 NativeWifiP - ok
09:32:14.0564 2932 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:32:14.0596 2932 NDIS - ok
09:32:14.0642 2932 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:32:14.0642 2932 NdisCap - ok
09:32:14.0658 2932 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:32:14.0658 2932 NdisTapi - ok
09:32:14.0689 2932 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:32:14.0689 2932 Ndisuio - ok
09:32:14.0720 2932 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:32:14.0720 2932 NdisWan - ok
09:32:14.0752 2932 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:32:14.0752 2932 NDProxy - ok
09:32:14.0783 2932 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:32:14.0783 2932 NetBIOS - ok
09:32:14.0814 2932 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:32:14.0830 2932 NetBT - ok
09:32:14.0861 2932 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:32:14.0861 2932 Netlogon - ok
09:32:14.0892 2932 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:32:14.0892 2932 Netman - ok
09:32:14.0908 2932 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:32:14.0923 2932 netprofm - ok
09:32:14.0939 2932 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:32:14.0939 2932 NetTcpPortSharing - ok
09:32:14.0970 2932 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:32:14.0970 2932 nfrd960 - ok
09:32:15.0001 2932 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:32:15.0017 2932 NlaSvc - ok
09:32:15.0048 2932 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:32:15.0048 2932 Npfs - ok
09:32:15.0079 2932 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:32:15.0079 2932 nsi - ok
09:32:15.0110 2932 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:32:15.0110 2932 nsiproxy - ok
09:32:15.0188 2932 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:32:15.0220 2932 Ntfs - ok
09:32:15.0251 2932 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:32:15.0266 2932 Null - ok
09:32:15.0298 2932 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:32:15.0298 2932 nvraid - ok
09:32:15.0313 2932 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:32:15.0329 2932 nvstor - ok
09:32:15.0344 2932 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:32:15.0360 2932 nv_agp - ok
09:32:15.0469 2932 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:32:15.0469 2932 odserv - ok
09:32:15.0500 2932 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:32:15.0516 2932 ohci1394 - ok
09:32:15.0563 2932 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:32:15.0563 2932 ose - ok
09:32:15.0594 2932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:32:15.0610 2932 p2pimsvc - ok
09:32:15.0625 2932 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:32:15.0625 2932 p2psvc - ok
09:32:15.0656 2932 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:32:15.0656 2932 Parport - ok
09:32:15.0688 2932 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:32:15.0688 2932 partmgr - ok
09:32:15.0703 2932 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:32:15.0719 2932 PcaSvc - ok
09:32:15.0734 2932 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:32:15.0734 2932 pci - ok
09:32:15.0766 2932 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:32:15.0766 2932 pciide - ok
09:32:15.0797 2932 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:32:15.0797 2932 pcmcia - ok
09:32:15.0812 2932 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:32:15.0812 2932 pcw - ok
09:32:15.0844 2932 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:32:15.0844 2932 PEAUTH - ok
09:32:15.0937 2932 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:32:15.0937 2932 PerfHost - ok
09:32:16.0000 2932 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:32:16.0046 2932 pla - ok
09:32:16.0093 2932 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:32:16.0109 2932 PlugPlay - ok
09:32:16.0124 2932 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:32:16.0124 2932 PNRPAutoReg - ok
09:32:16.0156 2932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:32:16.0156 2932 PNRPsvc - ok
09:32:16.0436 2932 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:32:16.0468 2932 PolicyAgent - ok
09:32:16.0514 2932 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:32:16.0514 2932 Power - ok
09:32:16.0546 2932 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:32:16.0546 2932 PptpMiniport - ok
09:32:16.0577 2932 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:32:16.0592 2932 Processor - ok
09:32:16.0624 2932 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:32:16.0624 2932 ProfSvc - ok
09:32:16.0639 2932 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:32:16.0639 2932 ProtectedStorage - ok
09:32:16.0670 2932 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:32:16.0670 2932 Psched - ok
09:32:16.0733 2932 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:32:16.0780 2932 ql2300 - ok
09:32:16.0795 2932 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:32:16.0795 2932 ql40xx - ok
09:32:16.0811 2932 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:32:16.0826 2932 QWAVE - ok
09:32:16.0842 2932 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:32:16.0842 2932 QWAVEdrv - ok
09:32:16.0858 2932 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:32:16.0858 2932 RasAcd - ok
09:32:16.0904 2932 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:32:16.0904 2932 RasAgileVpn - ok
09:32:16.0920 2932 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:32:16.0920 2932 RasAuto - ok
09:32:16.0951 2932 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:32:16.0951 2932 Rasl2tp - ok
09:32:17.0014 2932 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:32:17.0014 2932 RasMan - ok
09:32:17.0045 2932 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:32:17.0045 2932 RasPppoe - ok
09:32:17.0060 2932 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:32:17.0060 2932 RasSstp - ok
09:32:17.0092 2932 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:32:17.0107 2932 rdbss - ok
09:32:17.0107 2932 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:32:17.0107 2932 rdpbus - ok
09:32:17.0138 2932 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:32:17.0138 2932 RDPCDD - ok
09:32:17.0170 2932 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:32:17.0170 2932 RDPENCDD - ok
09:32:17.0185 2932 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:32:17.0185 2932 RDPREFMP - ok
09:32:17.0216 2932 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:32:17.0216 2932 RDPWD - ok
09:32:17.0248 2932 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:32:17.0248 2932 rdyboost - ok
09:32:17.0310 2932 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:32:17.0310 2932 RemoteAccess - ok
09:32:17.0357 2932 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:32:17.0357 2932 RemoteRegistry - ok
09:32:17.0372 2932 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:32:17.0388 2932 RpcEptMapper - ok
09:32:17.0404 2932 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:32:17.0404 2932 RpcLocator - ok
09:32:17.0513 2932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:32:17.0528 2932 RpcSs - ok
09:32:17.0638 2932 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:32:17.0653 2932 rspndr - ok
09:32:17.0669 2932 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:32:17.0669 2932 SamSs - ok
09:32:17.0700 2932 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:32:17.0700 2932 sbp2port - ok
09:32:17.0731 2932 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:32:17.0731 2932 SCardSvr - ok
09:32:17.0762 2932 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:32:17.0762 2932 scfilter - ok
09:32:17.0809 2932 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:32:17.0840 2932 Schedule - ok
09:32:17.0872 2932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:32:17.0872 2932 SCPolicySvc - ok
09:32:17.0918 2932 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:32:17.0918 2932 SDRSVC - ok
09:32:17.0950 2932 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:32:17.0950 2932 secdrv - ok
09:32:17.0965 2932 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:32:17.0965 2932 seclogon - ok
09:32:18.0012 2932 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:32:18.0012 2932 SENS - ok
09:32:18.0028 2932 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:32:18.0028 2932 SensrSvc - ok
09:32:18.0043 2932 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:32:18.0043 2932 Serenum - ok
09:32:18.0074 2932 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:32:18.0074 2932 Serial - ok
09:32:18.0106 2932 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:32:18.0121 2932 sermouse - ok
09:32:18.0152 2932 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:32:18.0152 2932 SessionEnv - ok
09:32:18.0184 2932 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:32:18.0184 2932 sffdisk - ok
09:32:18.0199 2932 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:32:18.0215 2932 sffp_mmc - ok
09:32:18.0230 2932 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:32:18.0230 2932 sffp_sd - ok
09:32:18.0262 2932 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:32:18.0262 2932 sfloppy - ok
09:32:18.0324 2932 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:32:18.0355 2932 ShellHWDetection - ok
09:32:18.0402 2932 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
09:32:18.0402 2932 SiSGbeLH - ok
09:32:18.0433 2932 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:32:18.0433 2932 SiSRaid2 - ok
09:32:18.0464 2932 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:32:18.0464 2932 SiSRaid4 - ok
09:32:18.0542 2932 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:32:18.0542 2932 SkypeUpdate - ok
09:32:18.0574 2932 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:32:18.0589 2932 Smb - ok
09:32:18.0636 2932 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:32:18.0636 2932 SNMPTRAP - ok
09:32:18.0730 2932 [ F06A6DE8438F7446BFF9E61F31356521 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
09:32:18.0761 2932 SNP2UVC - ok
09:32:18.0792 2932 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:32:18.0792 2932 spldr - ok
09:32:18.0823 2932 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:32:18.0839 2932 Spooler - ok
09:32:18.0932 2932 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:32:19.0026 2932 sppsvc - ok
09:32:19.0042 2932 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:32:19.0042 2932 sppuinotify - ok
09:32:19.0088 2932 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:32:19.0088 2932 srv - ok
09:32:19.0104 2932 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:32:19.0120 2932 srv2 - ok
09:32:19.0135 2932 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:32:19.0135 2932 srvnet - ok
09:32:19.0151 2932 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:32:19.0151 2932 SSDPSRV - ok
09:32:19.0166 2932 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:32:19.0166 2932 SstpSvc - ok
09:32:19.0276 2932 [ 94A6522AC9F3E05FD039AD105ADE96D0 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe
09:32:19.0276 2932 STacSV - ok
09:32:19.0307 2932 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:32:19.0307 2932 stexstor - ok
09:32:19.0338 2932 [ DDB811B13D827081E7C1DDFF302AB334 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
09:32:19.0354 2932 STHDA - ok
09:32:19.0385 2932 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
09:32:19.0385 2932 StillCam - ok
09:32:19.0463 2932 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:32:19.0510 2932 stisvc - ok
09:32:19.0525 2932 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:32:19.0525 2932 swenum - ok
09:32:19.0619 2932 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:32:19.0650 2932 swprv - ok
09:32:19.0775 2932 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:32:19.0837 2932 SysMain - ok
09:32:19.0853 2932 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:32:19.0868 2932 TabletInputService - ok
09:32:19.0915 2932 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:32:19.0931 2932 TapiSrv - ok
09:32:19.0962 2932 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:32:19.0962 2932 TBS - ok
09:32:20.0102 2932 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:32:20.0149 2932 Tcpip - ok
09:32:20.0212 2932 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:32:20.0227 2932 TCPIP6 - ok
09:32:20.0274 2932 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:32:20.0274 2932 tcpipreg - ok
09:32:20.0305 2932 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:32:20.0305 2932 TDPIPE - ok
09:32:20.0336 2932 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:32:20.0336 2932 TDTCP - ok
09:32:20.0352 2932 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:32:20.0368 2932 tdx - ok
09:32:20.0383 2932 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:32:20.0383 2932 TermDD - ok
09:32:20.0414 2932 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:32:20.0430 2932 TermService - ok
09:32:20.0477 2932 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:32:20.0477 2932 Themes - ok
09:32:20.0492 2932 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:32:20.0492 2932 THREADORDER - ok
09:32:20.0524 2932 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:32:20.0539 2932 TrkWks - ok
09:32:20.0586 2932 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:32:20.0586 2932 TrustedInstaller - ok
09:32:20.0617 2932 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:32:20.0617 2932 tssecsrv - ok
09:32:20.0648 2932 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:32:20.0648 2932 TsUsbFlt - ok
09:32:20.0695 2932 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:32:20.0695 2932 tunnel - ok
09:32:20.0726 2932 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
09:32:20.0726 2932 TurboB - ok
09:32:20.0773 2932 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
09:32:20.0773 2932 TurboBoost - ok
09:32:20.0804 2932 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:32:20.0804 2932 uagp35 - ok
09:32:20.0851 2932 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:32:20.0851 2932 udfs - ok
09:32:20.0976 2932 [ 2E071263A409931F8AFF3A6A656E920C ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
09:32:20.0976 2932 UI Assistant Service - ok
09:32:21.0007 2932 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:32:21.0023 2932 UI0Detect - ok
09:32:21.0038 2932 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:32:21.0038 2932 uliagpkx - ok
09:32:21.0070 2932 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:32:21.0070 2932 umbus - ok
09:32:21.0101 2932 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:32:21.0101 2932 UmPass - ok
09:32:21.0194 2932 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:32:21.0257 2932 UNS - ok
09:32:21.0272 2932 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:32:21.0288 2932 upnphost - ok
09:32:21.0335 2932 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:32:21.0335 2932 usbccgp - ok
09:32:21.0366 2932 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:32:21.0366 2932 usbcir - ok
09:32:21.0382 2932 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:32:21.0397 2932 usbehci - ok
09:32:21.0428 2932 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:32:21.0428 2932 usbhub - ok
09:32:21.0444 2932 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:32:21.0444 2932 usbohci - ok
09:32:21.0491 2932 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:32:21.0491 2932 usbprint - ok
09:32:21.0522 2932 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:32:21.0522 2932 usbscan - ok
09:32:21.0538 2932 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:32:21.0538 2932 USBSTOR - ok
09:32:21.0569 2932 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:32:21.0569 2932 usbuhci - ok
09:32:21.0616 2932 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:32:21.0616 2932 usbvideo - ok
09:32:21.0647 2932 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:32:21.0647 2932 UxSms - ok
09:32:21.0662 2932 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:32:21.0662 2932 VaultSvc - ok
09:32:21.0678 2932 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:32:21.0678 2932 vdrvroot - ok
09:32:21.0709 2932 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:32:21.0725 2932 vds - ok
09:32:21.0756 2932 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:32:21.0756 2932 vga - ok
09:32:21.0787 2932 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:32:21.0787 2932 VgaSave - ok
09:32:21.0803 2932 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:32:21.0818 2932 vhdmp - ok
09:32:21.0850 2932 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:32:21.0850 2932 viaide - ok
09:32:21.0881 2932 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:32:21.0881 2932 volmgr - ok
09:32:21.0912 2932 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:32:21.0912 2932 volmgrx - ok
09:32:21.0943 2932 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:32:21.0943 2932 volsnap - ok
09:32:21.0959 2932 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:32:21.0959 2932 vsmraid - ok
09:32:22.0052 2932 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:32:22.0099 2932 VSS - ok
09:32:22.0115 2932 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:32:22.0115 2932 vwifibus - ok
09:32:22.0130 2932 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:32:22.0130 2932 vwififlt - ok
09:32:22.0162 2932 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:32:22.0162 2932 vwifimp - ok
09:32:22.0240 2932 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:32:22.0255 2932 W32Time - ok
09:32:22.0302 2932 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:32:22.0302 2932 WacomPen - ok
09:32:22.0333 2932 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:32:22.0333 2932 WANARP - ok
09:32:22.0349 2932 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:32:22.0349 2932 Wanarpv6 - ok
09:32:22.0427 2932 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:32:22.0458 2932 WatAdminSvc - ok
09:32:22.0505 2932 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:32:22.0552 2932 wbengine - ok
09:32:22.0583 2932 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:32:22.0583 2932 WbioSrvc - ok
09:32:22.0630 2932 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:32:22.0630 2932 wcncsvc - ok
09:32:22.0645 2932 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:32:22.0645 2932 WcsPlugInService - ok
09:32:22.0676 2932 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:32:22.0676 2932 Wd - ok
09:32:22.0708 2932 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:32:22.0723 2932 Wdf01000 - ok
09:32:22.0754 2932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:32:22.0754 2932 WdiServiceHost - ok
09:32:22.0754 2932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:32:22.0754 2932 WdiSystemHost - ok
09:32:22.0786 2932 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:32:22.0786 2932 WebClient - ok
09:32:22.0817 2932 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:32:22.0817 2932 Wecsvc - ok
09:32:22.0832 2932 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:32:22.0832 2932 wercplsupport - ok
09:32:22.0864 2932 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:32:22.0864 2932 WerSvc - ok
09:32:22.0895 2932 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:32:22.0895 2932 WfpLwf - ok
09:32:22.0926 2932 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
09:32:22.0926 2932 WimFltr - ok
09:32:22.0942 2932 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:32:22.0957 2932 WIMMount - ok
09:32:22.0957 2932 WinHttpAutoProxySvc - ok
09:32:23.0035 2932 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:32:23.0035 2932 Winmgmt - ok
09:32:23.0129 2932 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:32:23.0191 2932 WinRM - ok
09:32:23.0269 2932 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:32:23.0269 2932 WinUsb - ok
09:32:23.0300 2932 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:32:23.0316 2932 Wlansvc - ok
09:32:23.0363 2932 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:32:23.0363 2932 WmiAcpi - ok
09:32:23.0441 2932 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:32:23.0441 2932 wmiApSrv - ok
09:32:23.0472 2932 WMPNetworkSvc - ok
09:32:23.0488 2932 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:32:23.0488 2932 WPCSvc - ok
09:32:23.0519 2932 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:32:23.0519 2932 WPDBusEnum - ok
09:32:23.0550 2932 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:32:23.0550 2932 ws2ifsl - ok
09:32:23.0550 2932 WSearch - ok
09:32:23.0566 2932 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:32:23.0581 2932 WudfPf - ok
09:32:23.0612 2932 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:32:23.0628 2932 WUDFRd - ok
09:32:23.0644 2932 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:32:23.0644 2932 wudfsvc - ok
09:32:23.0675 2932 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:32:23.0690 2932 WwanSvc - ok
09:32:23.0737 2932 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
09:32:23.0737 2932 ZTEusbmdm6k - ok
09:32:23.0768 2932 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
09:32:23.0768 2932 ZTEusbnmea - ok
09:32:23.0800 2932 [ 3762B4C538B9D710F85042849C20319F ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
09:32:23.0800 2932 ZTEusbser6k - ok
09:32:23.0862 2932 [ 74983ADDCA2D9618512C088D856D6615 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
09:32:23.0878 2932 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
09:32:23.0893 2932 ================ Scan global ===============================
09:32:23.0924 2932 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:32:23.0956 2932 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:32:23.0971 2932 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:32:23.0987 2932 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:32:24.0034 2932 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
09:32:24.0049 2932 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
09:32:24.0049 2932 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
09:32:24.0049 2932 ================ Scan MBR ==================================
09:32:24.0065 2932 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:32:24.0502 2932 \Device\Harddisk0\DR0 - ok
09:32:24.0502 2932 ================ Scan VBR ==================================
09:32:24.0533 2932 [ 2CE15AE69BD2EA14D1E16594C9F40589 ] \Device\Harddisk0\DR0\Partition1
09:32:24.0533 2932 \Device\Harddisk0\DR0\Partition1 - ok
09:32:24.0548 2932 [ 5BA4E991FFDBB372F353561123237AA1 ] \Device\Harddisk0\DR0\Partition2
09:32:24.0564 2932 \Device\Harddisk0\DR0\Partition2 - ok
09:32:24.0564 2932 ============================================================
09:32:24.0564 2932 Scan finished
09:32:24.0564 2932 ============================================================
09:32:24.0580 3064 Detected object count: 1
09:32:24.0580 3064 Actual detected object count: 1
09:32:42.0800 3064 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
09:32:42.0800 3064 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
|
|
24.10.2012, 12:42
| #8 | |
| /// Malwareteam | ATRAPS.gen2 von AVIRA gemeldet Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
24.10.2012, 14:46
| #9 |
| | ATRAPS.gen2 von AVIRA gemeldet Also falls das ganze jetzt erledigt sein sollte bedanke ich mich schon tausend mal....allerdings gkaub ich noch nich ganz dran Hier die Combofix logfile: Code:
ATTFilter ComboFix 12-10-24.01 - Andreas Tickert 24.10.2012 15:27:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3949.2366 [GMT 2:00]
ausgeführt von:: c:\users\Andreas Tickert\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L\00000004.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L\201d3dde
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000004.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\00000008.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\000000cb.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000000.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000032.@
c:\windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U\80000064.@
c:\windows\isRS-000.tmp
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\32788r22fwjfw\HarddiskVolumeShadowCopy5_!Windows!System32!services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-24 bis 2012-10-24 ))))))))))))))))))))))))))))))
.
.
2012-10-24 07:21 . 2012-10-24 07:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-23 10:29 . 2012-10-23 10:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-23 05:22 . 2012-10-23 05:22 -------- d-----w- c:\program files (x86)\Red Sky
2012-10-22 15:03 . 2012-10-22 15:03 -------- d-----w- c:\windows\SysWow64\Adobe
2012-10-22 15:03 . 2004-08-17 00:40 16384 ----a-w- c:\windows\SysWow64\FileOps.exe
2012-10-22 14:58 . 2012-10-23 11:07 -------- d-----w- C:\Programme
2012-10-20 07:40 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 15:12 . 2002-03-08 06:03 179136 ----a-w- c:\windows\SysWow64\Tbdbf04.dll
2012-10-10 11:11 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 11:11 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 11:11 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-05 13:04 . 2012-10-05 13:04 -------- d-----w- c:\users\Andreas Tickert\AppData\Roaming\TuneUp Software
2012-10-05 13:04 . 2012-10-05 13:04 -------- d-----w- c:\programdata\TuneUp Software
2012-10-05 13:04 . 2012-10-05 13:04 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-10-05 13:04 . 2012-10-05 13:04 -------- d--h--w- c:\programdata\Common Files
2012-09-30 14:59 . 2012-09-30 14:59 -------- d-----w- c:\users\Andreas Tickert\.phet
2012-09-30 14:10 . 2012-09-30 14:15 -------- d-----w- c:\program files (x86)\Chemie_Aber_Sicher
2012-09-30 13:56 . 2012-09-30 13:56 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-09-30 13:56 . 1999-11-12 03:11 183808 ----a-w- c:\windows\SysWow64\BDEADMIN.CPL
2012-09-30 13:56 . 1999-01-20 03:01 210032 ----a-w- c:\windows\SysWow64\DBCLIENT.DLL
2012-09-30 13:56 . 2012-09-30 13:56 -------- d-----w- c:\program files (x86)\Chisela 5
2012-09-30 13:56 . 2001-12-14 09:25 423936 ----a-w- c:\windows\SysWow64\db2kr_de.DLL
2012-09-30 13:56 . 2001-06-14 20:03 4120608 ----a-w- c:\windows\SysWow64\db2kRUN.EXE
2012-09-30 13:56 . 1999-10-31 16:41 229376 ----a-w- c:\windows\SysWow64\Resource.DLL
2012-09-29 10:43 . 2012-09-29 10:43 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-29 10:43 . 2012-09-29 10:43 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-29 10:43 . 2012-09-29 10:43 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-29 10:43 . 2012-09-29 10:43 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-29 10:43 . 2012-09-29 10:43 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-29 10:43 . 2012-09-29 10:43 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-29 10:43 . 2012-09-29 10:43 131072 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-29 10:43 . 2012-09-29 10:43 -------- d-----w- c:\program files (x86)\QuickTime
2012-09-29 10:43 . 2012-09-29 10:43 -------- d-----w- c:\programdata\Apple Computer
2012-09-29 10:42 . 2012-09-29 10:42 -------- d-----w- c:\users\Andreas Tickert\AppData\Local\Apple
2012-09-29 10:42 . 2012-09-29 10:42 -------- d-----w- c:\programdata\Apple
2012-09-29 10:42 . 2012-09-29 10:42 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-09-29 10:41 . 2012-09-29 10:52 -------- d-----w- c:\users\Andreas Tickert\AppData\Roaming\Klett
2012-09-29 10:40 . 2012-09-29 10:40 -------- d-----w- c:\program files (x86)\Klett
2012-09-29 10:40 . 2012-09-29 10:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-29 10:40 . 2012-09-29 10:39 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-27 05:16 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:13 . 2010-12-16 14:55 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 16:33 . 2012-04-02 06:34 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 16:33 . 2011-05-16 07:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2012-01-16 17:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 10:39 . 2010-12-15 17:29 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 11:15 . 2012-09-22 06:43 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 06:43 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 06:43 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 06:43 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 06:43 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 06:43 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 06:43 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 06:43 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 06:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 06:43 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 06:43 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 06:43 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 06:43 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 06:43 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 06:43 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 06:43 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 06:43 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 06:43 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 06:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 06:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 08:33 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 08:33 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 08:33 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 08:33 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 11:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 08:33 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 08:33 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2003-03-21 12:45 . 2012-02-14 18:33 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2012-07-02 3931136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-02-24 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-20 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2012-04-27 1073744]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2012-04-27 884816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"UIExec"="c:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2011-08-25 153424]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2007-06-29 286720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-9-20 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-11-11 6104576]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 11776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-06 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/09/19 23:23];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-02-24 18:14 146928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2011-08-25 270672]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 16:33]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 06:33]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-20 06:33]
.
2012-10-24 c:\windows\Tasks\MT66 Software Update.job
- c:\program files (x86)\Common Files\MT66 Software Update\UpdateClient.exe [2011-01-21 17:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-27 487424]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"EPSON Stylus DX3800 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE" [2005-02-08 98304]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - ExtSQL: 2012-09-12 18:49; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; c:\users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - ExtSQL: 2012-10-05 15:03; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe
AddRemove-WEKA Chemie unterrichten 4.0 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-24 15:41:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-24 13:41
.
Vor Suchlauf: 17 Verzeichnis(se), 47.495.720.960 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 49.530.044.416 Bytes frei
.
- - End Of File - - 551C626308D6D378F4B6C71F0B19F151
|
|
24.10.2012, 14:49
| #10 |
| /// Malwareteam | ATRAPS.gen2 von AVIRA gemeldet Scan mit adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
24.10.2012, 15:15
| #11 |
| | ATRAPS.gen2 von AVIRA gemeldet ADWCLeaner: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 24/10/2012 um 16:15:01 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Andreas Tickert - TICKERT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andreas Tickert\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
Datei Gefunden : C:\Users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\searchplugins\SweetIm.xml
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Ordner Gefunden : C:\Program Files (x86)\Iminent
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\Iminent
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Andreas Tickert\AppData\Local\Linkury
Ordner Gefunden : C:\Users\Andreas Tickert\AppData\Roaming\Iminent
Ordner Gefunden : C:\Users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gefunden : C:\Users\Andreas Tickert\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Andreas Tickert\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\DealPly
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\DealPly
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7CF0E9A-D48B-4942-9537-259ED0568DF4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-3844998663-1645465265-2987210626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-3844998663-1645465265-2987210626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-3844998663-1645465265-2987210626-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Andreas Tickert\AppData\Roaming\Mozilla\Firefox\Profiles\wkarz4j6.default\prefs.js
Gefunden : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
*************************
AdwCleaner[R1].txt - [28908 octets] - [24/10/2012 16:15:01]
########## EOF - C:\AdwCleaner[R1].txt - [28969 octets] ##########
|
|
24.10.2012, 15:17
| #12 |
| /// Malwareteam | ATRAPS.gen2 von AVIRA gemeldet Schritt 1: Fix mit adwCleaner
Schritt 2: Neues OTL-Log
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
24.10.2012, 16:55
| #13 |
| | ATRAPS.gen2 von AVIRA gemeldet OTL Datei: Code:
ATTFilter OTL logfile created on: 24.10.2012 17:21:19 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas Tickert\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,23% Memory free 7,71 Gb Paging File | 5,40 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 45,89 Gb Free Space | 39,41% Space Free | Partition Type: NTFS Drive D: | 329,79 Gb Total Space | 236,28 Gb Free Space | 71,65% Space Free | Partition Type: NTFS Computer Name: TICKERT | User Name: Andreas Tickert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andreas Tickert\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) PRC - C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () PRC - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () PRC - C:\Windows\SysWOW64\prevhost.exe (Microsoft Corporation) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\viewerps.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b37cc0aa41e7feaba9f290da4da91d71\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Services (SafeList) ========== SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe (IDT, Inc.) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 14:23:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.23 07:43:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 14:23:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.23 07:43:19 | 000,000,000 | ---D | M] [2012.08.05 21:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Extensions [2012.10.23 09:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions [2012.10.05 15:03:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.12 18:49:12 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.09.12 18:39:52 | 000,003,915 | ---- | M] () -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\firefox\profiles\wkarz4j6.default\searchplugins\sweetim.xml [2012.10.13 14:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.13 14:23:11 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2012.10.13 14:23:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.13 14:23:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.08.31 11:51:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 11:51:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.31 11:51:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.31 11:51:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.31 11:51:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.31 11:51:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas Tickert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Andreas Tickert\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Andreas Tickert\Desktop\PartyPoker.lnk File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{266B6562-B205-4206-BD0C-CC0327319233}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.24 15:41:16 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.24 15:36:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.24 15:25:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.24 15:25:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.24 15:25:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.24 15:12:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.24 15:12:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.24 15:10:43 | 004,988,277 | R--- | C] (Swearware) -- C:\Users\Andreas Tickert\Desktop\ComboFix.exe [2012.10.24 09:21:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.10.23 16:26:38 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andreas Tickert\Desktop\tdsskiller.exe [2012.10.23 12:29:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.10.23 12:28:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Andreas Tickert\Desktop\aswMBR.exe [2012.10.23 12:26:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas Tickert\Desktop\OTL.exe [2012.10.23 07:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky [2012.10.22 17:10:44 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\Documents\Updater [2012.10.22 17:03:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2012.10.22 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2012.10.22 16:58:45 | 000,000,000 | ---D | C] -- C:\Programme [2012.10.20 09:40:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.10.20 09:40:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.10.20 09:40:57 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.10.16 17:12:31 | 000,179,136 | ---- | C] (Q+E Software, Inc.) -- C:\Windows\SysWow64\Tbdbf04.dll [2012.10.13 14:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.10 13:11:06 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 13:10:55 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 13:10:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 13:10:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 13:10:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 13:10:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 13:10:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 13:10:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 13:10:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 13:10:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 13:10:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 13:10:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 13:10:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 13:10:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 13:10:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 13:10:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 13:10:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 13:10:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 13:10:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 13:10:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 13:10:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 13:10:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 13:10:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 13:10:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 13:10:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 13:10:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 13:10:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 13:10:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 13:10:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 13:10:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 13:10:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 13:10:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 13:10:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 13:10:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 13:10:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 13:10:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 13:10:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 13:10:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 13:10:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 13:10:35 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 13:10:32 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 13:10:31 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 13:10:03 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 13:10:02 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.05 15:04:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Roaming\TuneUp Software [2012.10.05 15:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.10.05 15:04:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.10.05 15:04:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.09.30 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\.phet [2012.09.30 16:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chemie - Aber Sicher [2012.09.30 16:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chemie_Aber_Sicher [2012.09.30 15:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared [2012.09.30 15:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chisela 5 [2012.09.30 15:56:24 | 000,229,376 | ---- | C] (dBASE Inc.) -- C:\Windows\SysWow64\Resource.DLL [2012.09.30 15:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chisela 5 [2012.09.29 12:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.09.29 12:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.09.29 12:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.09.29 12:42:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Local\Apple [2012.09.29 12:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.09.29 12:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.09.29 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\Andreas Tickert\AppData\Roaming\Klett [2012.09.29 12:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klett [2012.09.29 12:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Klett [2012.09.29 12:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.29 12:40:04 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.09.27 07:16:25 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.02.14 20:33:16 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx ========== Files - Modified Within 30 Days ========== [2012.10.24 17:19:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.24 17:18:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.24 17:18:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.24 16:14:21 | 000,538,941 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\adwcleaner.exe [2012.10.24 15:50:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.24 15:50:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.24 15:42:42 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.24 15:42:27 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys [2012.10.24 15:19:34 | 000,001,368 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.10.24 15:10:55 | 004,988,277 | R--- | M] (Swearware) -- C:\Users\Andreas Tickert\Desktop\ComboFix.exe [2012.10.24 09:19:28 | 000,458,063 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\ATRAPS.gen2 von AVIRA gemeldet - Trojaner-Board.pdf [2012.10.24 06:58:45 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job [2012.10.23 16:26:40 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andreas Tickert\Desktop\tdsskiller.exe [2012.10.23 15:56:24 | 000,000,512 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\MBR.dat [2012.10.23 13:05:05 | 000,409,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.23 13:04:51 | 594,801,137 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.23 12:28:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Andreas Tickert\Desktop\aswMBR.exe [2012.10.23 12:26:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Tickert\Desktop\OTL.exe [2012.10.23 12:26:28 | 000,000,000 | ---- | M] () -- C:\Users\Andreas Tickert\defogger_reenable [2012.10.23 08:43:10 | 000,050,477 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\Defogger.exe [2012.10.23 07:22:18 | 000,000,014 | ---- | M] () -- C:\end [2012.10.22 19:38:27 | 000,002,326 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.10.21 12:10:20 | 000,000,584 | ---- | M] () -- C:\Users\Andreas Tickert\Documents\grstyles.stl [2012.10.17 18:59:19 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.17 18:59:19 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.17 18:59:19 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.17 18:59:19 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.17 18:59:19 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.09 18:33:28 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 18:33:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.29 12:50:30 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 2.lnk [2012.09.29 12:43:21 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.09.29 12:41:11 | 000,002,701 | ---- | M] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 1.lnk [2012.09.29 12:39:30 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.09.29 12:39:30 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.09.27 13:18:54 | 001,319,805 | ---- | M] () -- C:\Users\Andreas Tickert\Desktop\DSCF8611.JPG [2012.09.24 23:16:33 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe ========== Files Created - No Company Name ========== [2012.10.24 16:14:20 | 000,538,941 | ---- | C] () -- C:\Users\Andreas Tickert\Desktop\adwcleaner.exe [2012.10.24 15:25:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.24 15:25:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.24 15:25:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.24 15:25:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.24 15:25:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.24 09:19:26 | 000,458,063 | ---- | C] () -- C:\Users\Andreas Tickert\Desktop\ATRAPS.gen2 von AVIRA gemeldet - Trojaner-Board.pdf [2012.10.23 15:56:24 | 000,000,512 | ---- | C] () -- C:\Users\Andreas Tickert\Desktop\MBR.dat [2012.10.23 12:26:28 | 000,000,000 | ---- | C] () -- C:\Users\Andreas Tickert\defogger_reenable [2012.10.23 08:43:09 | 000,050,477 | ---- | C] () -- C:\Users\Andreas Tickert\Desktop\Defogger.exe [2012.10.23 07:22:01 | 000,000,014 | ---- | C] () -- C:\end [2012.10.22 17:03:59 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2012.10.16 17:12:32 | 000,000,440 | ---- | C] () -- C:\Windows\SysWow64\Qeasymtx.lic [2012.09.30 15:56:34 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL [2012.09.30 15:56:34 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\BDEADMIN.CPL [2012.09.30 15:56:24 | 004,120,608 | ---- | C] () -- C:\Windows\SysWow64\db2kRUN.EXE [2012.09.30 15:56:24 | 000,423,936 | ---- | C] () -- C:\Windows\SysWow64\db2kr_de.DLL [2012.09.29 12:50:30 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 2.lnk [2012.09.29 12:43:21 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.09.29 12:42:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.09.29 12:41:11 | 000,002,701 | ---- | C] () -- C:\Users\Public\Desktop\Elemente Chemie Multimedial 1.lnk [2012.04.15 11:07:55 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2012.03.21 22:57:02 | 000,002,054 | ---- | C] () -- C:\Users\Andreas Tickert\.powerupdate.user.properties [2012.03.11 17:47:43 | 000,000,066 | ---- | C] () -- C:\Windows\SHISETUP.SYS [2012.02.13 14:24:54 | 000,293,712 | ---- | C] () -- C:\Windows\SysWow64\Tbsql03.dll [2012.02.13 14:24:54 | 000,246,368 | ---- | C] () -- C:\Windows\SysWow64\Tbqry03.dll [2012.02.13 14:24:54 | 000,145,696 | ---- | C] () -- C:\Windows\SysWow64\Tblib.dll [2012.02.13 14:24:54 | 000,090,688 | ---- | C] () -- C:\Windows\SysWow64\Tbutl03.dll [2012.02.13 14:24:54 | 000,014,512 | ---- | C] () -- C:\Windows\SysWow64\Tbgui03.dll [2012.02.13 14:24:54 | 000,005,488 | ---- | C] () -- C:\Windows\SysWow64\Tbmds03.dll [2011.01.06 12:02:16 | 000,003,584 | ---- | C] () -- C:\Users\Andreas Tickert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.26 20:35:00 | 000,000,360 | ---- | C] () -- C:\Users\Andreas Tickert\AppData\Roaming\burnaware.ini [2010.12.26 20:29:25 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat [2010.12.09 11:43:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2012.10.24 15:18:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L [2012.10.24 15:18:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Und der Extra txt.: Code:
ATTFilter OTL Extras logfile created on: 24.10.2012 17:21:19 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas Tickert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,23% Memory free
7,71 Gb Paging File | 5,40 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 45,89 Gb Free Space | 39,41% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 236,28 Gb Free Space | 71,65% Space Free | Partition Type: NTFS
Computer Name: TICKERT | User Name: Andreas Tickert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA6794A2-C276-4069-92C5-FC4FC0051E21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F32168E1-487C-4564-BD01-D57FE521574E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{8E873A0F-CE17-416C-BDDD-FD3648764D71}C:\program files (x86)\iminent\iminent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"TCP Query User{99807D84-B22B-4816-A638-BDC78F0FDC0C}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"UDP Query User{247D31BC-59C6-4988-9E01-6AF4E62817F3}C:\program files (x86)\iminent\iminent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"UDP Query User{CE4D47F9-E556-4E4B-8398-7D9DB9C58EA7}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46FE2A95-DD8A-9F52-DD44-6C22D715493D}" = ATI Catalyst Install Manager
"{485867C4-605B-30FD-397E-CDBA21690855}" = ccc-utility64
"{83A33E54-147D-2D1A-75EB-DE27584DD3E2}" = WMV9/VC-1 Video Playback
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASUS USB2.0 UVC VGA WebCam" = ASUS USB2.0 UVC VGA WebCam
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PanoramaStudio2" = PanoramaStudio 2.2 ((deinstallieren))
"PDF-XChange 3_is1" = PDF-XChange 3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A64BFD0-0511-4C67-A3BF-D4C0C1055255}_is1" = Chemie_Aber_Sicher Version 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A505EBCB-C827-433F-B5A1-D242F20A4B23}" = Elemente Chemie Multimedial 1
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB91071A-F029-4B98-B6EE-EBA3AB14D530}" = Elemente Chemie Multimedial 2
"{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE
"{BC664850-5586-CF15-F9E1-97C7429E1D4F}" = Catalyst Control Center InstallProxy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2739D43-F30E-4294-87C1-0F814CCEB9E9}" = Catalyst Control Center InstallProxy
"{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1" = MT66 Software Update
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"7-Zip" = 7-Zip 9.20
"888poker" = 888poker
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Chisela 5_is1" = Chisela 5.2.2
"DealPly" = DealPly
"Diablo III" = Diablo III
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 3.1.25.423
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.1004
"Google Chrome" = Google Chrome
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IMBoosterARP" = Iminent
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PartyPoker" = PartyPoker
"PDF Blender" = PDF Blender
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PROPLUS" = Microsoft Office Professional Plus 2007
"Rainlendar2" = Rainlendar2 (remove only)
"RB-DATA Notentabelle für Excel_is1" = RB-DATA Notentabelle für Excel
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"StarCraft II" = StarCraft II
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.2
"WEKA Chemie unterrichten 4.0" = WEKA Chemie unterrichten 4.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.10.2012 09:02:13 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dcc9f1 ID des fehlerhaften
Prozesses: 0x1530 Startzeit der fehlerhaften Anwendung: 0x01cdb1e7c935b266 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 06e49ea7-1ddb-11e2-b1b3-20cf3062b3b1
Error - 24.10.2012 09:03:13 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dcc9f1 ID des fehlerhaften
Prozesses: 0x1738 Startzeit der fehlerhaften Anwendung: 0x01cdb1e7ed106c87 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 2ac1ba28-1ddb-11e2-b1b3-20cf3062b3b1
Error - 24.10.2012 09:04:13 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dcc9f1 ID des fehlerhaften
Prozesses: 0x11ac Startzeit der fehlerhaften Anwendung: 0x01cdb1e810f70d89 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 4ea5f9c9-1ddb-11e2-b1b3-20cf3062b3b1
Error - 24.10.2012 09:05:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dcc9f1 ID des fehlerhaften
Prozesses: 0x1654 Startzeit der fehlerhaften Anwendung: 0x01cdb1e834d1c7a9 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 7283154a-1ddb-11e2-b1b3-20cf3062b3b1
Error - 24.10.2012 09:06:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dcc9f1 ID des fehlerhaften
Prozesses: 0x1738 Startzeit der fehlerhaften Anwendung: 0x01cdb1e858b1448b Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 966030cb-1ddb-11e2-b1b3-20cf3062b3b1
Error - 24.10.2012 09:07:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dcc9f1 ID des fehlerhaften
Prozesses: 0x7ac Startzeit der fehlerhaften Anwendung: 0x01cdb1e87c8bfeab Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: ba3d4c4c-1ddb-11e2-b1b3-20cf3062b3b1
Error - 24.10.2012 09:08:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dcc9f1 ID des fehlerhaften
Prozesses: 0x1670 Startzeit der fehlerhaften Anwendung: 0x01cdb1e8a0696817 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: de185457-1ddb-11e2-b1b3-20cf3062b3b1
Error - 24.10.2012 09:09:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dcc9f1 ID des fehlerhaften
Prozesses: 0x42c Startzeit der fehlerhaften Anwendung: 0x01cdb1e8c4448f65 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 01f83e66-1ddc-11e2-b1b3-20cf3062b3b1
Error - 24.10.2012 09:10:14 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dcc9f1 ID des fehlerhaften
Prozesses: 0x13e0 Startzeit der fehlerhaften Anwendung: 0x01cdb1e8e8238f1c Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 25d27b5d-1ddc-11e2-b1b3-20cf3062b3b1
Error - 24.10.2012 09:11:15 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dcc9f1 ID des fehlerhaften
Prozesses: 0x12a8 Startzeit der fehlerhaften Anwendung: 0x01cdb1e90c050039 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 49b64dda-1ddc-11e2-b1b3-20cf3062b3b1
Error - 24.10.2012 09:13:36 | Computer Name = Tickert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74dcc9f1 ID des fehlerhaften
Prozesses: 0x1a30 Startzeit der fehlerhaften Anwendung: 0x01cdb1e95f3d7b75 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 9dad372c-1ddc-11e2-b1b3-20cf3062b3b1
[ Media Center Events ]
Error - 16.12.2011 04:21:33 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:21:33 - Fehler beim Herstellen der Internetverbindung. 09:21:33
- Serververbindung konnte nicht hergestellt werden..
Error - 16.12.2011 04:21:43 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:21:38 - Fehler beim Herstellen der Internetverbindung. 09:21:38
- Serververbindung konnte nicht hergestellt werden..
Error - 18.12.2011 14:05:50 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 19:05:50 - Fehler beim Herstellen der Internetverbindung. 19:05:50
- Serververbindung konnte nicht hergestellt werden..
Error - 18.12.2011 14:05:59 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 19:05:55 - Fehler beim Herstellen der Internetverbindung. 19:05:55
- Serververbindung konnte nicht hergestellt werden..
Error - 19.12.2011 04:25:52 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:25:52 - Fehler beim Herstellen der Internetverbindung. 09:25:52
- Serververbindung konnte nicht hergestellt werden..
Error - 19.12.2011 04:26:03 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:25:57 - Fehler beim Herstellen der Internetverbindung. 09:25:57
- Serververbindung konnte nicht hergestellt werden..
Error - 20.12.2011 04:01:32 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:01:32 - Fehler beim Herstellen der Internetverbindung. 09:01:32
- Serververbindung konnte nicht hergestellt werden..
Error - 20.12.2011 04:01:43 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:01:38 - Fehler beim Herstellen der Internetverbindung. 09:01:38
- Serververbindung konnte nicht hergestellt werden..
Error - 21.12.2011 04:39:11 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:39:11 - Fehler beim Herstellen der Internetverbindung. 09:39:11
- Serververbindung konnte nicht hergestellt werden..
Error - 21.12.2011 04:39:20 | Computer Name = Tickert | Source = MCUpdate | ID = 0
Description = 09:39:16 - Fehler beim Herstellen der Internetverbindung. 09:39:16
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 26.02.2012 08:43:30 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16050
seconds with 8220 seconds of active time. This session ended with a crash.
Error - 22.09.2012 15:01:59 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 31775
seconds with 5580 seconds of active time. This session ended with a crash.
Error - 05.10.2012 04:45:15 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3033
seconds with 2040 seconds of active time. This session ended with a crash.
Error - 07.10.2012 05:27:51 | Computer Name = Tickert | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8388
seconds with 3780 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 24.10.2012 09:18:19 | Computer Name = Tickert | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 24.10.2012 09:18:19 | Computer Name = Tickert | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 300000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 24.10.2012 09:18:19 | Computer Name = Tickert | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 2
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 24.10.2012 09:18:19 | Computer Name = Tickert | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 24.10.2012 09:19:30 | Computer Name = Tickert | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 24.10.2012 09:19:56 | Computer Name = Tickert | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 24.10.2012 09:21:07 | Computer Name = Tickert | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 24.10.2012 09:31:37 | Computer Name = Tickert | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 24.10.2012 09:33:53 | Computer Name = Tickert | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 24.10.2012 09:34:40 | Computer Name = Tickert | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
|
|
26.10.2012, 07:42
| #14 |
| /// Malwareteam | ATRAPS.gen2 von AVIRA gemeldet Schritt 1: Fix mit OTL
Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.27010003&st=12&q={searchTerms}&barid={3A829179-E8A3-4928-8657-800E54A28EC9}
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
[2012.09.12 18:49:12 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
:FILES
C:\Program Files (x86)\DealPly
C:\Program Files (x86)\SweetIM
C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}
:COMMANDS
[emptytemp]
[emptyjava]
[emptyflash]
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
27.10.2012, 12:43
| #15 |
| | ATRAPS.gen2 von AVIRA gemeldet OTL Datei: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.
C:\Users\Andreas Tickert\AppData\Roaming\mozilla\Firefox\Profiles\wkarz4j6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
Prefs.js: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\DealPly not found.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator folder moved successfully.
C:\Program Files (x86)\SweetIM folder moved successfully.
C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\U folder moved successfully.
C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a}\L folder moved successfully.
C:\Windows\Installer\{39db85ef-e026-3f6e-fdd8-f4efb856a95a} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Andreas Tickert
->Temp folder emptied: 218030 bytes
->Temporary Internet Files folder emptied: 638797880 bytes
->Java cache emptied: 2479135 bytes
->FireFox cache emptied: 75711469 bytes
->Flash cache emptied: 549 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57186 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 684,00 mb
[EMPTYJAVA]
User: All Users
User: Andreas Tickert
->Java cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Java Files Cleaned = 0,00 mb
[EMPTYFLASH]
User: All Users
User: Andreas Tickert
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10272012_132703
Files\Folders moved on Reboot...
C:\Users\Andreas Tickert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.27.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Andreas Tickert :: TICKERT [Administrator] 27.10.2012 13:43:55 mbam-log-2012-10-27 (13-43-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 208895 Laufzeit: 4 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu ATRAPS.gen2 von AVIRA gemeldet |
| anhang, atraps.gen, atraps.gen2, avira, gemeldet, infektion, logdatei, melde, meldet, stunde, virus.win64.zaccess.a |
Textbox.
Linear-Darstellung
