| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.10.2012, 20:01
| #1 |
 |  Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Hallo an alle, habe jetzt schon ein paar Threads gelesen und bin ganz überwältigt, dass ihr hier so tolle Hilfestellungen gebt! Deswegen habe ich mal Mut gefasst und möchte auch um Hilfe fragen. Bitte nicht schimpfen, ich habe mich viel zu spät drum gekümmert und hoffe, ich habe damit keinen noch größeren Schaden angerichtet! Avira findet schon seit längerer Zeit immer mal wieder folgende Viren/Trojaner: TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\{13c7707a-ec23-d71d-cb2d-80c6fc572304}\U\80000000.@ TR/Sirefef.16896 in C:\Windows\Installer\{13c7707a-ec23-d71d-cb2d-80c6fc572304}\U\800000cb.@ W32/Patched.UA in C:\Windows\System32\service.exe Erst vor ein paar Tagen ist mir aufgefallen, dass der Windows-Sicherheitscenter-Dienst deaktiviert ist und sich auch nicht wieder aktivieren lässt. Ich bin ein Fachidiot, habe aber trotzdem versucht, einem Ratschlag in einem Forum zu folgen: Ich habe Malwarebytes installiert und scannen lassen (ein Virus wurde dabei in Quarantäne geschickt, ich weiß nur nicht mehr, welcher), dann über Eingabeaufforderung gescannt (sfc/scannow). Nach dem Neustart ist dann Windows dann beim Hochgefahren hängengeblieben und ich habe das System wieder auf den Tag davor zurückgesetzt. Seitdem fährt Windows wieder einwandfrei hoch, die Viren sind natürlich zurück (falls sie je weg waren). Was wäre ich froh, mir könnte jemand helfen! Viele Grüße, Véronique OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 10/28/2012 6:56:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Véronique\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.85 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 60.49% Memory free
7.71 Gb Paging File | 5.58 Gb Available in Paging File | 72.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276.00 Gb Total Space | 216.26 Gb Free Space | 78.35% Space Free | Partition Type: NTFS
Drive D: | 169.66 Gb Total Space | 141.26 Gb Free Space | 83.26% Space Free | Partition Type: NTFS
Computer Name: VÉRONIQUE-PC | User Name: Véronique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/28 18:55:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Véronique\Downloads\OTL(1).exe
PRC - [2012/10/27 22:34:09 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/08 21:04:05 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/08/09 08:51:45 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 21:20:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 21:20:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/08 21:20:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/08 14:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/06/09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010/11/02 09:33:14 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\DC Software 2\DL10XP.exe
PRC - [2010/06/08 08:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 07:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/04/27 14:20:46 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2009/04/27 14:19:38 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/27 22:34:09 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/08 21:04:05 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/02 09:33:14 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\DC Software 2\DL10XP.exe
MOD - [2010/07/08 19:34:32 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\DC Software 2\ImgHdlr.dll
MOD - [2010/04/05 11:21:54 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\DC Software 2\zlib.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011/10/06 15:37:32 | 000,199,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/08/19 14:59:28 | 000,158,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/08/19 14:50:56 | 000,208,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/06/23 14:23:52 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/07 19:50:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2007/04/19 14:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2012/10/27 22:34:09 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/08 21:04:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/08 21:20:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 21:20:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/08 21:20:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2012/01/13 10:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
SRV - [2007/04/19 14:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/08 21:20:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 21:20:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/15 09:00:06 | 000,642,824 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/08/15 09:00:06 | 000,481,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/08/15 09:00:06 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/08/15 09:00:06 | 000,228,752 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/08/15 09:00:06 | 000,158,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/08/15 09:00:06 | 000,100,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/08/15 09:00:06 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/08/15 09:00:06 | 000,065,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/07 20:30:10 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/07 19:15:44 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/10 20:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/27 08:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/01 01:25:14 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/03/31 01:35:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/29 08:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/04/13 08:38:47 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {10B613B1-6C65-45A4-B795-4B3BD0D2F11D}
IE - HKCU\..\SearchScopes\{10B613B1-6C65-45A4-B795-4B3BD0D2F11D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/25 04:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/05/29 13:10:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/10/28 19:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 22:34:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 22:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/11 14:29:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 22:34:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 22:34:04 | 000,000,000 | ---D | M]
[2011/09/12 17:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Véronique\AppData\Roaming\mozilla\Extensions
[2012/10/23 09:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Véronique\AppData\Roaming\mozilla\Firefox\Profiles\j3l5ici3.default\extensions
[2012/10/27 22:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/27 22:34:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll
[2012/01/11 17:19:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/31 16:36:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/11 17:19:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/11 17:19:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/18 18:54:12 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/11 17:19:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/11 17:19:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111027222333.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111027222334.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Véronique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bing.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: google.com ([maps] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{418EB98E-D0E7-4B9F-9FA3-2907B3599E83}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/28 12:36:39 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{63211EA2-0F09-49C7-AB29-F3EA177736C1}
[2012/10/27 22:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/27 18:45:11 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{53C2040A-F19C-427C-B9C6-241D899BC4C6}
[2012/10/26 23:18:58 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{4D070F2B-6154-4D5D-A1B3-599A520D4B74}
[2012/10/26 11:18:23 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{0F40492B-2973-461A-BCAA-970E8EEA3B4B}
[2012/10/25 23:18:00 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{73B45042-AC39-48DE-9D19-A75EBF7A6FC7}
[2012/10/25 11:17:24 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{7AEE0112-5AF0-4265-B9FD-F9CBF5C93AA3}
[2012/10/25 07:27:55 | 000,176,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\Mpfp.sys
[2012/10/24 23:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/10/24 23:16:36 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{EBD89523-8069-44BF-98D0-A8DAE12720A4}
[2012/10/24 18:30:15 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{8AE99552-65AC-4FF0-86AD-AA96F65C30E1}
[2012/10/24 01:19:21 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{6A052A08-14DF-4696-B15D-F6C30320AD2E}
[2012/10/23 17:17:43 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Roaming\Malwarebytes
[2012/10/23 17:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/23 17:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/23 08:46:50 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{C7C17697-232C-467D-A944-DBFB1AD975E5}
[2012/10/22 08:50:56 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{C1BEB4FA-956E-4AF0-906E-ED54B5BD354A}
[2012/10/21 11:14:52 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{9A2B5E17-EA74-4A03-986B-8D2F97A88087}
[2012/10/20 23:14:28 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{50F9A1A4-21CE-42C0-A726-47FFF22D1394}
[2012/10/20 11:47:46 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\Diagnostics
[2012/10/20 11:13:52 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{EAC91AD5-FF77-4107-80D9-2E19750DE3F4}
[2012/10/19 23:13:16 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{7728DE5B-8A9D-4048-B752-66C91D6772B6}
[2012/10/19 11:04:35 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{5F4F4073-D00E-4727-A6E4-C4D0C4BC42EF}
[2012/10/18 21:48:02 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{B5808452-5E7D-4EC5-9A22-336EA034A815}
[2012/10/18 09:41:57 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{0D471907-BA69-40A3-B950-15FFDBE1C13F}
[2012/10/17 21:41:33 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{74B562CF-F8A0-4AB7-B847-6847AEEDBAC8}
[2012/10/17 09:40:55 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{3CFB99DC-2B20-4F47-B2F8-9DA9EF166197}
[2012/10/16 21:40:37 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{5500DB38-26BC-4F1A-A1B2-213D9E1F1705}
[2012/10/16 08:39:26 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{C99B3D49-0479-4607-B6F2-0C7B4748AEBF}
[2012/10/15 20:39:03 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{AA5A2663-65BB-409F-ABCC-E0E8E0783E0B}
[2012/10/14 21:05:04 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{BEF39337-D3AE-457D-BEF0-9E619DFEBE15}
[2012/10/14 09:04:32 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{C8733ED6-BFE4-407C-A340-F9C332AC6253}
[2012/10/13 08:29:44 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{AA2B6D06-80CA-484B-B12C-FB3DCE3C5F22}
[2012/10/12 08:30:57 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{775C0600-BEBF-43C3-AB5F-4C92EB50113F}
[2012/10/11 11:58:26 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{7789F058-23ED-4B20-B21C-D508CB300524}
[2012/10/10 23:58:03 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{4DAA770D-0911-45E0-A48B-C11984159DC3}
[2012/10/10 11:19:56 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{10EC53EE-1D7C-4F7E-ABBF-8C498C5D8FE1}
[2012/10/09 23:19:21 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{189B3F55-8996-4DCF-97D1-7A3819EB830C}
[2012/10/09 10:15:21 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{5002F85F-B2C8-4D41-A177-4D5FE5B2B885}
[2012/10/08 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{3B92B4F5-8F9B-4F12-BE95-ECEFC3994874}
[2012/10/08 08:33:39 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{DAD05573-BCB6-4601-B974-AF841CA935FD}
[2012/10/07 09:14:25 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{6F335D56-30B0-43EB-97A4-363570932479}
[2012/10/06 17:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/10/06 17:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/10/06 17:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/10/06 17:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/10/06 17:09:30 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{0B66DB80-9764-4B7C-8172-FEB973FD6DDB}
========== Files - Modified Within 30 Days ==========
[2012/10/28 18:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/28 18:52:31 | 000,000,000 | ---- | M] () -- C:\Users\Véronique\defogger_reenable
[2012/10/28 18:42:06 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/28 18:42:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 17:44:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/25 09:17:12 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 09:17:12 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 23:10:09 | 4137,852,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/24 12:21:40 | 000,002,058 | -H-- | M] () -- C:\Users\Véronique\Documents\Default.rdp
[2012/10/15 22:31:19 | 000,000,250 | ---- | M] () -- C:\Windows\Lexstat.ini
[2012/10/14 17:23:02 | 000,009,436 | ---- | M] () -- C:\Users\Véronique\Documents\easyct.ini
[2012/10/06 18:38:57 | 000,009,216 | ---- | M] () -- C:\Users\Véronique\Rechnung Nina.wps
========== Files Created - No Company Name ==========
[2012/10/28 18:52:31 | 000,000,000 | ---- | C] () -- C:\Users\Véronique\defogger_reenable
[2012/10/06 18:38:57 | 000,009,216 | ---- | C] () -- C:\Users\Véronique\Rechnung Nina.wps
[2012/10/06 17:37:56 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/06 17:37:55 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/28 23:53:39 | 000,019,810 | ---- | C] () -- C:\Users\Véronique\Fahrkostenabrechnung II.ods
[2012/08/28 18:15:37 | 000,013,578 | ---- | C] () -- C:\Users\Véronique\Gut gemacht.odt
[2012/03/13 15:36:46 | 000,020,047 | ---- | C] () -- C:\Users\Véronique\Angebot Kongresshotel Potsdam.odt
[2012/01/16 12:53:35 | 000,010,631 | ---- | C] () -- C:\Users\Véronique\KiA_II_elster_2048.pfx
[2011/12/16 01:24:17 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011/11/06 13:39:08 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\SUPPORT.INI
[2011/10/24 15:11:25 | 000,000,250 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011/10/24 11:36:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2011/10/24 11:36:33 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2011/10/24 11:36:33 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2011/10/24 11:36:33 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2011/10/24 11:36:33 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2011/10/24 11:36:32 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2011/10/24 11:36:32 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2011/10/24 11:36:32 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2011/10/24 11:36:32 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2011/10/24 11:36:32 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2011/10/24 11:36:32 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2011/10/24 11:36:32 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2011/10/24 11:36:32 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2011/10/24 11:36:32 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2011/10/24 11:36:31 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2011/10/24 11:36:31 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2011/10/24 11:36:31 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[2011/09/05 02:54:17 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/09/04 21:51:38 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 12:48:55 | 000,010,263 | ---- | C] () -- C:\Users\Véronique\KiA_elster_2048.pfx
[2010/11/24 20:19:19 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/24 04:33:24 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2010/11/24 04:05:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/24 03:17:52 | 000,002,614 | ---- | C] () -- C:\Windows\HotFixList.ini
[2010/11/24 03:09:43 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\Rezip.exe
[2009/09/12 20:29:17 | 000,002,167 | ---- | C] () -- C:\Users\Véronique\.recently-used.xbel
========== ZeroAccess Check ==========
[2011/11/17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\@
[2011/11/17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\L
[2012/10/28 14:55:35 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\U
[2012/10/24 23:10:56 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\U\00000001.@
[2012/10/28 14:55:35 | 000,014,848 | ---- | M] () -- C:\Windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\U\80000000.@
[2012/10/25 10:04:15 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\U\800000cb.@
[2012/06/22 19:22:35 | 000,002,048 | -HS- | M] () -- C:\Users\Véronique\AppData\Local\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\@
[2011/11/17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Véronique\AppData\Local\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\L
[2011/11/17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Véronique\AppData\Local\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\U
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Véronique\AppData\Local\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\n.
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/11/01 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\Véronique\AppData\Roaming\elsterformular
[2012/10/25 16:32:06 | 000,000,000 | ---D | M] -- C:\Users\Véronique\AppData\Roaming\FileZilla
[2011/11/06 15:13:38 | 000,000,000 | ---D | M] -- C:\Users\Véronique\AppData\Roaming\IrfanView
[2011/09/12 20:37:18 | 000,000,000 | ---D | M] -- C:\Users\Véronique\AppData\Roaming\OpenOffice.org
[2012/09/28 22:24:15 | 000,000,000 | ---D | M] -- C:\Users\Véronique\AppData\Roaming\SoftGrid Client
[2011/09/13 14:19:15 | 000,000,000 | ---D | M] -- C:\Users\Véronique\AppData\Roaming\Thunderbird
[2011/09/04 21:52:41 | 000,000,000 | ---D | M] -- C:\Users\Véronique\AppData\Roaming\TP
[2011/09/04 23:01:29 | 000,000,000 | ---D | M] -- C:\Users\Véronique\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10/28/2012 6:56:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Véronique\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.85 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 60.49% Memory free
7.71 Gb Paging File | 5.58 Gb Available in Paging File | 72.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276.00 Gb Total Space | 216.26 Gb Free Space | 78.35% Space Free | Partition Type: NTFS
Drive D: | 169.66 Gb Total Space | 141.26 Gb Free Space | 83.26% Space Free | Partition Type: NTFS
Computer Name: VÉRONIQUE-PC | User Name: Véronique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5635224E-675C-B94C-43EE-70BCD39BF30B}" = ATI Catalyst Install Manager
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8924153C-F29D-3F27-3AAB-389F3B661AD4}" = ccc-utility64
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02F3B756-11B3-8077-7FA7-709DDDBAEFD3}" = CCC Help French
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0620AFAE-46B1-AECB-0D8D-DC6884F72BF5}" = Catalyst Control Center Localization All
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{082E37F5-3924-4168-A69A-1B6B1FEA587C}" = Messenger Companion
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0DFD17F6-0EFB-3CBA-0692-ED193A6F847A}" = CCC Help Norwegian
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{11060D31-08ED-8F55-BB38-0F194E0FE68E}" = CCC Help German
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D5F5419-8991-466F-9AC0-593E51E18459}" = DC Software 2
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21F22617-30EA-55D0-C023-574DEFA72935}" = CCC Help English
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24691EC2-44CA-88CE-D7D8-673C9C21DABB}" = CCC Help Czech
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ABC63E9-8E74-F261-4937-C49438279633}" = ccc-core-static
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3FD1CB9F-807F-451B-926C-9D19C84CFC61}" = Messenger Suradnik
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41EB4D8C-797B-88DA-9CFD-C265BDEF3BE7}" = CCC Help Greek
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56D42B00-572C-4AE9-BCFB-CD45A3B5D0E1}" = Messenger Assistent
"{56FD9B91-F0EE-A2AE-7289-28E3110C0D08}" = CCC Help Swedish
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58240652-2AC8-80E3-B980-7E6F58D64CB3}" = CCC Help Japanese
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5BC1F10D-6A7A-41AE-AC7C-6BD454204729}" = Caplio Software
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{61920449-0393-4707-B7DD-E6C0013C8B2C}" = 원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{690E2911-8512-65D8-1237-A0E43865F226}" = Catalyst Control Center Graphics Previews Common
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C7CF28E-535B-D453-E935-524116E5D8F3}" = CCC Help Portuguese
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}" = Doplnok programu Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DD3B54B-F0D0-4A69-8344-F52033225A02}" = Messenger Companion
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{765DB2B0-943A-1F96-AA98-0DE4BD5ECF98}" = Catalyst Control Center InstallProxy
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77AA84F1-4A5F-34F6-E9FB-75B234E36748}" = CCC Help Korean
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}" = Messenger Companion
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E274911-32ED-4489-9B04-4EF100D0E4D3}" = „Messenger“ pagalbinė priemonė
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{847C879C-1467-4924-A491-1302B4C58F70}" = Messenger Companion
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8985AE5E-622A-4980-8BF8-0A1830643220}" = Windows Live Mesh ActiveX kontrola za daljinske veze
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}" = „Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis
"{902585EB-8FA3-43A5-AD1C-5C9821A77114}" = Messenger Pratilac
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{976A7F36-3904-3444-588F-A4A47DA7DAAA}" = CCC Help Hungarian
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9E77CE91-C520-6284-5340-2FED3E34537F}" = CCC Help Chinese Standard
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}" = ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}" = Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4A3BD6D-F267-199A-F402-AC9D8C6A5A1F}" = CCC Help Thai
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB067785-9646-456B-91C3-E71228132A4C}" = Messenger 사이트 공유
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B4E5E04E-3738-2736-4925-267AB9A313B0}" = CCC Help Spanish
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B7DB6FC7-631D-8767-A3DF-4B1467611D3C}" = CCC Help Turkish
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BCE95123-10EF-BF71-EFCC-27413278630B}" = CCC Help Italian
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD2E478F-C249-FF8B-F544-E22061BA03C5}" = CCC Help Russian
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C96BDE6D-EA35-1445-1E08-634171AE3C82}" = CCC Help Chinese Traditional
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger
"{D4F81B27-4054-4AD6-A588-265508BAA17C}" = Messenger Companion
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D58E381C-DE02-46A9-B9D1-A2CB807D2676}" = Messenger Companion
"{D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}" = Messenger-kumppani
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DD048DE6-3FD4-F4C2-A98D-A185CA4D94BA}" = CCC Help Danish
"{DD953122-ECF9-E725-AF9C-BA4C08AAC1B1}" = Catalyst Control Center Graphics Previews Vista
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E912365F-9F51-C5A0-8153-FEFCFF276608}" = CCC Help Polish
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14F9EE9-9B68-42B4-90F7-0924F7619281}" = Spremljevalec Messenger
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F3ECEB0A-82A0-4DB9-BB44-393A66BA0871}" = Messenger kísérő
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F6AD00BA-3229-D390-84CA-685BFF2F6C21}" = CCC Help Dutch
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEA0181F-3758-46DA-B7EC-F3CDFA7E0CE7}" = Помощник на Messenger
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FEF8EFCC-F745-9EB2-B313-9902D03A4C5D}" = CCC Help Finnish
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"EasyCash&Tax_is1" = EasyCash&Tax 1.52
"ElsterFormular 13.1.0.8394k" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"king.com" = king.com (remove only)
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Müller Foto" = Müller Foto
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/12/2012 1:32:28 PM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997
Error - 10/14/2012 4:10:47 AM | Computer Name = Véronique-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 10/15/2012 3:45:23 PM | Computer Name = Véronique-PC | Source = Windows Backup | ID = 4103
Description =
Error - 10/15/2012 3:46:12 PM | Computer Name = Véronique-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 10/16/2012 6:15:58 PM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10/16/2012 6:15:58 PM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998
Error - 10/16/2012 6:15:58 PM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998
Error - 10/17/2012 3:56:20 AM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10/17/2012 3:56:20 AM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34823042
Error - 10/17/2012 3:56:20 AM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34823042
[ System Events ]
Error - 4/14/2012 6:03:17 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 7:21:26 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 7:45:25 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 8:09:21 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 8:43:37 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 9:19:38 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 9:43:35 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/20/2012 1:26:43 PM | Computer Name = Véronique-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?04.?2012 um 16:47:43 unerwartet heruntergefahren.
Error - 5/10/2012 3:46:47 AM | Computer Name = Véronique-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 6/14/2012 4:05:02 AM | Computer Name = Véronique-PC | Source = Service Control Manager | ID = 7011
Description =
< End of report >
|
|
29.10.2012, 11:44
| #2 |
| /// Malwareteam    | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
zusätzlich: Ich sehe, dass du Malwarebytes´ Antimalware installiert hast - es legt bei jedem Scan eine Logdatei an. Öffne das Programm, klicke auf den Reiter Logfiles und exportiere alle dort gespeicherten logdateien. Zippe sie und hänge das Archiv mit an deine Antwort an! 
__________________ |
|
29.10.2012, 19:49
| #3 |
| | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Hallo Marius,
__________________wie schön, dass Du Dich meiner bzw. meines Laptops annimmst! Danke! Die Malwarebytes's Antimalware habe ich installiert, kurz bevor ich das System wieder um einen Tag zurückgesetzt habe (siehe oben) - somit wurde dann auch das Programm wieder gelöscht/deinstalliert. Ich habe zwar einen Ordner gefunden, in dem sieht aber nichts nach einer Logdatei aus. Meinst Du, es gibt sie noch auf meinem Computer (ich habe nur einmal gescannt) und wenn ja, wo könnte ich sie finden? Viele Grüße, Véronique Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-29 18:13:46
-----------------------------
18:13:46.371 OS Version: Windows x64 6.1.7601 Service Pack 1
18:13:46.371 Number of processors: 4 586 0x2505
18:13:46.372 ComputerName: VÉRONIQUE-PC UserName: Véronique
18:13:48.786 Initialize success
18:21:28.139 AVAST engine defs: 12102900
18:31:56.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:31:56.837 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
18:31:56.852 Disk 0 MBR read successfully
18:31:56.855 Disk 0 MBR scan
18:31:56.862 Disk 0 unknown MBR code
18:31:56.873 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
18:31:56.890 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
18:31:56.901 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 282624 MB offset 42149888
18:31:56.908 Disk 0 Partition - 00 0F Extended LBA 173734 MB offset 620963840
18:31:56.934 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 173733 MB offset 620965888
18:31:56.971 Disk 0 scanning C:\Windows\system32\drivers
18:32:08.912 Service scanning
18:32:39.011 Modules scanning
18:32:39.018 Disk 0 trace - called modules:
18:32:39.045 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:32:39.050 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004636790]
18:32:39.055 3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800431d050]
18:32:39.915 AVAST engine scan C:\Windows
18:32:42.949 AVAST engine scan C:\Windows\system32
18:37:11.298 AVAST engine scan C:\Windows\system32\drivers
18:37:32.519 AVAST engine scan C:\Users\Véronique
19:28:37.069 Disk 0 MBR has been saved successfully to "C:\Users\Véronique\Downloads\MBR.dat"
19:28:37.081 The log file has been saved successfully to "C:\Users\Véronique\Downloads\aswMBR.txt"
Code:
ATTFilter 19:30:01.0542 5848 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:30:01.0855 5848 ============================================================
19:30:01.0856 5848 Current date / time: 2012/10/29 19:30:01.0855
19:30:01.0856 5848 SystemInfo:
19:30:01.0856 5848
19:30:01.0856 5848 OS Version: 6.1.7601 ServicePack: 1.0
19:30:01.0856 5848 Product type: Workstation
19:30:01.0856 5848 ComputerName: VÉRONIQUE-PC
19:30:01.0856 5848 UserName: Véronique
19:30:01.0856 5848 Windows directory: C:\Windows
19:30:01.0856 5848 System windows directory: C:\Windows
19:30:01.0856 5848 Running under WOW64
19:30:01.0856 5848 Processor architecture: Intel x64
19:30:01.0856 5848 Number of processors: 4
19:30:01.0856 5848 Page size: 0x1000
19:30:01.0856 5848 Boot type: Normal boot
19:30:01.0856 5848 ============================================================
19:30:02.0657 5848 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:30:02.0663 5848 ============================================================
19:30:02.0663 5848 \Device\Harddisk0\DR0:
19:30:02.0697 5848 MBR partitions:
19:30:02.0697 5848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
19:30:02.0697 5848 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x22800000
19:30:02.0713 5848 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x25033000, BlocksNum 0x15352800
19:30:02.0713 5848 ============================================================
19:30:02.0781 5848 C: <-> \Device\Harddisk0\DR0\Partition2
19:30:02.0820 5848 D: <-> \Device\Harddisk0\DR0\Partition3
19:30:02.0820 5848 ============================================================
19:30:02.0820 5848 Initialize success
19:30:02.0820 5848 ============================================================
19:30:06.0530 9140 ============================================================
19:30:06.0530 9140 Scan started
19:30:06.0530 9140 Mode: Manual;
19:30:06.0530 9140 ============================================================
19:30:07.0175 9140 ================ Scan system memory ========================
19:30:07.0175 9140 System memory - ok
19:30:07.0175 9140 ================ Scan services =============================
19:30:07.0356 9140 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:30:07.0360 9140 1394ohci - ok
19:30:07.0391 9140 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:30:07.0395 9140 ACPI - ok
19:30:07.0424 9140 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:30:07.0426 9140 AcpiPmi - ok
19:30:07.0520 9140 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:30:07.0521 9140 AdobeFlashPlayerUpdateSvc - ok
19:30:07.0572 9140 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:30:07.0577 9140 adp94xx - ok
19:30:07.0612 9140 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:30:07.0617 9140 adpahci - ok
19:30:07.0644 9140 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:30:07.0646 9140 adpu320 - ok
19:30:07.0684 9140 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:30:07.0686 9140 AeLookupSvc - ok
19:30:07.0742 9140 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:30:07.0747 9140 AFD - ok
19:30:07.0795 9140 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:30:07.0796 9140 agp440 - ok
19:30:07.0832 9140 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:30:07.0834 9140 ALG - ok
19:30:07.0877 9140 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:30:07.0878 9140 aliide - ok
19:30:07.0924 9140 [ 94E1920E0E45ABAF0E09CCCCBE99733C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:30:07.0928 9140 AMD External Events Utility - ok
19:30:07.0972 9140 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:30:07.0973 9140 amdide - ok
19:30:08.0002 9140 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:30:08.0003 9140 AmdK8 - ok
19:30:08.0164 9140 [ 3D07F9C090C7A1D76D624972A5384471 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:30:08.0389 9140 amdkmdag - ok
19:30:08.0425 9140 [ 99AB7E4B24C80155DC4296F657FAF3C7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:30:08.0428 9140 amdkmdap - ok
19:30:08.0459 9140 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:30:08.0460 9140 AmdPPM - ok
19:30:08.0504 9140 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:30:08.0506 9140 amdsata - ok
19:30:08.0542 9140 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:30:08.0545 9140 amdsbs - ok
19:30:08.0561 9140 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:30:08.0562 9140 amdxata - ok
19:30:08.0662 9140 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:30:08.0664 9140 AntiVirSchedulerService - ok
19:30:08.0698 9140 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:30:08.0699 9140 AntiVirService - ok
19:30:08.0747 9140 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:30:08.0751 9140 AntiVirWebService - ok
19:30:08.0790 9140 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:30:08.0792 9140 AppID - ok
19:30:08.0814 9140 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:30:08.0816 9140 AppIDSvc - ok
19:30:08.0869 9140 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:30:08.0871 9140 Appinfo - ok
19:30:08.0931 9140 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:30:08.0933 9140 Apple Mobile Device - ok
19:30:08.0971 9140 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:30:08.0973 9140 arc - ok
19:30:08.0984 9140 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:30:08.0986 9140 arcsas - ok
19:30:09.0011 9140 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:30:09.0013 9140 AsyncMac - ok
19:30:09.0061 9140 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:30:09.0063 9140 atapi - ok
19:30:09.0121 9140 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:30:09.0138 9140 athr - ok
19:30:09.0197 9140 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
19:30:09.0199 9140 AtiHdmiService - ok
19:30:09.0261 9140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:30:09.0268 9140 AudioEndpointBuilder - ok
19:30:09.0278 9140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:30:09.0282 9140 AudioSrv - ok
19:30:09.0309 9140 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:30:09.0311 9140 avgntflt - ok
19:30:09.0333 9140 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:30:09.0335 9140 avipbb - ok
19:30:09.0365 9140 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:30:09.0366 9140 avkmgr - ok
19:30:09.0423 9140 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:30:09.0426 9140 AxInstSV - ok
19:30:09.0472 9140 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:30:09.0478 9140 b06bdrv - ok
19:30:09.0511 9140 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:30:09.0515 9140 b57nd60a - ok
19:30:09.0636 9140 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
19:30:09.0639 9140 BBSvc - ok
19:30:09.0694 9140 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
19:30:09.0698 9140 BBUpdate - ok
19:30:09.0734 9140 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:30:09.0736 9140 BDESVC - ok
19:30:09.0774 9140 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:30:09.0775 9140 Beep - ok
19:30:09.0797 9140 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:30:09.0799 9140 blbdrive - ok
19:30:09.0862 9140 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:30:09.0867 9140 Bonjour Service - ok
19:30:09.0909 9140 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:30:09.0910 9140 bowser - ok
19:30:09.0936 9140 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:30:09.0937 9140 BrFiltLo - ok
19:30:09.0963 9140 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:30:09.0965 9140 BrFiltUp - ok
19:30:09.0990 9140 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
19:30:09.0992 9140 Browser - ok
19:30:10.0027 9140 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:30:10.0031 9140 Brserid - ok
19:30:10.0053 9140 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:30:10.0057 9140 BrSerWdm - ok
19:30:10.0069 9140 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:30:10.0070 9140 BrUsbMdm - ok
19:30:10.0084 9140 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:30:10.0085 9140 BrUsbSer - ok
19:30:10.0135 9140 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:30:10.0136 9140 BthEnum - ok
19:30:10.0154 9140 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:30:10.0155 9140 BTHMODEM - ok
19:30:10.0182 9140 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:30:10.0184 9140 BthPan - ok
19:30:10.0205 9140 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:30:10.0211 9140 BTHPORT - ok
19:30:10.0243 9140 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:30:10.0245 9140 bthserv - ok
19:30:10.0278 9140 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:30:10.0279 9140 BTHUSB - ok
19:30:10.0301 9140 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:30:10.0303 9140 cdfs - ok
19:30:10.0327 9140 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:30:10.0330 9140 cdrom - ok
19:30:10.0378 9140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:30:10.0380 9140 CertPropSvc - ok
19:30:10.0414 9140 [ 75F91554E5FA6E962B880405FECC97A1 ] cfwids C:\Windows\system32\drivers\cfwids.sys
19:30:10.0416 9140 cfwids - ok
19:30:10.0436 9140 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:30:10.0438 9140 circlass - ok
19:30:10.0463 9140 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:30:10.0468 9140 CLFS - ok
19:30:10.0522 9140 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:10.0524 9140 clr_optimization_v2.0.50727_32 - ok
19:30:10.0567 9140 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:30:10.0569 9140 clr_optimization_v2.0.50727_64 - ok
19:30:10.0680 9140 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:30:10.0684 9140 clr_optimization_v4.0.30319_32 - ok
19:30:10.0713 9140 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:30:10.0715 9140 clr_optimization_v4.0.30319_64 - ok
19:30:10.0733 9140 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:30:10.0734 9140 CmBatt - ok
19:30:10.0773 9140 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:30:10.0774 9140 cmdide - ok
19:30:10.0818 9140 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
19:30:10.0823 9140 CNG - ok
19:30:10.0866 9140 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:30:10.0867 9140 Compbatt - ok
19:30:10.0916 9140 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:30:10.0917 9140 CompositeBus - ok
19:30:10.0924 9140 COMSysApp - ok
19:30:10.0941 9140 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:30:10.0942 9140 crcdisk - ok
19:30:10.0981 9140 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:30:10.0984 9140 CryptSvc - ok
19:30:11.0082 9140 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:30:11.0090 9140 cvhsvc - ok
19:30:11.0147 9140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:30:11.0153 9140 DcomLaunch - ok
19:30:11.0193 9140 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:30:11.0197 9140 defragsvc - ok
19:30:11.0249 9140 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:30:11.0252 9140 DfsC - ok
19:30:11.0306 9140 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:30:11.0310 9140 Dhcp - ok
19:30:11.0338 9140 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:30:11.0339 9140 discache - ok
19:30:11.0365 9140 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:30:11.0366 9140 Disk - ok
19:30:11.0402 9140 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:30:11.0404 9140 Dnscache - ok
19:30:11.0437 9140 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:30:11.0441 9140 dot3svc - ok
19:30:11.0476 9140 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:30:11.0478 9140 DPS - ok
19:30:11.0512 9140 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:30:11.0513 9140 drmkaud - ok
19:30:11.0568 9140 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:30:11.0579 9140 DXGKrnl - ok
19:30:11.0597 9140 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:30:11.0600 9140 EapHost - ok
19:30:11.0684 9140 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:30:11.0752 9140 ebdrv - ok
19:30:11.0806 9140 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:30:11.0808 9140 EFS - ok
19:30:11.0877 9140 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:30:11.0885 9140 ehRecvr - ok
19:30:11.0914 9140 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:30:11.0916 9140 ehSched - ok
19:30:11.0959 9140 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:30:11.0965 9140 elxstor - ok
19:30:11.0981 9140 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:30:11.0983 9140 ErrDev - ok
19:30:12.0027 9140 [ 438021C3F32F30E227D0F5DFD118B7B1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
19:30:12.0029 9140 ETD - ok
19:30:12.0076 9140 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:30:12.0081 9140 EventSystem - ok
19:30:12.0103 9140 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:30:12.0106 9140 exfat - ok
19:30:12.0132 9140 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:30:12.0135 9140 fastfat - ok
19:30:12.0201 9140 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:30:12.0209 9140 Fax - ok
19:30:12.0241 9140 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:30:12.0242 9140 fdc - ok
19:30:12.0273 9140 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:30:12.0275 9140 fdPHost - ok
19:30:12.0290 9140 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:30:12.0292 9140 FDResPub - ok
19:30:12.0327 9140 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:30:12.0329 9140 FileInfo - ok
19:30:12.0334 9140 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:30:12.0336 9140 Filetrace - ok
19:30:12.0358 9140 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:30:12.0360 9140 flpydisk - ok
19:30:12.0396 9140 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:30:12.0400 9140 FltMgr - ok
19:30:12.0446 9140 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:30:12.0458 9140 FontCache - ok
19:30:12.0506 9140 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:30:12.0508 9140 FontCache3.0.0.0 - ok
19:30:12.0532 9140 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:30:12.0533 9140 FsDepends - ok
19:30:12.0572 9140 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:30:12.0573 9140 Fs_Rec - ok
19:30:12.0620 9140 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:30:12.0622 9140 fvevol - ok
19:30:12.0642 9140 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:30:12.0644 9140 gagp30kx - ok
19:30:12.0669 9140 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:30:12.0671 9140 GEARAspiWDM - ok
19:30:12.0717 9140 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:30:12.0725 9140 gpsvc - ok
19:30:12.0843 9140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:30:12.0844 9140 gupdate - ok
19:30:12.0848 9140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:30:12.0849 9140 gupdatem - ok
19:30:12.0903 9140 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:30:12.0905 9140 gusvc - ok
19:30:12.0931 9140 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:30:12.0933 9140 hcw85cir - ok
19:30:12.0975 9140 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:30:12.0980 9140 HdAudAddService - ok
19:30:13.0018 9140 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:30:13.0020 9140 HDAudBus - ok
19:30:13.0024 9140 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:30:13.0025 9140 HidBatt - ok
19:30:13.0043 9140 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:30:13.0045 9140 HidBth - ok
19:30:13.0091 9140 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:30:13.0092 9140 HidIr - ok
19:30:13.0120 9140 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:30:13.0122 9140 hidserv - ok
19:30:13.0178 9140 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:30:13.0180 9140 HidUsb - ok
19:30:13.0215 9140 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:30:13.0217 9140 hkmsvc - ok
19:30:13.0248 9140 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:30:13.0252 9140 HomeGroupListener - ok
19:30:13.0290 9140 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:30:13.0293 9140 HomeGroupProvider - ok
19:30:13.0311 9140 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:30:13.0313 9140 HpSAMD - ok
19:30:13.0359 9140 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:30:13.0367 9140 HTTP - ok
19:30:13.0410 9140 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:30:13.0411 9140 hwpolicy - ok
19:30:13.0463 9140 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:30:13.0465 9140 i8042prt - ok
19:30:13.0499 9140 [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:30:13.0502 9140 iaStor - ok
19:30:13.0537 9140 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:30:13.0542 9140 iaStorV - ok
19:30:13.0613 9140 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:30:13.0622 9140 idsvc - ok
19:30:13.0771 9140 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:30:13.0932 9140 igfx - ok
19:30:13.0962 9140 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:30:13.0964 9140 iirsp - ok
19:30:14.0025 9140 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:30:14.0034 9140 IKEEXT - ok
19:30:14.0080 9140 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:30:14.0083 9140 Impcd - ok
19:30:14.0163 9140 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:30:14.0187 9140 IntcAzAudAddService - ok
19:30:14.0215 9140 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:30:14.0216 9140 intelide - ok
19:30:14.0263 9140 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:30:14.0265 9140 intelppm - ok
19:30:14.0285 9140 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:30:14.0287 9140 IPBusEnum - ok
19:30:14.0330 9140 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:30:14.0332 9140 IpFilterDriver - ok
19:30:14.0369 9140 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:30:14.0371 9140 IPMIDRV - ok
19:30:14.0397 9140 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:30:14.0399 9140 IPNAT - ok
19:30:14.0465 9140 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:30:14.0475 9140 iPod Service - ok
19:30:14.0513 9140 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:30:14.0515 9140 IRENUM - ok
19:30:14.0530 9140 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:30:14.0532 9140 isapnp - ok
19:30:14.0569 9140 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:30:14.0573 9140 iScsiPrt - ok
19:30:14.0583 9140 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:30:14.0585 9140 kbdclass - ok
19:30:14.0609 9140 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:30:14.0611 9140 kbdhid - ok
19:30:14.0629 9140 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:30:14.0630 9140 KeyIso - ok
19:30:14.0642 9140 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:30:14.0644 9140 KSecDD - ok
19:30:14.0677 9140 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:30:14.0679 9140 KSecPkg - ok
19:30:14.0711 9140 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:30:14.0712 9140 ksthunk - ok
19:30:14.0756 9140 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:30:14.0761 9140 KtmRm - ok
19:30:14.0817 9140 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:30:14.0820 9140 LanmanServer - ok
19:30:14.0850 9140 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:30:14.0854 9140 LanmanWorkstation - ok
19:30:14.0886 9140 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:30:14.0888 9140 lltdio - ok
19:30:14.0928 9140 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:30:14.0932 9140 lltdsvc - ok
19:30:14.0946 9140 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:30:14.0948 9140 lmhosts - ok
19:30:14.0988 9140 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:30:14.0990 9140 LSI_FC - ok
19:30:15.0000 9140 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:30:15.0002 9140 LSI_SAS - ok
19:30:15.0019 9140 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:30:15.0021 9140 LSI_SAS2 - ok
19:30:15.0032 9140 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:30:15.0034 9140 LSI_SCSI - ok
19:30:15.0052 9140 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:30:15.0054 9140 luafv - ok
19:30:15.0079 9140 lxcz_device - ok
19:30:15.0157 9140 [ BE8C524313DB75FA26FB2B0C0AAFF88E ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
19:30:15.0159 9140 McAfee SiteAdvisor Service - ok
19:30:15.0220 9140 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:30:15.0223 9140 McMPFSvc - ok
19:30:15.0235 9140 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:30:15.0237 9140 mcmscsvc - ok
19:30:15.0242 9140 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:30:15.0244 9140 McNaiAnn - ok
19:30:15.0262 9140 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:30:15.0264 9140 McNASvc - ok
19:30:15.0323 9140 [ 07B89E7DE2F7971CF7EEF0262207C4DE ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
19:30:15.0329 9140 McODS - ok
19:30:15.0353 9140 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:30:15.0355 9140 McProxy - ok
19:30:15.0420 9140 [ 634084D6FA08A1A95B1CE3291DEBC237 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:30:15.0462 9140 McShield - ok
19:30:15.0500 9140 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:30:15.0502 9140 Mcx2Svc - ok
19:30:15.0521 9140 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:30:15.0522 9140 megasas - ok
19:30:15.0541 9140 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:30:15.0545 9140 MegaSR - ok
19:30:15.0621 9140 [ EAC376DD77EC9E95D38108A27C261DCA ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
19:30:15.0623 9140 mfeapfk - ok
19:30:15.0651 9140 [ F55F50B11D635658F346DB0457BB2B79 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
19:30:15.0654 9140 mfeavfk - ok
19:30:15.0663 9140 mfeavfk01 - ok
19:30:15.0678 9140 [ C1BB6E71830E029ABA38A2E34449D5E0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:30:15.0720 9140 mfefire - ok
19:30:15.0754 9140 [ 33B8E35C5839A83D6700AAB3E464553B ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
19:30:15.0759 9140 mfefirek - ok
19:30:15.0810 9140 [ ADA8C105C8F9A61284C75157C170585B ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
19:30:15.0819 9140 mfehidk - ok
19:30:15.0841 9140 [ C52EE6D1E1E5A69C989ACC478051964E ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
19:30:15.0842 9140 mfenlfk - ok
19:30:15.0886 9140 [ B000720E19EF733F938A6269D630F5DD ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
19:30:15.0888 9140 mferkdet - ok
19:30:15.0920 9140 [ 6293C0C086F3C3EFB663B3D1281DF4B8 ] mfevtp C:\Windows\system32\mfevtps.exe
19:30:15.0923 9140 mfevtp - ok
19:30:15.0943 9140 [ 62717AB68B38EFEE54678B85E19B0538 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
19:30:15.0945 9140 mfewfpk - ok
19:30:15.0972 9140 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:30:15.0974 9140 MMCSS - ok
19:30:15.0990 9140 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:30:15.0992 9140 Modem - ok
19:30:16.0031 9140 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:30:16.0032 9140 monitor - ok
19:30:16.0079 9140 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:30:16.0080 9140 mouclass - ok
19:30:16.0113 9140 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:30:16.0115 9140 mouhid - ok
19:30:16.0153 9140 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:30:16.0155 9140 mountmgr - ok
19:30:16.0223 9140 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:30:16.0226 9140 MozillaMaintenance - ok
19:30:16.0243 9140 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:30:16.0245 9140 mpio - ok
19:30:16.0271 9140 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:30:16.0273 9140 mpsdrv - ok
19:30:16.0302 9140 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:30:16.0304 9140 MRxDAV - ok
19:30:16.0342 9140 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:30:16.0345 9140 mrxsmb - ok
19:30:16.0364 9140 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:30:16.0368 9140 mrxsmb10 - ok
19:30:16.0377 9140 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:30:16.0379 9140 mrxsmb20 - ok
19:30:16.0412 9140 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:30:16.0413 9140 msahci - ok
19:30:16.0442 9140 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:30:16.0445 9140 msdsm - ok
19:30:16.0463 9140 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:30:16.0466 9140 MSDTC - ok
19:30:16.0494 9140 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:30:16.0495 9140 Msfs - ok
19:30:16.0507 9140 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:30:16.0509 9140 mshidkmdf - ok
19:30:16.0520 9140 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:30:16.0521 9140 msisadrv - ok
19:30:16.0544 9140 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:30:16.0546 9140 MSiSCSI - ok
19:30:16.0551 9140 msiserver - ok
19:30:16.0586 9140 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:30:16.0588 9140 MSK80Service - ok
19:30:16.0611 9140 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:30:16.0612 9140 MSKSSRV - ok
19:30:16.0619 9140 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:30:16.0621 9140 MSPCLOCK - ok
19:30:16.0632 9140 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:30:16.0633 9140 MSPQM - ok
19:30:16.0671 9140 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:30:16.0675 9140 MsRPC - ok
19:30:16.0712 9140 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:30:16.0713 9140 mssmbios - ok
19:30:16.0742 9140 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:30:16.0744 9140 MSTEE - ok
19:30:16.0754 9140 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:30:16.0756 9140 MTConfig - ok
19:30:16.0780 9140 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:30:16.0781 9140 Mup - ok
19:30:16.0823 9140 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:30:16.0830 9140 napagent - ok
19:30:16.0867 9140 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:30:16.0871 9140 NativeWifiP - ok
19:30:16.0925 9140 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:30:16.0935 9140 NDIS - ok
19:30:16.0952 9140 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:30:16.0953 9140 NdisCap - ok
19:30:16.0988 9140 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:30:16.0990 9140 NdisTapi - ok
19:30:17.0025 9140 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:30:17.0026 9140 Ndisuio - ok
19:30:17.0060 9140 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:30:17.0063 9140 NdisWan - ok
19:30:17.0101 9140 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:30:17.0103 9140 NDProxy - ok
19:30:17.0143 9140 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:30:17.0144 9140 NetBIOS - ok
19:30:17.0187 9140 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:30:17.0190 9140 NetBT - ok
19:30:17.0207 9140 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:30:17.0208 9140 Netlogon - ok
19:30:17.0253 9140 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:30:17.0258 9140 Netman - ok
19:30:17.0275 9140 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:30:17.0281 9140 netprofm - ok
19:30:17.0314 9140 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:30:17.0343 9140 NetTcpPortSharing - ok
19:30:17.0376 9140 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:30:17.0378 9140 nfrd960 - ok
19:30:17.0424 9140 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:30:17.0428 9140 NlaSvc - ok
19:30:17.0513 9140 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:30:17.0541 9140 NOBU - ok
19:30:17.0563 9140 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:30:17.0564 9140 Npfs - ok
19:30:17.0587 9140 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:30:17.0589 9140 nsi - ok
19:30:17.0597 9140 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:30:17.0599 9140 nsiproxy - ok
19:30:17.0658 9140 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:30:17.0676 9140 Ntfs - ok
19:30:17.0702 9140 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:30:17.0703 9140 Null - ok
19:30:17.0719 9140 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:30:17.0722 9140 nvraid - ok
19:30:17.0756 9140 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:30:17.0758 9140 nvstor - ok
19:30:17.0775 9140 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:30:17.0778 9140 nv_agp - ok
19:30:17.0801 9140 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:30:17.0803 9140 ohci1394 - ok
19:30:17.0837 9140 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:30:17.0837 9140 ose - ok
19:30:17.0978 9140 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:30:18.0134 9140 osppsvc - ok
19:30:18.0165 9140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:30:18.0165 9140 p2pimsvc - ok
19:30:18.0181 9140 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:30:18.0181 9140 p2psvc - ok
19:30:18.0227 9140 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:30:18.0227 9140 Parport - ok
19:30:18.0259 9140 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:30:18.0259 9140 partmgr - ok
19:30:18.0290 9140 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:30:18.0290 9140 PcaSvc - ok
19:30:18.0305 9140 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:30:18.0305 9140 pci - ok
19:30:18.0337 9140 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:30:18.0337 9140 pciide - ok
19:30:18.0368 9140 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:30:18.0383 9140 pcmcia - ok
19:30:18.0399 9140 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:30:18.0399 9140 pcw - ok
19:30:18.0430 9140 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:30:18.0430 9140 PEAUTH - ok
19:30:18.0524 9140 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:30:18.0524 9140 PerfHost - ok
19:30:18.0586 9140 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:30:18.0586 9140 pla - ok
19:30:18.0633 9140 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:30:18.0633 9140 PlugPlay - ok
19:30:18.0664 9140 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:30:18.0664 9140 PNRPAutoReg - ok
19:30:18.0690 9140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:30:18.0690 9140 PNRPsvc - ok
19:30:18.0740 9140 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:30:18.0740 9140 PolicyAgent - ok
19:30:18.0770 9140 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:30:18.0770 9140 Power - ok
19:30:18.0830 9140 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:30:18.0830 9140 PptpMiniport - ok
19:30:18.0850 9140 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:30:18.0850 9140 Processor - ok
19:30:18.0890 9140 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:30:18.0890 9140 ProfSvc - ok
19:30:18.0900 9140 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:30:18.0900 9140 ProtectedStorage - ok
19:30:18.0950 9140 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:30:18.0950 9140 Psched - ok
19:30:18.0990 9140 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:30:19.0000 9140 ql2300 - ok
19:30:19.0030 9140 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:30:19.0030 9140 ql40xx - ok
19:30:19.0060 9140 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:30:19.0060 9140 QWAVE - ok
19:30:19.0080 9140 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:30:19.0080 9140 QWAVEdrv - ok
19:30:19.0100 9140 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:30:19.0100 9140 RasAcd - ok
19:30:19.0120 9140 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:30:19.0120 9140 RasAgileVpn - ok
19:30:19.0140 9140 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:30:19.0140 9140 RasAuto - ok
19:30:19.0180 9140 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:30:19.0180 9140 Rasl2tp - ok
19:30:19.0230 9140 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:30:19.0230 9140 RasMan - ok
19:30:19.0250 9140 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:30:19.0250 9140 RasPppoe - ok
19:30:19.0280 9140 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:30:19.0280 9140 RasSstp - ok
19:30:19.0320 9140 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:30:19.0330 9140 rdbss - ok
19:30:19.0340 9140 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:30:19.0340 9140 rdpbus - ok
19:30:19.0350 9140 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:30:19.0360 9140 RDPCDD - ok
19:30:19.0360 9140 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:30:19.0360 9140 RDPENCDD - ok
19:30:19.0370 9140 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:30:19.0370 9140 RDPREFMP - ok
19:30:19.0430 9140 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:30:19.0430 9140 RDPWD - ok
19:30:19.0470 9140 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:30:19.0470 9140 rdyboost - ok
19:30:19.0510 9140 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:30:19.0510 9140 RemoteAccess - ok
19:30:19.0550 9140 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:30:19.0550 9140 RemoteRegistry - ok
19:30:19.0590 9140 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\Windows\SysWOW64\Rezip.exe
19:30:19.0590 9140 Rezip - ok
19:30:19.0630 9140 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:30:19.0630 9140 RFCOMM - ok
19:30:19.0670 9140 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:30:19.0670 9140 RpcEptMapper - ok
19:30:19.0700 9140 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:30:19.0710 9140 RpcLocator - ok
19:30:19.0740 9140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:30:19.0750 9140 RpcSs - ok
19:30:19.0780 9140 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:30:19.0780 9140 rspndr - ok
19:30:19.0790 9140 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:30:19.0800 9140 RTL8167 - ok
19:30:19.0861 9140 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\Windows\SysWOW64\drivers\rtport.sys
19:30:19.0863 9140 rtport - ok
19:30:19.0901 9140 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
19:30:19.0902 9140 SABI - ok
19:30:19.0917 9140 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:30:19.0919 9140 SamSs - ok
19:30:19.0944 9140 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:30:19.0946 9140 sbp2port - ok
19:30:19.0978 9140 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:30:19.0982 9140 SCardSvr - ok
19:30:20.0008 9140 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:30:20.0009 9140 scfilter - ok
19:30:20.0054 9140 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:30:20.0066 9140 Schedule - ok
19:30:20.0101 9140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:30:20.0103 9140 SCPolicySvc - ok
19:30:20.0115 9140 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:30:20.0118 9140 SDRSVC - ok
19:30:20.0146 9140 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:30:20.0147 9140 secdrv - ok
19:30:20.0179 9140 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:30:20.0181 9140 seclogon - ok
19:30:20.0212 9140 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:30:20.0215 9140 SENS - ok
19:30:20.0236 9140 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:30:20.0238 9140 SensrSvc - ok
19:30:20.0265 9140 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:30:20.0266 9140 Serenum - ok
19:30:20.0286 9140 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:30:20.0288 9140 Serial - ok
19:30:20.0306 9140 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:30:20.0307 9140 sermouse - ok
19:30:20.0344 9140 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:30:20.0347 9140 SessionEnv - ok
19:30:20.0375 9140 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:30:20.0376 9140 sffdisk - ok
19:30:20.0388 9140 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:30:20.0389 9140 sffp_mmc - ok
19:30:20.0394 9140 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:30:20.0396 9140 sffp_sd - ok
19:30:20.0417 9140 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:30:20.0419 9140 sfloppy - ok
19:30:20.0468 9140 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:30:20.0476 9140 Sftfs - ok
19:30:20.0553 9140 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:30:20.0559 9140 sftlist - ok
19:30:20.0582 9140 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:30:20.0585 9140 Sftplay - ok
19:30:20.0603 9140 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:30:20.0605 9140 Sftredir - ok
19:30:20.0624 9140 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:30:20.0625 9140 Sftvol - ok
19:30:20.0641 9140 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:30:20.0644 9140 sftvsa - ok
19:30:20.0678 9140 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:30:20.0683 9140 ShellHWDetection - ok
19:30:20.0696 9140 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:30:20.0697 9140 SiSRaid2 - ok
19:30:20.0721 9140 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:30:20.0723 9140 SiSRaid4 - ok
19:30:20.0752 9140 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:30:20.0754 9140 Smb - ok
19:30:20.0788 9140 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:30:20.0790 9140 SNMPTRAP - ok
19:30:20.0803 9140 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:30:20.0805 9140 spldr - ok
19:30:20.0841 9140 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
19:30:20.0848 9140 Spooler - ok
19:30:20.0940 9140 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:30:21.0009 9140 sppsvc - ok
19:30:21.0034 9140 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:30:21.0037 9140 sppuinotify - ok
19:30:21.0080 9140 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:30:21.0085 9140 srv - ok
19:30:21.0109 9140 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:30:21.0114 9140 srv2 - ok
19:30:21.0149 9140 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:30:21.0151 9140 srvnet - ok
19:30:21.0195 9140 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:30:21.0199 9140 SSDPSRV - ok
19:30:21.0211 9140 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:30:21.0213 9140 SstpSvc - ok
19:30:21.0242 9140 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:30:21.0244 9140 stexstor - ok
19:30:21.0303 9140 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:30:21.0311 9140 stisvc - ok
19:30:21.0347 9140 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:30:21.0348 9140 swenum - ok
19:30:21.0382 9140 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:30:21.0389 9140 swprv - ok
19:30:21.0444 9140 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:30:21.0462 9140 SysMain - ok
19:30:21.0490 9140 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:30:21.0493 9140 TabletInputService - ok
19:30:21.0509 9140 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:30:21.0514 9140 TapiSrv - ok
19:30:21.0545 9140 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:30:21.0548 9140 TBS - ok
19:30:21.0617 9140 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:30:21.0636 9140 Tcpip - ok
19:30:21.0695 9140 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:30:21.0704 9140 TCPIP6 - ok
19:30:21.0739 9140 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:30:21.0741 9140 tcpipreg - ok
19:30:21.0769 9140 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:30:21.0770 9140 TDPIPE - ok
19:30:21.0808 9140 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:30:21.0809 9140 TDTCP - ok
19:30:21.0855 9140 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:30:21.0858 9140 tdx - ok
19:30:21.0890 9140 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:30:21.0892 9140 TermDD - ok
19:30:21.0939 9140 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:30:21.0947 9140 TermService - ok
19:30:21.0976 9140 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:30:21.0978 9140 Themes - ok
19:30:21.0994 9140 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:30:21.0996 9140 THREADORDER - ok
19:30:22.0016 9140 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:30:22.0019 9140 TrkWks - ok
19:30:22.0059 9140 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:30:22.0062 9140 TrustedInstaller - ok
19:30:22.0093 9140 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:30:22.0094 9140 tssecsrv - ok
19:30:22.0146 9140 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:30:22.0148 9140 TsUsbFlt - ok
19:30:22.0187 9140 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:30:22.0189 9140 tunnel - ok
19:30:22.0210 9140 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:30:22.0212 9140 uagp35 - ok
19:30:22.0246 9140 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:30:22.0250 9140 udfs - ok
19:30:22.0290 9140 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:30:22.0292 9140 UI0Detect - ok
19:30:22.0309 9140 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:30:22.0310 9140 uliagpkx - ok
19:30:22.0356 9140 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:30:22.0358 9140 umbus - ok
19:30:22.0378 9140 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:30:22.0379 9140 UmPass - ok
19:30:22.0397 9140 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:30:22.0402 9140 upnphost - ok
19:30:22.0418 9140 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:30:22.0420 9140 usbccgp - ok
19:30:22.0442 9140 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:30:22.0444 9140 usbcir - ok
19:30:22.0462 9140 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:30:22.0464 9140 usbehci - ok
19:30:22.0479 9140 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:30:22.0484 9140 usbhub - ok
19:30:22.0518 9140 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:30:22.0519 9140 usbohci - ok
19:30:22.0560 9140 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:30:22.0561 9140 usbprint - ok
19:30:22.0593 9140 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:30:22.0595 9140 usbscan - ok
19:30:22.0612 9140 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:30:22.0614 9140 USBSTOR - ok
19:30:22.0635 9140 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:30:22.0637 9140 usbuhci - ok
19:30:22.0679 9140 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:30:22.0682 9140 usbvideo - ok
19:30:22.0705 9140 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:30:22.0708 9140 UxSms - ok
19:30:22.0730 9140 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:30:22.0731 9140 VaultSvc - ok
19:30:22.0759 9140 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:30:22.0761 9140 vdrvroot - ok
19:30:22.0808 9140 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:30:22.0815 9140 vds - ok
19:30:22.0850 9140 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:30:22.0852 9140 vga - ok
19:30:22.0861 9140 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:30:22.0862 9140 VgaSave - ok
19:30:22.0896 9140 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:30:22.0899 9140 vhdmp - ok
19:30:22.0923 9140 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:30:22.0924 9140 viaide - ok
19:30:22.0942 9140 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:30:22.0944 9140 volmgr - ok
19:30:22.0980 9140 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:30:22.0984 9140 volmgrx - ok
19:30:23.0007 9140 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:30:23.0011 9140 volsnap - ok
19:30:23.0036 9140 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:30:23.0039 9140 vsmraid - ok
19:30:23.0099 9140 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:30:23.0116 9140 VSS - ok
19:30:23.0125 9140 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:30:23.0127 9140 vwifibus - ok
19:30:23.0167 9140 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:30:23.0169 9140 vwififlt - ok
19:30:23.0211 9140 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:30:23.0212 9140 vwifimp - ok
19:30:23.0233 9140 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:30:23.0238 9140 W32Time - ok
19:30:23.0260 9140 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:30:23.0261 9140 WacomPen - ok
19:30:23.0325 9140 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:30:23.0327 9140 WANARP - ok
19:30:23.0330 9140 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:30:23.0332 9140 Wanarpv6 - ok
19:30:23.0379 9140 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:30:23.0395 9140 wbengine - ok
19:30:23.0434 9140 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:30:23.0438 9140 WbioSrvc - ok
19:30:23.0485 9140 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:30:23.0490 9140 wcncsvc - ok
19:30:23.0510 9140 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:30:23.0513 9140 WcsPlugInService - ok
19:30:23.0535 9140 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:30:23.0536 9140 Wd - ok
19:30:23.0561 9140 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:30:23.0568 9140 Wdf01000 - ok
19:30:23.0582 9140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:30:23.0586 9140 WdiServiceHost - ok
19:30:23.0589 9140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:30:23.0591 9140 WdiSystemHost - ok
19:30:23.0621 9140 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:30:23.0626 9140 WebClient - ok
19:30:23.0667 9140 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:30:23.0672 9140 Wecsvc - ok
19:30:23.0689 9140 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:30:23.0692 9140 wercplsupport - ok
19:30:23.0710 9140 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:30:23.0713 9140 WerSvc - ok
19:30:23.0750 9140 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:30:23.0751 9140 WfpLwf - ok
19:30:23.0768 9140 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:30:23.0770 9140 WIMMount - ok
19:30:23.0775 9140 WinHttpAutoProxySvc - ok
19:30:23.0835 9140 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:30:23.0838 9140 Winmgmt - ok
19:30:23.0900 9140 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:30:23.0922 9140 WinRM - ok
19:30:23.0977 9140 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:30:23.0987 9140 Wlansvc - ok
19:30:24.0046 9140 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:30:24.0048 9140 wlcrasvc - ok
19:30:24.0165 9140 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:30:24.0186 9140 wlidsvc - ok
19:30:24.0220 9140 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:30:24.0222 9140 WmiAcpi - ok
19:30:24.0263 9140 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:30:24.0266 9140 wmiApSrv - ok
19:30:24.0311 9140 WMPNetworkSvc - ok
19:30:24.0339 9140 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:30:24.0341 9140 WPCSvc - ok
19:30:24.0373 9140 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:30:24.0377 9140 WPDBusEnum - ok
19:30:24.0408 9140 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:30:24.0409 9140 ws2ifsl - ok
19:30:24.0413 9140 WSearch - ok
19:30:24.0430 9140 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:30:24.0432 9140 WudfPf - ok
19:30:24.0487 9140 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:30:24.0490 9140 WUDFRd - ok
19:30:24.0524 9140 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:30:24.0527 9140 wudfsvc - ok
19:30:24.0553 9140 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:30:24.0557 9140 WwanSvc - ok
19:30:24.0605 9140 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:30:24.0610 9140 yukonw7 - ok
19:30:24.0633 9140 ================ Scan global ===============================
19:30:24.0657 9140 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:30:24.0693 9140 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:30:24.0701 9140 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:30:24.0733 9140 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:30:24.0771 9140 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
19:30:24.0775 9140 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 014A9CB92514E27C0107614DF764BC06
19:30:24.0776 9140 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
19:30:24.0776 9140 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
19:30:24.0776 9140 ================ Scan MBR ==================================
19:30:24.0793 9140 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:30:25.0135 9140 \Device\Harddisk0\DR0 - ok
19:30:25.0136 9140 ================ Scan VBR ==================================
19:30:25.0138 9140 [ 98FA392A7F5F4A5EAE8D5AA6861452C8 ] \Device\Harddisk0\DR0\Partition1
19:30:25.0140 9140 \Device\Harddisk0\DR0\Partition1 - ok
19:30:25.0153 9140 [ 0BC9EC69C155BACA924C782090D16E66 ] \Device\Harddisk0\DR0\Partition2
19:30:25.0155 9140 \Device\Harddisk0\DR0\Partition2 - ok
19:30:25.0176 9140 [ 6400261678406DA212EA0CF40D82D20C ] \Device\Harddisk0\DR0\Partition3
19:30:25.0178 9140 \Device\Harddisk0\DR0\Partition3 - ok
19:30:25.0178 9140 ============================================================
19:30:25.0178 9140 Scan finished
19:30:25.0178 9140 ============================================================
19:30:25.0194 6712 Detected object count: 1
19:30:25.0194 6712 Actual detected object count: 1
19:30:54.0906 6712 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
19:30:54.0906 6712 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip
19:35:49.0273 10088 Deinitialize success
|
|
30.10.2012, 08:47
| #4 | |
| /// Malwareteam | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
30.10.2012, 23:59
| #5 |
| | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Ich hatte ein Problem mit McAfee Internet Security... das war auf meinem Laptop drauf, als ich ihn kaufte... die Version ist abgelaufen und ich hatte es nicht mehr auf dem Schirm (im wahrsten und im übertragene Sinn). Ich habe Combofix gestartet, ohne darauf zu achten und vermute, das Programm ist durch McAfee gestört worden. Es gibt keine txt-Datei... Der Computer wurde mittendrin neu gestartet (mit der von Dir erwähnten Fehlermeldung, die beim erneuten Neustart tatsächlich verschwand) und nach einem weiteren Neustart wurden 25 updates gemacht. Nun habe ich McAfee deinstallliert. Kann ich Combofix nochmal starten? Véronique PS Beim Deinstallieren habe ich sehr viele Life Mesh ActiveXs entdeckt... und obwohl ich ein Laie bin, sagen mir die chinesischen und russischen Titel, dass die da nicht wirklich hin gehören! :-) Wollte aber ohne Nachfragen nichts löschen! Außerdem kann ich den Browserschutz bei Avira nicht aktivieren. Ist das mein unerwünschter Besucher oder der defogger? Geändert von tralali (31.10.2012 um 00:59 Uhr) |
|
31.10.2012, 10:01
| #6 |
| /// Malwareteam | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Die Life Meshs sind nicht gefährlich, sie hängen mit der Internationalisierung von Windows Live zusammen.  Das mit dem Browserschutz schauen wir uns nachher an - ich rate dir aber dringend von Avira ab! Lösche die vorhanden Combofix.exe und führe erneut meine Anleitung im letzten Post aus!
__________________ --> Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe |
|
31.10.2012, 13:21
| #7 |
| | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Ich bin für jede Empfehlung bezüglich der Anti-Viren-Programme dankbar... wie gesagt, ich kenne mich so gar nicht aus... Avira wurde vor Jahren mal auf einer Computerseite empfohlen. Code:
ATTFilter ComboFix 12-10-31.02 - Véronique 31.10.2012 12:47:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3946.2507 [GMT 1:00]
ausgeführt von:: c:\users\Véronique\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\@
c:\windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\U\00000001.@
c:\windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\U\80000000.@
c:\windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\U\800000cb.@
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-28 bis 2012-10-31 ))))))))))))))))))))))))))))))
.
.
2012-10-31 11:56 . 2012-10-31 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-31 10:34 . 2012-10-17 01:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF296DEB-11D9-4E81-83AE-CF277188E7F7}\mpengine.dll
2012-10-31 10:34 . 2012-05-31 11:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-10-31 10:21 . 2012-10-31 10:21 -------- d-----w- c:\users\Véronique\AppData\Local\{A686CDDD-3F0B-407D-A034-EF2A0D47E492}
2012-10-30 23:40 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-30 23:40 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-30 23:40 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-30 23:40 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-30 23:40 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-30 23:40 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-30 23:08 . 2012-10-30 23:08 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-30 22:47 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-10-30 22:46 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-30 22:01 . 2012-10-30 22:01 -------- d-----w- c:\users\Véronique\AppData\Local\{A9869C8D-9BD1-46D9-A3A1-735B269DE614}
2012-10-30 06:00 . 2012-10-30 06:00 -------- d-----w- c:\users\Véronique\AppData\Local\{61BA73C0-FA1D-4695-B87B-F2BD4FA79D25}
2012-10-29 16:49 . 2012-10-29 16:50 -------- d-----w- c:\users\Véronique\AppData\Local\{9BF17C25-1656-43EA-A5D1-B726C07020F9}
2012-10-29 00:18 . 2012-10-29 00:18 -------- d-----w- c:\users\Véronique\AppData\Local\{B2C756A3-F6F7-4FC5-8AE2-EFFA7004111D}
2012-10-28 11:36 . 2012-10-28 11:37 -------- d-----w- c:\users\Véronique\AppData\Local\{63211EA2-0F09-49C7-AB29-F3EA177736C1}
2012-10-27 17:45 . 2012-10-27 17:45 -------- d-----w- c:\users\Véronique\AppData\Local\{53C2040A-F19C-427C-B9C6-241D899BC4C6}
2012-10-26 22:18 . 2012-10-26 22:19 -------- d-----w- c:\users\Véronique\AppData\Local\{4D070F2B-6154-4D5D-A1B3-599A520D4B74}
2012-10-26 10:18 . 2012-10-26 10:18 -------- d-----w- c:\users\Véronique\AppData\Local\{0F40492B-2973-461A-BCAA-970E8EEA3B4B}
2012-10-25 22:18 . 2012-10-25 22:18 -------- d-----w- c:\users\Véronique\AppData\Local\{73B45042-AC39-48DE-9D19-A75EBF7A6FC7}
2012-10-25 10:17 . 2012-10-25 10:17 -------- d-----w- c:\users\Véronique\AppData\Local\{7AEE0112-5AF0-4265-B9FD-F9CBF5C93AA3}
2012-10-25 06:27 . 2009-04-09 05:23 176144 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2012-10-24 22:16 . 2012-10-24 22:17 -------- d-----w- c:\users\Véronique\AppData\Local\{EBD89523-8069-44BF-98D0-A8DAE12720A4}
2012-10-24 17:30 . 2012-10-24 17:30 -------- d-----w- c:\users\Véronique\AppData\Local\{8AE99552-65AC-4FF0-86AD-AA96F65C30E1}
2012-10-24 00:19 . 2012-10-24 00:19 -------- d-----w- c:\users\Véronique\AppData\Local\{6A052A08-14DF-4696-B15D-F6C30320AD2E}
2012-10-23 16:17 . 2012-10-23 16:17 -------- d-----w- c:\users\Véronique\AppData\Roaming\Malwarebytes
2012-10-23 16:17 . 2012-10-23 16:17 -------- d-----w- c:\programdata\Malwarebytes
2012-10-23 16:17 . 2012-10-24 22:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-23 07:46 . 2012-10-23 07:47 -------- d-----w- c:\users\Véronique\AppData\Local\{C7C17697-232C-467D-A944-DBFB1AD975E5}
2012-10-22 07:50 . 2012-10-22 07:51 -------- d-----w- c:\users\Véronique\AppData\Local\{C1BEB4FA-956E-4AF0-906E-ED54B5BD354A}
2012-10-21 10:14 . 2012-10-21 10:15 -------- d-----w- c:\users\Véronique\AppData\Local\{9A2B5E17-EA74-4A03-986B-8D2F97A88087}
2012-10-20 22:14 . 2012-10-20 22:14 -------- d-----w- c:\users\Véronique\AppData\Local\{50F9A1A4-21CE-42C0-A726-47FFF22D1394}
2012-10-20 10:47 . 2012-10-20 10:47 -------- d-----w- c:\users\Véronique\AppData\Local\Diagnostics
2012-10-20 10:13 . 2012-10-20 10:14 -------- d-----w- c:\users\Véronique\AppData\Local\{EAC91AD5-FF77-4107-80D9-2E19750DE3F4}
2012-10-19 22:13 . 2012-10-19 22:13 -------- d-----w- c:\users\Véronique\AppData\Local\{7728DE5B-8A9D-4048-B752-66C91D6772B6}
2012-10-19 10:04 . 2012-10-19 10:04 -------- d-----w- c:\users\Véronique\AppData\Local\{5F4F4073-D00E-4727-A6E4-C4D0C4BC42EF}
2012-10-18 20:48 . 2012-10-18 20:48 -------- d-----w- c:\users\Véronique\AppData\Local\{B5808452-5E7D-4EC5-9A22-336EA034A815}
2012-10-18 08:41 . 2012-10-18 08:42 -------- d-----w- c:\users\Véronique\AppData\Local\{0D471907-BA69-40A3-B950-15FFDBE1C13F}
2012-10-17 20:41 . 2012-10-17 20:41 -------- d-----w- c:\users\Véronique\AppData\Local\{74B562CF-F8A0-4AB7-B847-6847AEEDBAC8}
2012-10-17 08:40 . 2012-10-17 08:41 -------- d-----w- c:\users\Véronique\AppData\Local\{3CFB99DC-2B20-4F47-B2F8-9DA9EF166197}
2012-10-16 20:40 . 2012-10-16 20:40 -------- d-----w- c:\users\Véronique\AppData\Local\{5500DB38-26BC-4F1A-A1B2-213D9E1F1705}
2012-10-16 07:39 . 2012-10-16 07:39 -------- d-----w- c:\users\Véronique\AppData\Local\{C99B3D49-0479-4607-B6F2-0C7B4748AEBF}
2012-10-15 19:39 . 2012-10-15 19:39 -------- d-----w- c:\users\Véronique\AppData\Local\{AA5A2663-65BB-409F-ABCC-E0E8E0783E0B}
2012-10-14 20:05 . 2012-10-14 20:05 -------- d-----w- c:\users\Véronique\AppData\Local\{BEF39337-D3AE-457D-BEF0-9E619DFEBE15}
2012-10-14 14:24 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-10-14 08:04 . 2012-10-14 08:04 -------- d-----w- c:\users\Véronique\AppData\Local\{C8733ED6-BFE4-407C-A340-F9C332AC6253}
2012-10-13 07:29 . 2012-10-13 07:30 -------- d-----w- c:\users\Véronique\AppData\Local\{AA2B6D06-80CA-484B-B12C-FB3DCE3C5F22}
2012-10-12 07:30 . 2012-10-12 07:31 -------- d-----w- c:\users\Véronique\AppData\Local\{775C0600-BEBF-43C3-AB5F-4C92EB50113F}
2012-10-11 10:58 . 2012-10-11 10:58 -------- d-----w- c:\users\Véronique\AppData\Local\{7789F058-23ED-4B20-B21C-D508CB300524}
2012-10-10 22:58 . 2012-10-10 22:58 -------- d-----w- c:\users\Véronique\AppData\Local\{4DAA770D-0911-45E0-A48B-C11984159DC3}
2012-10-10 10:19 . 2012-10-10 10:20 -------- d-----w- c:\users\Véronique\AppData\Local\{10EC53EE-1D7C-4F7E-ABBF-8C498C5D8FE1}
2012-10-09 22:19 . 2012-10-09 22:19 -------- d-----w- c:\users\Véronique\AppData\Local\{189B3F55-8996-4DCF-97D1-7A3819EB830C}
2012-10-09 09:15 . 2012-10-09 09:15 -------- d-----w- c:\users\Véronique\AppData\Local\{5002F85F-B2C8-4D41-A177-4D5FE5B2B885}
2012-10-08 20:09 . 2012-10-08 20:09 -------- d-----w- c:\users\Véronique\AppData\Local\{3B92B4F5-8F9B-4F12-BE95-ECEFC3994874}
2012-10-08 07:33 . 2012-10-08 07:33 -------- d-----w- c:\users\Véronique\AppData\Local\{DAD05573-BCB6-4601-B974-AF841CA935FD}
2012-10-07 08:14 . 2012-10-07 08:14 -------- d-----w- c:\users\Véronique\AppData\Local\{6F335D56-30B0-43EB-97A4-363570932479}
2012-10-06 16:29 . 2012-10-06 16:29 -------- d-----w- c:\program files\Microsoft Silverlight
2012-10-06 16:29 . 2012-10-06 16:29 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-10-06 16:09 . 2012-10-06 16:09 -------- d-----w- c:\users\Véronique\AppData\Local\{0B66DB80-9764-4B7C-8172-FEB973FD6DDB}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 20:04 . 2012-05-10 07:57 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 20:04 . 2011-09-12 16:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-27 23:18 . 2011-10-27 10:56 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-20 17:38 . 2012-10-30 22:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-09-08 13:55 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-09-08 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Véronique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
DL-10.lnk - c:\program files (x86)\DC Software 2\DL10XP.exe [2011-11-6 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-08 465360]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-06 116648]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-06 116648]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 136192]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 20:04]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-06 16:37]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-06 16:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: bing.com\www
Trusted Zone: google.com\maps
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Véronique\AppData\Roaming\Mozilla\Firefox\Profiles\j3l5ici3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-31 13:15:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-31 12:15
.
Vor Suchlauf: 14 Verzeichnis(se), 229.122.211.840 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 229.775.335.424 Bytes frei
.
- - End Of File - - A3B86219ACC0EC97476CFBD13A85AF99
|
|
05.11.2012, 10:40
| #8 |
| /// Malwareteam | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Scan mit adwcleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
05.11.2012, 11:10
| #9 |
| | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Mein AdwCleaner sprach Deutsch :-) Code:
ATTFilter # AdwCleaner v2.006 - Datei am 05/11/2012 um 11:08:23 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Véronique - VÉRONIQUE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Véronique\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Users\Véronique\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Véronique\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Véronique\AppData\Roaming\Mozilla\Firefox\Profiles\j3l5ici3.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3885 octets] - [05/11/2012 11:08:23]
########## EOF - C:\AdwCleaner[R1].txt - [3945 octets] ##########
|
|
05.11.2012, 14:31
| #10 |
| /// Malwareteam | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Schritt 1: Fix mit adwCleaner
Schritt 2: Neues OTL-Log [*]Doppelklick auf die OTL.exe Vista und Win7 User mit Rechtsklick "als Administrator starten"[*]Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output[*]Unter Extra Registry, wähle bitte Use SafeList[*]Klicke nun auf Run Scan links oben[*]Wenn der Scan beendet wurde werden 2 Logfiles erstellt[*]Poste die Logfiles hier in den Thread.[/list]
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
05.11.2012, 21:50
| #11 |
| | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Habe hier noch eine externe Festplatte, auf die ich die letzte Datensicherung gemacht habe, als der Computer infiziert war. Kann ich sie an den Computer anschließen, neu formatieren und die eine neue Sicherung machen? Oder ist das vielleicht gar nicht nötig? Code:
ATTFilter # AdwCleaner v2.006 - Datei am 05/11/2012 um 20:51:33 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Véronique - VÉRONIQUE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Véronique\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Users\Véronique\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Véronique\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Véronique\AppData\Roaming\Mozilla\Firefox\Profiles\j3l5ici3.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [4006 octets] - [05/11/2012 11:08:23]
AdwCleaner[S1].txt - [3880 octets] - [05/11/2012 20:51:33]
########## EOF - C:\AdwCleaner[S1].txt - [3940 octets] ##########
Code:
ATTFilter OTL logfile created on: 11/5/2012 9:19:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Véronique\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.85 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 59.75% Memory free
7.71 Gb Paging File | 5.95 Gb Available in Paging File | 77.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276.00 Gb Total Space | 211.30 Gb Free Space | 76.56% Space Free | Partition Type: NTFS
Drive D: | 169.66 Gb Total Space | 141.26 Gb Free Space | 83.26% Space Free | Partition Type: NTFS
Computer Name: VÉRONIQUE-PC | User Name: Véronique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Véronique\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\DC Software 2\DL10XP.exe ()
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\SysWOW64\Rezip.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\DC Software 2\DL10XP.exe ()
MOD - C:\Program Files (x86)\DC Software 2\ImgHdlr.dll ()
MOD - C:\Program Files (x86)\DC Software 2\zlib.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (lxcz_device) -- C:\Windows\SysNative\lxczcoms.exe ( )
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\SysWOW64\Rezip.exe ()
SRV - (lxcz_device) -- C:\Windows\SysWOW64\lxczcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{10B613B1-6C65-45A4-B795-4B3BD0D2F11D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/25 04:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 22:34:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 22:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/11 14:29:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 22:34:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 22:34:04 | 000,000,000 | ---D | M]
[2011/09/12 17:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Véronique\AppData\Roaming\mozilla\Extensions
[2012/10/23 09:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Véronique\AppData\Roaming\mozilla\Firefox\Profiles\j3l5ici3.default\extensions
[2012/10/27 22:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/27 22:34:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/27 22:34:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll
[2012/03/26 16:41:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2012/01/11 17:19:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/31 16:36:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/11 17:19:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/08/31 16:36:50 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/01/11 17:19:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/18 18:54:12 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/11 17:19:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/11 17:19:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012/10/31 13:06:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Véronique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bing.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: google.com ([maps] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{418EB98E-D0E7-4B9F-9FA3-2907B3599E83}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/05 11:34:12 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{12D49B02-DECB-45A9-AD46-D127FA0FDFA6}
[2012/11/04 23:33:49 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{2B919204-141C-47D9-BF93-B5378C6CDDA4}
[2012/11/04 11:33:14 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{E429A5D3-ABEC-40F7-956F-FBB48800025B}
[2012/11/03 15:22:58 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{3FC0ABC0-BB25-4E80-868F-340343D14123}
[2012/11/02 12:14:22 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{36556BC3-A494-474F-8D5B-FC9680F78EFA}
[2012/11/02 00:14:09 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{502FFC9A-BCA3-4D38-A27F-99C6EE4C3B49}
[2012/11/01 11:22:23 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{EAF6C4F2-8EF5-4D7C-80BB-1B0060C32340}
[2012/10/31 23:21:43 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{27F3E9C6-9B10-4F9A-9A02-1C6DED2F0DB8}
[2012/10/31 13:10:04 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/31 12:56:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/31 11:21:05 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{A686CDDD-3F0B-407D-A034-EF2A0D47E492}
[2012/10/31 00:40:47 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/31 00:40:46 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/31 00:09:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/10/31 00:09:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/10/31 00:09:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/10/31 00:09:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/10/31 00:09:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/10/31 00:09:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/10/31 00:09:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/10/31 00:09:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/10/31 00:09:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/10/31 00:09:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/10/31 00:09:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/10/31 00:09:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/10/31 00:09:15 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/10/31 00:09:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/10/31 00:09:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/10/31 00:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/31 00:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/10/30 23:48:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/10/30 23:48:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/10/30 23:48:43 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/30 23:48:42 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/30 23:48:41 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/30 23:48:28 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/30 23:48:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/30 23:48:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/30 23:48:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/30 23:48:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/30 23:48:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/30 23:48:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/30 23:48:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/30 23:48:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/30 23:48:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/30 23:48:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/30 23:48:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/30 23:48:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/30 23:48:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/30 23:48:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/30 23:48:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/30 23:48:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/30 23:48:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/30 23:48:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/30 23:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/30 23:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/30 23:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/30 23:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/30 23:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/30 23:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/30 23:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/30 23:48:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/30 23:48:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/30 23:48:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/30 23:48:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/30 23:48:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/30 23:48:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/30 23:48:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/30 23:48:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/30 23:48:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/30 23:48:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/30 23:48:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/30 23:48:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/30 23:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/30 23:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/30 23:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/30 23:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/30 23:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/30 23:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/30 23:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/30 23:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/30 23:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/30 23:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/30 23:48:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/30 23:48:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/30 23:48:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/30 23:48:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/30 23:48:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/30 23:48:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/30 23:48:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/30 23:48:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/30 23:48:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/30 23:48:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/30 23:48:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/30 23:48:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/30 23:48:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/30 23:48:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/30 23:48:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/30 23:48:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/30 23:48:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/30 23:48:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/30 23:48:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/30 23:48:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/30 23:48:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/30 23:47:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/10/30 23:47:43 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/10/30 23:47:40 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/10/30 23:47:34 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/10/30 23:47:34 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/10/30 23:47:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/30 23:46:48 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/10/30 23:46:43 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/10/30 23:46:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/10/30 23:46:39 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/10/30 23:46:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/10/30 23:46:32 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/10/30 23:46:30 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/10/30 23:46:25 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/10/30 23:46:20 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/10/30 23:46:20 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/10/30 23:46:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/10/30 23:29:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/30 23:29:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/30 23:29:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/30 23:18:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/30 23:17:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/30 23:01:20 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{A9869C8D-9BD1-46D9-A3A1-735B269DE614}
[2012/10/30 07:00:24 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{61BA73C0-FA1D-4695-B87B-F2BD4FA79D25}
[2012/10/29 17:49:53 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{9BF17C25-1656-43EA-A5D1-B726C07020F9}
[2012/10/29 01:18:12 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{B2C756A3-F6F7-4FC5-8AE2-EFFA7004111D}
[2012/10/28 12:36:39 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{63211EA2-0F09-49C7-AB29-F3EA177736C1}
[2012/10/27 22:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/27 18:45:11 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{53C2040A-F19C-427C-B9C6-241D899BC4C6}
[2012/10/26 23:18:58 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{4D070F2B-6154-4D5D-A1B3-599A520D4B74}
[2012/10/26 11:18:23 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{0F40492B-2973-461A-BCAA-970E8EEA3B4B}
[2012/10/25 23:18:00 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{73B45042-AC39-48DE-9D19-A75EBF7A6FC7}
[2012/10/25 11:17:24 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{7AEE0112-5AF0-4265-B9FD-F9CBF5C93AA3}
[2012/10/25 07:27:55 | 000,176,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\Mpfp.sys
[2012/10/24 23:16:36 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{EBD89523-8069-44BF-98D0-A8DAE12720A4}
[2012/10/24 18:30:15 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{8AE99552-65AC-4FF0-86AD-AA96F65C30E1}
[2012/10/24 01:19:21 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{6A052A08-14DF-4696-B15D-F6C30320AD2E}
[2012/10/23 17:17:43 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Roaming\Malwarebytes
[2012/10/23 17:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/23 17:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/23 08:46:50 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{C7C17697-232C-467D-A944-DBFB1AD975E5}
[2012/10/22 08:50:56 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{C1BEB4FA-956E-4AF0-906E-ED54B5BD354A}
[2012/10/21 11:14:52 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{9A2B5E17-EA74-4A03-986B-8D2F97A88087}
[2012/10/20 23:14:28 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{50F9A1A4-21CE-42C0-A726-47FFF22D1394}
[2012/10/20 11:47:46 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\Diagnostics
[2012/10/20 11:13:52 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{EAC91AD5-FF77-4107-80D9-2E19750DE3F4}
[2012/10/19 23:13:16 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{7728DE5B-8A9D-4048-B752-66C91D6772B6}
[2012/10/19 11:04:35 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{5F4F4073-D00E-4727-A6E4-C4D0C4BC42EF}
[2012/10/18 21:48:02 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{B5808452-5E7D-4EC5-9A22-336EA034A815}
[2012/10/18 09:41:57 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{0D471907-BA69-40A3-B950-15FFDBE1C13F}
[2012/10/17 21:41:33 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{74B562CF-F8A0-4AB7-B847-6847AEEDBAC8}
[2012/10/17 09:40:55 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{3CFB99DC-2B20-4F47-B2F8-9DA9EF166197}
[2012/10/16 21:40:37 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{5500DB38-26BC-4F1A-A1B2-213D9E1F1705}
[2012/10/16 08:39:26 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{C99B3D49-0479-4607-B6F2-0C7B4748AEBF}
[2012/10/15 20:39:03 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{AA5A2663-65BB-409F-ABCC-E0E8E0783E0B}
[2012/10/14 21:05:04 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{BEF39337-D3AE-457D-BEF0-9E619DFEBE15}
[2012/10/14 09:04:32 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{C8733ED6-BFE4-407C-A340-F9C332AC6253}
[2012/10/13 08:29:44 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{AA2B6D06-80CA-484B-B12C-FB3DCE3C5F22}
[2012/10/12 08:30:57 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{775C0600-BEBF-43C3-AB5F-4C92EB50113F}
[2012/10/11 11:58:26 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{7789F058-23ED-4B20-B21C-D508CB300524}
[2012/10/10 23:58:03 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{4DAA770D-0911-45E0-A48B-C11984159DC3}
[2012/10/10 11:19:56 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{10EC53EE-1D7C-4F7E-ABBF-8C498C5D8FE1}
[2012/10/09 23:19:21 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{189B3F55-8996-4DCF-97D1-7A3819EB830C}
[2012/10/09 10:15:21 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{5002F85F-B2C8-4D41-A177-4D5FE5B2B885}
[2012/10/08 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{3B92B4F5-8F9B-4F12-BE95-ECEFC3994874}
[2012/10/08 08:33:39 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{DAD05573-BCB6-4601-B974-AF841CA935FD}
[2012/10/07 09:14:25 | 000,000,000 | ---D | C] -- C:\Users\Véronique\AppData\Local\{6F335D56-30B0-43EB-97A4-363570932479}
========== Files - Modified Within 30 Days ==========
[2012/11/05 21:00:06 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 21:00:06 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 20:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/05 20:54:55 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/05 20:53:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/05 20:53:13 | 4137,852,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/05 20:42:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/04 15:49:42 | 000,002,058 | -H-- | M] () -- C:\Users\Véronique\Documents\Default.rdp
[2012/10/31 13:24:35 | 001,500,080 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/31 13:24:35 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/10/31 13:24:35 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/31 13:24:35 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/10/31 13:24:35 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/31 13:06:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/31 00:22:22 | 000,294,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/29 13:11:46 | 000,009,436 | ---- | M] () -- C:\Users\Véronique\Documents\easyct.ini
[2012/10/28 18:52:31 | 000,000,000 | ---- | M] () -- C:\Users\Véronique\defogger_reenable
[2012/10/15 22:31:19 | 000,000,250 | ---- | M] () -- C:\Windows\Lexstat.ini
[2012/10/08 21:04:05 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/08 21:04:05 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012/10/30 23:29:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/30 23:29:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/30 23:29:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/30 23:29:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/30 23:29:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/28 18:52:31 | 000,000,000 | ---- | C] () -- C:\Users\Véronique\defogger_reenable
[2012/10/06 18:38:57 | 000,009,216 | ---- | C] () -- C:\Users\Véronique\Rechnung Nina.wps
[2012/08/28 23:53:39 | 000,019,810 | ---- | C] () -- C:\Users\Véronique\Fahrkostenabrechnung II.ods
[2012/08/28 18:15:37 | 000,013,578 | ---- | C] () -- C:\Users\Véronique\Gut gemacht.odt
[2012/03/13 15:36:46 | 000,020,047 | ---- | C] () -- C:\Users\Véronique\Angebot Kongresshotel Potsdam.odt
[2012/01/16 12:53:35 | 000,010,631 | ---- | C] () -- C:\Users\Véronique\KiA_II_elster_2048.pfx
[2011/12/16 01:24:17 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011/11/06 13:39:08 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\SUPPORT.INI
[2011/10/24 15:11:25 | 000,000,250 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011/10/24 11:36:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2011/10/24 11:36:33 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2011/10/24 11:36:33 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2011/10/24 11:36:33 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2011/10/24 11:36:33 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2011/10/24 11:36:32 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2011/10/24 11:36:32 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2011/10/24 11:36:32 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2011/10/24 11:36:32 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2011/10/24 11:36:32 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2011/10/24 11:36:32 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2011/10/24 11:36:32 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2011/10/24 11:36:32 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2011/10/24 11:36:32 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2011/10/24 11:36:31 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2011/10/24 11:36:31 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2011/10/24 11:36:31 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[2011/09/04 21:51:38 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 12:48:55 | 000,010,263 | ---- | C] () -- C:\Users\Véronique\KiA_elster_2048.pfx
[2010/11/24 20:19:19 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/24 04:33:24 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2010/11/24 04:05:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/24 03:17:52 | 000,002,614 | ---- | C] () -- C:\Windows\HotFixList.ini
[2010/11/24 03:09:43 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\Rezip.exe
[2009/09/12 20:29:17 | 000,002,167 | ---- | C] () -- C:\Users\Véronique\.recently-used.xbel
========== ZeroAccess Check ==========
[2011/11/17 07:41:18 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\L
[2012/10/30 23:28:27 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\U
[2012/06/22 19:22:35 | 000,002,048 | -HS- | M] () -- C:\Users\Véronique\AppData\Local\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\@
[2011/11/17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Véronique\AppData\Local\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\L
[2011/11/17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Véronique\AppData\Local\{13c7701a-ec23-d71d-cb2d-80c6fc572304}\U
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
|
|
05.11.2012, 21:52
| #12 |
| | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exeCode:
ATTFilter OTL Extras logfile created on: 11/5/2012 9:19:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Véronique\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.85 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 59.75% Memory free
7.71 Gb Paging File | 5.95 Gb Available in Paging File | 77.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276.00 Gb Total Space | 211.30 Gb Free Space | 76.56% Space Free | Partition Type: NTFS
Drive D: | 169.66 Gb Total Space | 141.26 Gb Free Space | 83.26% Space Free | Partition Type: NTFS
Computer Name: VÉRONIQUE-PC | User Name: Véronique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files (x86)\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4CFE1C4B-3E80-49EE-B3EF-4B5B0A6655B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9093792B-9849-4D10-AA03-5D3A1B3B3D30}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{07BB10C3-0DCD-4903-A367-0361B01FE1B3}C:\program files (x86)\dc software 2\dl10xp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc software 2\dl10xp.exe |
"TCP Query User{E8B9C957-D2EC-4DF8-8B77-A1A0981E2684}C:\program files (x86)\dc software 2\dl10xp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc software 2\dl10xp.exe |
"UDP Query User{9AF44E89-4A6B-4AA0-85E9-AF8190B61FD3}C:\program files (x86)\dc software 2\dl10xp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc software 2\dl10xp.exe |
"UDP Query User{A032A877-2A81-4F0E-A498-680CC660FE78}C:\program files (x86)\dc software 2\dl10xp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc software 2\dl10xp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5635224E-675C-B94C-43EE-70BCD39BF30B}" = ATI Catalyst Install Manager
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8924153C-F29D-3F27-3AAB-389F3B661AD4}" = ccc-utility64
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02F3B756-11B3-8077-7FA7-709DDDBAEFD3}" = CCC Help French
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0620AFAE-46B1-AECB-0D8D-DC6884F72BF5}" = Catalyst Control Center Localization All
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{082E37F5-3924-4168-A69A-1B6B1FEA587C}" = Messenger Companion
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0DFD17F6-0EFB-3CBA-0692-ED193A6F847A}" = CCC Help Norwegian
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{11060D31-08ED-8F55-BB38-0F194E0FE68E}" = CCC Help German
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D5F5419-8991-466F-9AC0-593E51E18459}" = DC Software 2
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21F22617-30EA-55D0-C023-574DEFA72935}" = CCC Help English
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24691EC2-44CA-88CE-D7D8-673C9C21DABB}" = CCC Help Czech
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ABC63E9-8E74-F261-4937-C49438279633}" = ccc-core-static
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3FD1CB9F-807F-451B-926C-9D19C84CFC61}" = Messenger Suradnik
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41EB4D8C-797B-88DA-9CFD-C265BDEF3BE7}" = CCC Help Greek
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56D42B00-572C-4AE9-BCFB-CD45A3B5D0E1}" = Messenger Assistent
"{56FD9B91-F0EE-A2AE-7289-28E3110C0D08}" = CCC Help Swedish
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58240652-2AC8-80E3-B980-7E6F58D64CB3}" = CCC Help Japanese
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5BC1F10D-6A7A-41AE-AC7C-6BD454204729}" = Caplio Software
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{61920449-0393-4707-B7DD-E6C0013C8B2C}" = 원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{690E2911-8512-65D8-1237-A0E43865F226}" = Catalyst Control Center Graphics Previews Common
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C7CF28E-535B-D453-E935-524116E5D8F3}" = CCC Help Portuguese
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}" = Doplnok programu Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DD3B54B-F0D0-4A69-8344-F52033225A02}" = Messenger Companion
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{765DB2B0-943A-1F96-AA98-0DE4BD5ECF98}" = Catalyst Control Center InstallProxy
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77AA84F1-4A5F-34F6-E9FB-75B234E36748}" = CCC Help Korean
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}" = Messenger Companion
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E274911-32ED-4489-9B04-4EF100D0E4D3}" = „Messenger“ pagalbinė priemonė
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{847C879C-1467-4924-A491-1302B4C58F70}" = Messenger Companion
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8985AE5E-622A-4980-8BF8-0A1830643220}" = Windows Live Mesh ActiveX kontrola za daljinske veze
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}" = „Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis
"{902585EB-8FA3-43A5-AD1C-5C9821A77114}" = Messenger Pratilac
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{976A7F36-3904-3444-588F-A4A47DA7DAAA}" = CCC Help Hungarian
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9E77CE91-C520-6284-5340-2FED3E34537F}" = CCC Help Chinese Standard
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}" = ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}" = Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4A3BD6D-F267-199A-F402-AC9D8C6A5A1F}" = CCC Help Thai
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB067785-9646-456B-91C3-E71228132A4C}" = Messenger 사이트 공유
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B4E5E04E-3738-2736-4925-267AB9A313B0}" = CCC Help Spanish
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B7DB6FC7-631D-8767-A3DF-4B1467611D3C}" = CCC Help Turkish
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BCE95123-10EF-BF71-EFCC-27413278630B}" = CCC Help Italian
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD2E478F-C249-FF8B-F544-E22061BA03C5}" = CCC Help Russian
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C96BDE6D-EA35-1445-1E08-634171AE3C82}" = CCC Help Chinese Traditional
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger
"{D4F81B27-4054-4AD6-A588-265508BAA17C}" = Messenger Companion
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D58E381C-DE02-46A9-B9D1-A2CB807D2676}" = Messenger Companion
"{D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}" = Messenger-kumppani
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DD048DE6-3FD4-F4C2-A98D-A185CA4D94BA}" = CCC Help Danish
"{DD953122-ECF9-E725-AF9C-BA4C08AAC1B1}" = Catalyst Control Center Graphics Previews Vista
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E912365F-9F51-C5A0-8153-FEFCFF276608}" = CCC Help Polish
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14F9EE9-9B68-42B4-90F7-0924F7619281}" = Spremljevalec Messenger
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F3ECEB0A-82A0-4DB9-BB44-393A66BA0871}" = Messenger kísérő
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F6AD00BA-3229-D390-84CA-685BFF2F6C21}" = CCC Help Dutch
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEA0181F-3758-46DA-B7EC-F3CDFA7E0CE7}" = Помощник на Messenger
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FEF8EFCC-F745-9EB2-B313-9902D03A4C5D}" = CCC Help Finnish
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"EasyCash&Tax_is1" = EasyCash&Tax 1.52
"ElsterFormular 13.1.0.8394k" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"king.com" = king.com (remove only)
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Müller Foto" = Müller Foto
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/21/2012 2:09:18 PM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10/21/2012 2:09:18 PM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1107
Error - 10/21/2012 2:09:18 PM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1107
Error - 10/21/2012 2:09:20 PM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10/21/2012 2:09:20 PM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2153
Error - 10/21/2012 2:09:20 PM | Computer Name = Véronique-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2153
Error - 10/22/2012 5:32:55 AM | Computer Name = Véronique-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 10/22/2012 6:00:06 AM | Computer Name = Véronique-PC | Source = Windows Backup | ID = 4103
Description =
Error - 10/23/2012 12:19:34 PM | Computer Name = Véronique-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.62.0.140 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1cfc Startzeit:
01cdb13a0865a1b2 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Berichts-ID: 5850786d-1d2d-11e2-b2c8-0024542da562
Error - 10/23/2012 8:18:55 PM | Computer Name = Véronique-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
[ System Events ]
Error - 4/14/2012 6:03:17 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 7:21:26 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 7:45:25 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 8:09:21 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 8:43:37 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 9:19:38 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/14/2012 9:43:35 AM | Computer Name = Véronique-PC | Source = bowser | ID = 8003
Description =
Error - 4/20/2012 1:26:43 PM | Computer Name = Véronique-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?04.?2012 um 16:47:43 unerwartet heruntergefahren.
Error - 5/10/2012 3:46:47 AM | Computer Name = Véronique-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst McNASvc erreicht.
Error - 6/14/2012 4:05:02 AM | Computer Name = Véronique-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst McNASvc erreicht.
< End of report >
|
|
07.11.2012, 07:33
| #13 |
| /// Malwareteam | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
07.11.2012, 10:40
| #14 |
| | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exeCode:
ATTFilter 10:38:35.0653 13632 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:38:35.0949 13632 ============================================================
10:38:35.0949 13632 Current date / time: 2012/11/07 10:38:35.0949
10:38:35.0949 13632 SystemInfo:
10:38:35.0949 13632
10:38:35.0949 13632 OS Version: 6.1.7601 ServicePack: 1.0
10:38:35.0949 13632 Product type: Workstation
10:38:35.0949 13632 ComputerName: VÉRONIQUE-PC
10:38:35.0949 13632 UserName: Véronique
10:38:35.0949 13632 Windows directory: C:\Windows
10:38:35.0949 13632 System windows directory: C:\Windows
10:38:35.0949 13632 Running under WOW64
10:38:35.0949 13632 Processor architecture: Intel x64
10:38:35.0949 13632 Number of processors: 4
10:38:35.0949 13632 Page size: 0x1000
10:38:35.0949 13632 Boot type: Normal boot
10:38:35.0949 13632 ============================================================
10:38:36.0682 13632 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:38:36.0698 13632 ============================================================
10:38:36.0698 13632 \Device\Harddisk0\DR0:
10:38:36.0698 13632 MBR partitions:
10:38:36.0698 13632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
10:38:36.0698 13632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x22800000
10:38:36.0729 13632 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x25033000, BlocksNum 0x15352800
10:38:36.0729 13632 ============================================================
10:38:36.0792 13632 C: <-> \Device\Harddisk0\DR0\Partition2
10:38:36.0823 13632 D: <-> \Device\Harddisk0\DR0\Partition3
10:38:36.0823 13632 ============================================================
10:38:36.0823 13632 Initialize success
10:38:36.0823 13632 ============================================================
10:38:39.0194 13588 ============================================================
10:38:39.0194 13588 Scan started
10:38:39.0194 13588 Mode: Manual;
10:38:39.0194 13588 ============================================================
10:38:41.0331 13588 ================ Scan system memory ========================
10:38:41.0331 13588 System memory - ok
10:38:41.0331 13588 ================ Scan services =============================
10:38:41.0721 13588 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:38:41.0737 13588 1394ohci - ok
10:38:41.0768 13588 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:38:41.0768 13588 ACPI - ok
10:38:41.0799 13588 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:38:41.0799 13588 AcpiPmi - ok
10:38:41.0893 13588 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:38:41.0893 13588 AdobeFlashPlayerUpdateSvc - ok
10:38:41.0955 13588 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:38:42.0002 13588 adp94xx - ok
10:38:42.0049 13588 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:38:42.0064 13588 adpahci - ok
10:38:42.0096 13588 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:38:42.0111 13588 adpu320 - ok
10:38:42.0142 13588 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:38:42.0142 13588 AeLookupSvc - ok
10:38:42.0189 13588 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:38:42.0189 13588 AFD - ok
10:38:42.0236 13588 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:38:42.0236 13588 agp440 - ok
10:38:42.0267 13588 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:38:42.0283 13588 ALG - ok
10:38:42.0330 13588 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:38:42.0330 13588 aliide - ok
10:38:42.0376 13588 [ 94E1920E0E45ABAF0E09CCCCBE99733C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:38:42.0376 13588 AMD External Events Utility - ok
10:38:42.0423 13588 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:38:42.0423 13588 amdide - ok
10:38:42.0454 13588 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:38:42.0470 13588 AmdK8 - ok
10:38:42.0626 13588 [ 3D07F9C090C7A1D76D624972A5384471 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:38:42.0985 13588 amdkmdag - ok
10:38:43.0047 13588 [ 99AB7E4B24C80155DC4296F657FAF3C7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:38:43.0063 13588 amdkmdap - ok
10:38:43.0094 13588 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:38:43.0110 13588 AmdPPM - ok
10:38:43.0203 13588 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:38:43.0203 13588 amdsata - ok
10:38:43.0234 13588 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:38:43.0234 13588 amdsbs - ok
10:38:43.0250 13588 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:38:43.0250 13588 amdxata - ok
10:38:43.0406 13588 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:38:43.0406 13588 AntiVirSchedulerService - ok
10:38:43.0453 13588 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:38:43.0453 13588 AntiVirService - ok
10:38:43.0484 13588 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
10:38:43.0484 13588 AntiVirWebService - ok
10:38:43.0531 13588 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:38:43.0546 13588 AppID - ok
10:38:43.0562 13588 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:38:43.0562 13588 AppIDSvc - ok
10:38:43.0609 13588 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:38:43.0609 13588 Appinfo - ok
10:38:43.0656 13588 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:38:43.0656 13588 Apple Mobile Device - ok
10:38:43.0702 13588 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:38:43.0718 13588 arc - ok
10:38:43.0734 13588 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:38:43.0734 13588 arcsas - ok
10:38:43.0765 13588 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:38:43.0765 13588 AsyncMac - ok
10:38:43.0812 13588 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:38:43.0812 13588 atapi - ok
10:38:43.0874 13588 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:38:43.0905 13588 athr - ok
10:38:43.0968 13588 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:38:43.0983 13588 AtiHdmiService - ok
10:38:44.0030 13588 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:38:44.0046 13588 AudioEndpointBuilder - ok
10:38:44.0046 13588 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:38:44.0061 13588 AudioSrv - ok
10:38:44.0092 13588 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:38:44.0092 13588 avgntflt - ok
10:38:44.0108 13588 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:38:44.0124 13588 avipbb - ok
10:38:44.0139 13588 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:38:44.0139 13588 avkmgr - ok
10:38:44.0202 13588 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:38:44.0202 13588 AxInstSV - ok
10:38:44.0248 13588 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:38:44.0264 13588 b06bdrv - ok
10:38:44.0280 13588 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:38:44.0295 13588 b57nd60a - ok
10:38:44.0467 13588 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
10:38:44.0467 13588 BBSvc - ok
10:38:44.0545 13588 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
10:38:44.0592 13588 BBUpdate - ok
10:38:44.0638 13588 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:38:44.0638 13588 BDESVC - ok
10:38:44.0670 13588 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:38:44.0670 13588 Beep - ok
10:38:44.0732 13588 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:38:44.0748 13588 BFE - ok
10:38:44.0763 13588 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:38:44.0779 13588 BITS - ok
10:38:44.0872 13588 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:38:44.0982 13588 blbdrive - ok
10:38:45.0340 13588 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:38:45.0372 13588 Bonjour Service - ok
10:38:45.0543 13588 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:38:45.0590 13588 bowser - ok
10:38:45.0668 13588 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:38:45.0715 13588 BrFiltLo - ok
10:38:45.0808 13588 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:38:45.0840 13588 BrFiltUp - ok
10:38:45.0871 13588 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:38:45.0949 13588 BridgeMP - ok
10:38:46.0183 13588 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:38:46.0214 13588 Browser - ok
10:38:46.0276 13588 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:38:46.0292 13588 Brserid - ok
10:38:46.0308 13588 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:38:46.0308 13588 BrSerWdm - ok
10:38:46.0339 13588 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:38:46.0339 13588 BrUsbMdm - ok
10:38:46.0354 13588 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:38:46.0370 13588 BrUsbSer - ok
10:38:46.0417 13588 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:38:46.0432 13588 BthEnum - ok
10:38:46.0448 13588 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:38:46.0448 13588 BTHMODEM - ok
10:38:46.0479 13588 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:38:46.0479 13588 BthPan - ok
10:38:46.0510 13588 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:38:46.0526 13588 BTHPORT - ok
10:38:46.0557 13588 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:38:46.0573 13588 bthserv - ok
10:38:46.0620 13588 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:38:46.0635 13588 BTHUSB - ok
10:38:46.0682 13588 catchme - ok
10:38:46.0713 13588 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:38:46.0713 13588 cdfs - ok
10:38:46.0776 13588 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:38:46.0791 13588 cdrom - ok
10:38:46.0838 13588 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:38:46.0838 13588 CertPropSvc - ok
10:38:46.0854 13588 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:38:46.0869 13588 circlass - ok
10:38:46.0900 13588 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:38:46.0900 13588 CLFS - ok
10:38:46.0947 13588 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:38:46.0978 13588 clr_optimization_v2.0.50727_32 - ok
10:38:47.0041 13588 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:38:47.0041 13588 clr_optimization_v2.0.50727_64 - ok
10:38:47.0150 13588 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:38:47.0150 13588 clr_optimization_v4.0.30319_32 - ok
10:38:47.0197 13588 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:38:47.0197 13588 clr_optimization_v4.0.30319_64 - ok
10:38:47.0228 13588 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:38:47.0228 13588 CmBatt - ok
10:38:47.0275 13588 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:38:47.0275 13588 cmdide - ok
10:38:47.0306 13588 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:38:47.0322 13588 CNG - ok
10:38:47.0353 13588 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:38:47.0353 13588 Compbatt - ok
10:38:47.0400 13588 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:38:47.0415 13588 CompositeBus - ok
10:38:47.0431 13588 COMSysApp - ok
10:38:47.0462 13588 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:38:47.0478 13588 crcdisk - ok
10:38:47.0524 13588 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:38:47.0524 13588 CryptSvc - ok
10:38:47.0618 13588 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:38:47.0618 13588 cvhsvc - ok
10:38:47.0680 13588 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:38:47.0696 13588 DcomLaunch - ok
10:38:47.0727 13588 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:38:47.0743 13588 defragsvc - ok
10:38:47.0790 13588 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:38:47.0790 13588 DfsC - ok
10:38:47.0836 13588 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:38:47.0836 13588 Dhcp - ok
10:38:47.0852 13588 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:38:47.0868 13588 discache - ok
10:38:47.0899 13588 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:38:47.0899 13588 Disk - ok
10:38:47.0930 13588 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:38:47.0930 13588 Dnscache - ok
10:38:47.0961 13588 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:38:47.0977 13588 dot3svc - ok
10:38:48.0008 13588 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:38:48.0008 13588 DPS - ok
10:38:48.0055 13588 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:38:48.0055 13588 drmkaud - ok
10:38:48.0102 13588 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:38:48.0117 13588 DXGKrnl - ok
10:38:48.0133 13588 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:38:48.0148 13588 EapHost - ok
10:38:48.0211 13588 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:38:48.0289 13588 ebdrv - ok
10:38:48.0320 13588 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:38:48.0336 13588 EFS - ok
10:38:48.0414 13588 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:38:48.0429 13588 ehRecvr - ok
10:38:48.0460 13588 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:38:48.0460 13588 ehSched - ok
10:38:48.0507 13588 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:38:48.0523 13588 elxstor - ok
10:38:48.0538 13588 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:38:48.0554 13588 ErrDev - ok
10:38:48.0601 13588 [ 438021C3F32F30E227D0F5DFD118B7B1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
10:38:48.0601 13588 ETD - ok
10:38:48.0679 13588 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:38:48.0679 13588 EventSystem - ok
10:38:48.0694 13588 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:38:48.0710 13588 exfat - ok
10:38:48.0741 13588 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:38:48.0741 13588 fastfat - ok
10:38:48.0804 13588 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:38:48.0804 13588 Fax - ok
10:38:48.0819 13588 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:38:48.0835 13588 fdc - ok
10:38:48.0866 13588 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:38:48.0866 13588 fdPHost - ok
10:38:48.0882 13588 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:38:48.0882 13588 FDResPub - ok
10:38:48.0897 13588 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:38:48.0897 13588 FileInfo - ok
10:38:48.0913 13588 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:38:48.0928 13588 Filetrace - ok
10:38:48.0944 13588 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:38:48.0944 13588 flpydisk - ok
10:38:48.0975 13588 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:38:48.0975 13588 FltMgr - ok
10:38:49.0022 13588 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:38:49.0038 13588 FontCache - ok
10:38:49.0100 13588 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:38:49.0100 13588 FontCache3.0.0.0 - ok
10:38:49.0131 13588 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:38:49.0131 13588 FsDepends - ok
10:38:49.0178 13588 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:38:49.0178 13588 Fs_Rec - ok
10:38:49.0225 13588 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:38:49.0225 13588 fvevol - ok
10:38:49.0256 13588 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:38:49.0256 13588 gagp30kx - ok
10:38:49.0287 13588 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:38:49.0287 13588 GEARAspiWDM - ok
10:38:49.0350 13588 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:38:49.0350 13588 gpsvc - ok
10:38:49.0474 13588 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:38:49.0474 13588 gupdate - ok
10:38:49.0474 13588 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:38:49.0474 13588 gupdatem - ok
10:38:49.0506 13588 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:38:49.0537 13588 gusvc - ok
10:38:49.0584 13588 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:38:49.0584 13588 hcw85cir - ok
10:38:49.0646 13588 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:38:49.0646 13588 HdAudAddService - ok
10:38:49.0677 13588 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:38:49.0677 13588 HDAudBus - ok
10:38:49.0693 13588 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:38:49.0693 13588 HidBatt - ok
10:38:49.0708 13588 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:38:49.0708 13588 HidBth - ok
10:38:49.0740 13588 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:38:49.0740 13588 HidIr - ok
10:38:49.0755 13588 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:38:49.0771 13588 hidserv - ok
10:38:49.0818 13588 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:38:49.0818 13588 HidUsb - ok
10:38:49.0880 13588 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:38:49.0880 13588 hkmsvc - ok
10:38:49.0927 13588 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:38:49.0927 13588 HomeGroupListener - ok
10:38:49.0958 13588 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:38:49.0974 13588 HomeGroupProvider - ok
10:38:50.0005 13588 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:38:50.0005 13588 HpSAMD - ok
10:38:50.0052 13588 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:38:50.0067 13588 HTTP - ok
10:38:50.0098 13588 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:38:50.0098 13588 hwpolicy - ok
10:38:50.0145 13588 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:38:50.0161 13588 i8042prt - ok
10:38:50.0192 13588 [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:38:50.0192 13588 iaStor - ok
10:38:50.0223 13588 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:38:50.0239 13588 iaStorV - ok
10:38:50.0301 13588 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:38:50.0317 13588 idsvc - ok
10:38:50.0442 13588 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:38:50.0582 13588 igfx - ok
10:38:50.0722 13588 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:38:50.0738 13588 iirsp - ok
10:38:50.0785 13588 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:38:50.0785 13588 IKEEXT - ok
10:38:50.0832 13588 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
10:38:50.0832 13588 Impcd - ok
10:38:50.0941 13588 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:38:50.0972 13588 IntcAzAudAddService - ok
10:38:51.0019 13588 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:38:51.0019 13588 intelide - ok
10:38:51.0050 13588 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:38:51.0050 13588 intelppm - ok
10:38:51.0097 13588 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:38:51.0097 13588 IPBusEnum - ok
10:38:51.0144 13588 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:38:51.0159 13588 IpFilterDriver - ok
10:38:51.0237 13588 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:38:51.0237 13588 iphlpsvc - ok
10:38:51.0268 13588 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:38:51.0268 13588 IPMIDRV - ok
10:38:51.0300 13588 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:38:51.0315 13588 IPNAT - ok
10:38:51.0378 13588 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:38:51.0378 13588 iPod Service - ok
10:38:51.0424 13588 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:38:51.0424 13588 IRENUM - ok
10:38:51.0456 13588 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:38:51.0456 13588 isapnp - ok
10:38:51.0487 13588 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:38:51.0502 13588 iScsiPrt - ok
10:38:51.0534 13588 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:38:51.0534 13588 kbdclass - ok
10:38:51.0549 13588 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:38:51.0549 13588 kbdhid - ok
10:38:51.0565 13588 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:38:51.0565 13588 KeyIso - ok
10:38:51.0612 13588 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:38:51.0612 13588 KSecDD - ok
10:38:51.0627 13588 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:38:51.0627 13588 KSecPkg - ok
10:38:51.0658 13588 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:38:51.0658 13588 ksthunk - ok
10:38:51.0705 13588 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:38:51.0705 13588 KtmRm - ok
10:38:51.0768 13588 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:38:51.0768 13588 LanmanServer - ok
10:38:51.0799 13588 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:38:51.0814 13588 LanmanWorkstation - ok
10:38:51.0846 13588 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:38:51.0846 13588 lltdio - ok
10:38:51.0877 13588 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:38:51.0892 13588 lltdsvc - ok
10:38:51.0908 13588 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:38:51.0908 13588 lmhosts - ok
10:38:51.0955 13588 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:38:51.0955 13588 LSI_FC - ok
10:38:51.0970 13588 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:38:51.0970 13588 LSI_SAS - ok
10:38:51.0986 13588 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:38:52.0002 13588 LSI_SAS2 - ok
10:38:52.0002 13588 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:38:52.0017 13588 LSI_SCSI - ok
10:38:52.0033 13588 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:38:52.0033 13588 luafv - ok
10:38:52.0064 13588 lxcz_device - ok
10:38:52.0080 13588 McMPFSvc - ok
10:38:52.0126 13588 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:38:52.0126 13588 Mcx2Svc - ok
10:38:52.0142 13588 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:38:52.0142 13588 megasas - ok
10:38:52.0173 13588 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:38:52.0189 13588 MegaSR - ok
10:38:52.0220 13588 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:38:52.0220 13588 MMCSS - ok
10:38:52.0236 13588 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:38:52.0236 13588 Modem - ok
10:38:52.0267 13588 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:38:52.0267 13588 monitor - ok
10:38:52.0298 13588 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
10:38:52.0298 13588 mouclass - ok
10:38:52.0345 13588 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:38:52.0345 13588 mouhid - ok
10:38:52.0392 13588 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:38:52.0392 13588 mountmgr - ok
10:38:52.0470 13588 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:38:52.0470 13588 MozillaMaintenance - ok
10:38:52.0501 13588 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:38:52.0501 13588 mpio - ok
10:38:52.0532 13588 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:38:52.0532 13588 mpsdrv - ok
10:38:52.0610 13588 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:38:52.0626 13588 MpsSvc - ok
10:38:52.0641 13588 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:38:52.0657 13588 MRxDAV - ok
10:38:52.0688 13588 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:38:52.0688 13588 mrxsmb - ok
10:38:52.0704 13588 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:38:52.0704 13588 mrxsmb10 - ok
10:38:52.0735 13588 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:38:52.0750 13588 mrxsmb20 - ok
10:38:52.0782 13588 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:38:52.0782 13588 msahci - ok
10:38:52.0813 13588 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:38:52.0813 13588 msdsm - ok
10:38:52.0828 13588 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:38:52.0844 13588 MSDTC - ok
10:38:52.0860 13588 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:38:52.0860 13588 Msfs - ok
10:38:52.0891 13588 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:38:52.0891 13588 mshidkmdf - ok
10:38:52.0891 13588 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:38:52.0891 13588 msisadrv - ok
10:38:52.0922 13588 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:38:52.0922 13588 MSiSCSI - ok
10:38:52.0938 13588 msiserver - ok
10:38:52.0953 13588 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:38:52.0953 13588 MSKSSRV - ok
10:38:52.0969 13588 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:38:52.0969 13588 MSPCLOCK - ok
10:38:52.0984 13588 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:38:52.0984 13588 MSPQM - ok
10:38:53.0031 13588 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:38:53.0031 13588 MsRPC - ok
10:38:53.0062 13588 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:38:53.0062 13588 mssmbios - ok
10:38:53.0094 13588 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:38:53.0094 13588 MSTEE - ok
10:38:53.0109 13588 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:38:53.0109 13588 MTConfig - ok
10:38:53.0140 13588 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:38:53.0140 13588 Mup - ok
10:38:53.0187 13588 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:38:53.0187 13588 napagent - ok
10:38:53.0218 13588 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:38:53.0234 13588 NativeWifiP - ok
10:38:53.0281 13588 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:38:53.0296 13588 NDIS - ok
10:38:53.0312 13588 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:38:53.0328 13588 NdisCap - ok
10:38:53.0359 13588 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:38:53.0359 13588 NdisTapi - ok
10:38:53.0390 13588 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:38:53.0390 13588 Ndisuio - ok
10:38:53.0421 13588 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:38:53.0437 13588 NdisWan - ok
10:38:53.0468 13588 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:38:53.0468 13588 NDProxy - ok
10:38:53.0515 13588 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:38:53.0515 13588 NetBIOS - ok
10:38:53.0546 13588 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:38:53.0562 13588 NetBT - ok
10:38:53.0577 13588 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:38:53.0577 13588 Netlogon - ok
10:38:53.0608 13588 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:38:53.0608 13588 Netman - ok
10:38:53.0624 13588 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:38:53.0640 13588 netprofm - ok
10:38:53.0671 13588 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:38:53.0686 13588 NetTcpPortSharing - ok
10:38:53.0733 13588 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:38:53.0733 13588 nfrd960 - ok
10:38:53.0780 13588 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:38:53.0780 13588 NlaSvc - ok
10:38:53.0889 13588 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:38:53.0920 13588 NOBU - ok
10:38:53.0936 13588 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:38:53.0936 13588 Npfs - ok
10:38:53.0967 13588 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:38:53.0967 13588 nsi - ok
10:38:53.0967 13588 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:38:53.0967 13588 nsiproxy - ok
10:38:54.0045 13588 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:38:54.0061 13588 Ntfs - ok
10:38:54.0092 13588 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:38:54.0092 13588 Null - ok
10:38:54.0123 13588 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:38:54.0139 13588 nvraid - ok
10:38:54.0170 13588 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:38:54.0170 13588 nvstor - ok
10:38:54.0201 13588 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:38:54.0217 13588 nv_agp - ok
10:38:54.0232 13588 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:38:54.0232 13588 ohci1394 - ok
10:38:54.0279 13588 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:38:54.0295 13588 ose - ok
10:38:54.0420 13588 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:38:54.0576 13588 osppsvc - ok
10:38:54.0607 13588 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:38:54.0622 13588 p2pimsvc - ok
10:38:54.0638 13588 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:38:54.0638 13588 p2psvc - ok
10:38:54.0669 13588 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:38:54.0685 13588 Parport - ok
10:38:54.0716 13588 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:38:54.0716 13588 partmgr - ok
10:38:54.0747 13588 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:38:54.0747 13588 PcaSvc - ok
10:38:54.0763 13588 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:38:54.0763 13588 pci - ok
10:38:54.0794 13588 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:38:54.0810 13588 pciide - ok
10:38:54.0841 13588 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:38:54.0841 13588 pcmcia - ok
10:38:54.0856 13588 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:38:54.0856 13588 pcw - ok
10:38:54.0888 13588 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:38:54.0903 13588 PEAUTH - ok
10:38:54.0997 13588 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:38:54.0997 13588 PerfHost - ok
10:38:55.0059 13588 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:38:55.0091 13588 pla - ok
10:38:55.0123 13588 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:38:55.0123 13588 PlugPlay - ok
10:38:55.0154 13588 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:38:55.0169 13588 PNRPAutoReg - ok
10:38:55.0185 13588 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:38:55.0185 13588 PNRPsvc - ok
10:38:55.0232 13588 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:38:55.0232 13588 PolicyAgent - ok
10:38:55.0263 13588 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:38:55.0263 13588 Power - ok
10:38:55.0325 13588 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:38:55.0325 13588 PptpMiniport - ok
10:38:55.0341 13588 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:38:55.0357 13588 Processor - ok
10:38:55.0388 13588 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:38:55.0388 13588 ProfSvc - ok
10:38:55.0403 13588 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:38:55.0403 13588 ProtectedStorage - ok
10:38:55.0450 13588 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:38:55.0450 13588 Psched - ok
10:38:55.0497 13588 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:38:55.0528 13588 ql2300 - ok
10:38:55.0559 13588 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:38:55.0559 13588 ql40xx - ok
10:38:55.0591 13588 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:38:55.0606 13588 QWAVE - ok
10:38:55.0622 13588 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:38:55.0622 13588 QWAVEdrv - ok
10:38:55.0637 13588 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:38:55.0637 13588 RasAcd - ok
10:38:55.0669 13588 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:38:55.0669 13588 RasAgileVpn - ok
10:38:55.0684 13588 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:38:55.0700 13588 RasAuto - ok
10:38:55.0731 13588 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:38:55.0731 13588 Rasl2tp - ok
10:38:55.0778 13588 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:38:55.0778 13588 RasMan - ok
10:38:55.0778 13588 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:38:55.0793 13588 RasPppoe - ok
10:38:55.0809 13588 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:38:55.0809 13588 RasSstp - ok
10:38:55.0856 13588 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:38:55.0856 13588 rdbss - ok
10:38:55.0871 13588 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:38:55.0871 13588 rdpbus - ok
10:38:55.0887 13588 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:38:55.0887 13588 RDPCDD - ok
10:38:55.0903 13588 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:38:55.0903 13588 RDPENCDD - ok
10:38:55.0918 13588 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:38:55.0918 13588 RDPREFMP - ok
10:38:55.0949 13588 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:38:55.0965 13588 RDPWD - ok
10:38:56.0012 13588 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:38:56.0027 13588 rdyboost - ok
10:38:56.0059 13588 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:38:56.0059 13588 RemoteAccess - ok
10:38:56.0090 13588 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:38:56.0105 13588 RemoteRegistry - ok
10:38:56.0152 13588 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\Windows\SysWOW64\Rezip.exe
10:38:56.0152 13588 Rezip - ok
10:38:56.0183 13588 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:38:56.0199 13588 RFCOMM - ok
10:38:56.0215 13588 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:38:56.0215 13588 RpcEptMapper - ok
10:38:56.0246 13588 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:38:56.0261 13588 RpcLocator - ok
10:38:56.0308 13588 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:38:56.0308 13588 RpcSs - ok
10:38:56.0339 13588 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:38:56.0339 13588 rspndr - ok
10:38:56.0371 13588 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:38:56.0371 13588 RTL8167 - ok
10:38:56.0433 13588 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\Windows\SysWOW64\drivers\rtport.sys
10:38:56.0449 13588 rtport - ok
10:38:56.0480 13588 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
10:38:56.0480 13588 SABI - ok
10:38:56.0495 13588 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:38:56.0495 13588 SamSs - ok
10:38:56.0527 13588 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:38:56.0527 13588 sbp2port - ok
10:38:56.0573 13588 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:38:56.0573 13588 SCardSvr - ok
10:38:56.0605 13588 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:38:56.0605 13588 scfilter - ok
10:38:56.0651 13588 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:38:56.0667 13588 Schedule - ok
10:38:56.0698 13588 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:38:56.0698 13588 SCPolicySvc - ok
10:38:56.0729 13588 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:38:56.0729 13588 SDRSVC - ok
10:38:56.0761 13588 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:38:56.0776 13588 secdrv - ok
10:38:56.0807 13588 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:38:56.0807 13588 seclogon - ok
10:38:56.0839 13588 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:38:56.0839 13588 SENS - ok
10:38:56.0839 13588 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:38:56.0854 13588 SensrSvc - ok
10:38:56.0885 13588 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:38:56.0885 13588 Serenum - ok
10:38:56.0901 13588 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:38:56.0917 13588 Serial - ok
10:38:56.0932 13588 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:38:56.0948 13588 sermouse - ok
10:38:56.0979 13588 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:38:56.0979 13588 SessionEnv - ok
10:38:57.0010 13588 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:38:57.0010 13588 sffdisk - ok
10:38:57.0026 13588 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:38:57.0026 13588 sffp_mmc - ok
10:38:57.0026 13588 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:38:57.0026 13588 sffp_sd - ok
10:38:57.0057 13588 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:38:57.0057 13588 sfloppy - ok
10:38:57.0135 13588 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
10:38:57.0151 13588 Sftfs - ok
10:38:57.0213 13588 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:38:57.0229 13588 sftlist - ok
10:38:57.0244 13588 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:38:57.0260 13588 Sftplay - ok
10:38:57.0275 13588 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:38:57.0275 13588 Sftredir - ok
10:38:57.0307 13588 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
10:38:57.0307 13588 Sftvol - ok
10:38:57.0322 13588 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:38:57.0338 13588 sftvsa - ok
10:38:57.0400 13588 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:38:57.0416 13588 SharedAccess - ok
10:38:57.0447 13588 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:38:57.0463 13588 ShellHWDetection - ok
10:38:57.0478 13588 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:38:57.0478 13588 SiSRaid2 - ok
10:38:57.0494 13588 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:38:57.0509 13588 SiSRaid4 - ok
10:38:57.0556 13588 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:38:57.0556 13588 SkypeUpdate - ok
10:38:57.0572 13588 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:38:57.0587 13588 Smb - ok
10:38:57.0619 13588 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:38:57.0619 13588 SNMPTRAP - ok
10:38:57.0650 13588 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:38:57.0665 13588 spldr - ok
10:38:57.0697 13588 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:38:57.0712 13588 Spooler - ok
10:38:57.0790 13588 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:38:57.0868 13588 sppsvc - ok
10:38:57.0884 13588 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:38:57.0899 13588 sppuinotify - ok
10:38:57.0931 13588 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:38:57.0946 13588 srv - ok
10:38:57.0962 13588 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:38:57.0962 13588 srv2 - ok
10:38:58.0009 13588 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:38:58.0009 13588 srvnet - ok
10:38:58.0024 13588 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:38:58.0024 13588 SSDPSRV - ok
10:38:58.0040 13588 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:38:58.0040 13588 SstpSvc - ok
10:38:58.0071 13588 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:38:58.0071 13588 stexstor - ok
10:38:58.0118 13588 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:38:58.0133 13588 stisvc - ok
10:38:58.0165 13588 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:38:58.0165 13588 swenum - ok
10:38:58.0196 13588 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:38:58.0211 13588 swprv - ok
10:38:58.0258 13588 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:38:58.0289 13588 SysMain - ok
10:38:58.0305 13588 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:38:58.0321 13588 TabletInputService - ok
10:38:58.0336 13588 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:38:58.0336 13588 TapiSrv - ok
10:38:58.0352 13588 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:38:58.0352 13588 TBS - ok
10:38:58.0430 13588 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:38:58.0445 13588 Tcpip - ok
10:38:58.0492 13588 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:38:58.0508 13588 TCPIP6 - ok
10:38:58.0555 13588 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:38:58.0555 13588 tcpipreg - ok
10:38:58.0586 13588 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:38:58.0601 13588 TDPIPE - ok
10:38:58.0633 13588 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:38:58.0633 13588 TDTCP - ok
10:38:58.0664 13588 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:38:58.0664 13588 tdx - ok
10:38:58.0695 13588 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:38:58.0711 13588 TermDD - ok
10:38:58.0742 13588 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:38:58.0773 13588 TermService - ok
10:38:58.0804 13588 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:38:58.0804 13588 Themes - ok
10:38:58.0820 13588 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:38:58.0820 13588 THREADORDER - ok
10:38:58.0820 13588 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:38:58.0835 13588 TrkWks - ok
10:38:58.0867 13588 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:38:58.0867 13588 TrustedInstaller - ok
10:38:58.0898 13588 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:38:58.0913 13588 tssecsrv - ok
10:38:58.0960 13588 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:38:58.0960 13588 TsUsbFlt - ok
10:38:59.0007 13588 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:38:59.0007 13588 tunnel - ok
10:38:59.0023 13588 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:38:59.0038 13588 uagp35 - ok
10:38:59.0085 13588 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:38:59.0085 13588 udfs - ok
10:38:59.0116 13588 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:38:59.0132 13588 UI0Detect - ok
10:38:59.0147 13588 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:38:59.0163 13588 uliagpkx - ok
10:38:59.0210 13588 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:38:59.0210 13588 umbus - ok
10:38:59.0241 13588 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:38:59.0241 13588 UmPass - ok
10:38:59.0272 13588 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:38:59.0272 13588 upnphost - ok
10:38:59.0288 13588 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:38:59.0303 13588 usbccgp - ok
10:38:59.0319 13588 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:38:59.0319 13588 usbcir - ok
10:38:59.0335 13588 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:38:59.0335 13588 usbehci - ok
10:38:59.0350 13588 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:38:59.0366 13588 usbhub - ok
10:38:59.0397 13588 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:38:59.0413 13588 usbohci - ok
10:38:59.0444 13588 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:38:59.0444 13588 usbprint - ok
10:38:59.0491 13588 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:38:59.0491 13588 usbscan - ok
10:38:59.0506 13588 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:38:59.0506 13588 USBSTOR - ok
10:38:59.0522 13588 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:38:59.0522 13588 usbuhci - ok
10:38:59.0569 13588 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:38:59.0569 13588 usbvideo - ok
10:38:59.0600 13588 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:38:59.0600 13588 UxSms - ok
10:38:59.0615 13588 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:38:59.0615 13588 VaultSvc - ok
10:38:59.0647 13588 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:38:59.0647 13588 vdrvroot - ok
10:38:59.0693 13588 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:38:59.0709 13588 vds - ok
10:38:59.0740 13588 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:38:59.0740 13588 vga - ok
10:38:59.0756 13588 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:38:59.0756 13588 VgaSave - ok
10:38:59.0803 13588 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:38:59.0818 13588 vhdmp - ok
10:38:59.0849 13588 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:38:59.0849 13588 viaide - ok
10:38:59.0865 13588 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:38:59.0865 13588 volmgr - ok
10:38:59.0896 13588 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:38:59.0912 13588 volmgrx - ok
10:38:59.0912 13588 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:38:59.0927 13588 volsnap - ok
10:38:59.0959 13588 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:38:59.0959 13588 vsmraid - ok
10:39:00.0021 13588 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:39:00.0037 13588 VSS - ok
10:39:00.0052 13588 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:39:00.0052 13588 vwifibus - ok
10:39:00.0099 13588 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:39:00.0099 13588 vwififlt - ok
10:39:00.0146 13588 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:39:00.0146 13588 vwifimp - ok
10:39:00.0177 13588 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:39:00.0177 13588 W32Time - ok
10:39:00.0208 13588 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:39:00.0208 13588 WacomPen - ok
10:39:00.0271 13588 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:39:00.0271 13588 WANARP - ok
10:39:00.0271 13588 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:39:00.0271 13588 Wanarpv6 - ok
10:39:00.0333 13588 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:39:00.0364 13588 wbengine - ok
10:39:00.0380 13588 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:39:00.0395 13588 WbioSrvc - ok
10:39:00.0427 13588 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:39:00.0442 13588 wcncsvc - ok
10:39:00.0458 13588 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:39:00.0458 13588 WcsPlugInService - ok
10:39:00.0473 13588 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:39:00.0489 13588 Wd - ok
10:39:00.0505 13588 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:39:00.0505 13588 Wdf01000 - ok
10:39:00.0520 13588 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:39:00.0520 13588 WdiServiceHost - ok
10:39:00.0536 13588 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:39:00.0536 13588 WdiSystemHost - ok
10:39:00.0567 13588 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:39:00.0583 13588 WebClient - ok
10:39:00.0598 13588 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:39:00.0614 13588 Wecsvc - ok
10:39:00.0614 13588 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:39:00.0629 13588 wercplsupport - ok
10:39:00.0645 13588 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:39:00.0661 13588 WerSvc - ok
10:39:00.0692 13588 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:39:00.0692 13588 WfpLwf - ok
10:39:00.0707 13588 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:39:00.0723 13588 WIMMount - ok
10:39:00.0739 13588 WinDefend - ok
10:39:00.0739 13588 WinHttpAutoProxySvc - ok
10:39:00.0801 13588 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:39:00.0801 13588 Winmgmt - ok
10:39:00.0863 13588 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:39:00.0895 13588 WinRM - ok
10:39:00.0941 13588 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:39:00.0957 13588 Wlansvc - ok
10:39:01.0004 13588 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:39:01.0004 13588 wlcrasvc - ok
10:39:01.0113 13588 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:39:01.0144 13588 wlidsvc - ok
10:39:01.0175 13588 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:39:01.0175 13588 WmiAcpi - ok
10:39:01.0222 13588 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:39:01.0222 13588 wmiApSrv - ok
10:39:01.0269 13588 WMPNetworkSvc - ok
10:39:01.0300 13588 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:39:01.0316 13588 WPCSvc - ok
10:39:01.0347 13588 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:39:01.0347 13588 WPDBusEnum - ok
10:39:01.0378 13588 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:39:01.0394 13588 ws2ifsl - ok
10:39:01.0425 13588 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:39:01.0425 13588 wscsvc - ok
10:39:01.0425 13588 WSearch - ok
10:39:01.0503 13588 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:39:01.0519 13588 wuauserv - ok
10:39:01.0534 13588 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:39:01.0550 13588 WudfPf - ok
10:39:01.0597 13588 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:39:01.0597 13588 WUDFRd - ok
10:39:01.0628 13588 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:39:01.0643 13588 wudfsvc - ok
10:39:01.0690 13588 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:39:01.0690 13588 WwanSvc - ok
10:39:01.0737 13588 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
10:39:01.0737 13588 yukonw7 - ok
10:39:01.0768 13588 ================ Scan global ===============================
10:39:01.0799 13588 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:39:01.0831 13588 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:39:01.0846 13588 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:39:01.0877 13588 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:39:01.0924 13588 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:39:01.0924 13588 [Global] - ok
10:39:01.0924 13588 ================ Scan MBR ==================================
10:39:01.0940 13588 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
10:39:02.0221 13588 \Device\Harddisk0\DR0 - ok
10:39:02.0221 13588 ================ Scan VBR ==================================
10:39:02.0221 13588 [ 98FA392A7F5F4A5EAE8D5AA6861452C8 ] \Device\Harddisk0\DR0\Partition1
10:39:02.0221 13588 \Device\Harddisk0\DR0\Partition1 - ok
10:39:02.0236 13588 [ 0BC9EC69C155BACA924C782090D16E66 ] \Device\Harddisk0\DR0\Partition2
10:39:02.0236 13588 \Device\Harddisk0\DR0\Partition2 - ok
10:39:02.0267 13588 [ 6400261678406DA212EA0CF40D82D20C ] \Device\Harddisk0\DR0\Partition3
10:39:02.0267 13588 \Device\Harddisk0\DR0\Partition3 - ok
10:39:02.0267 13588 ============================================================
10:39:02.0267 13588 Scan finished
10:39:02.0267 13588 ============================================================
10:39:02.0267 5572 Detected object count: 0
10:39:02.0267 5572 Actual detected object count: 0
10:39:13.0156 13636 Deinitialize success
|
|
08.11.2012, 10:39
| #15 |
| /// Malwareteam | Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe Schritt 1: Fix mit OTL
Code:
ATTFilter :OTL
C:\Windows\Installer\{13c7701a-ec23-d71d-cb2d-80c6fc572304}
C:\Users\Véronique\AppData\Local\{13c7701a-ec23-d71d-cb2d-80c6fc572304}
:COMMANDS
[emptytemp]
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe |
| 0x8007042, antivir, autorun, avira, avira searchfree toolbar, bho, bingbar, bonjour, desktop, error, failed, firefox, flash player, frage, home, installation, logfile, microsoft office starter 2010, mozilla, phishing, plug-in, realtek, registry, rundll, security, siteadvisor, software, symantec, system, windows |
Textbox.
Linear-Darstellung
