|
Plagegeister aller Art und deren Bekämpfung: Incredibar loswerdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.11.2012, 14:54 | #1 |
| Incredibar loswerden Hallo, ich habe versehentlich mit einem anderen Programm die Incredibar installiert (das Programm war in sich eine Lüge und wohl nur darauf angelegt, meinen Laptop zu verseuchen). Wie muss ich nun vorgehen? Danke für eure Hilfe. |
14.11.2012, 15:07 | #2 |
/// Malware-holic | Incredibar loswerden hi,
__________________merke, programme immer beim hersteller laden, immer benutzerdefiniert instalieren, da sieht man häufig toolbars, und, wichtig, informieren was man sich da instaliert. (im impressum, lizenzvertrag, und über google) Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
14.11.2012, 15:30 | #3 |
| Incredibar loswerden OTL.Txt:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 14.11.2012 15:14:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 70,07% Memory free 7,79 Gb Paging File | 6,52 Gb Available in Paging File | 83,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 161,33 Gb Free Space | 54,14% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.14 15:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2012.10.26 15:31:57 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.10.11 10:24:43 | 000,122,368 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe PRC - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.02 08:11:14 | 002,498,048 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe PRC - [2012.01.20 15:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.01.20 15:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.10.18 10:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.10.18 10:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.10.18 10:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.10.18 10:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2009.06.24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009.02.03 21:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe ========== Modules (No Company Name) ========== MOD - [2012.07.02 08:11:30 | 000,198,144 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll MOD - [2012.07.02 08:11:14 | 002,498,048 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe MOD - [2012.06.17 14:22:08 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lfs.dll MOD - [2012.05.16 20:01:30 | 000,140,800 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lua52.dll MOD - [2010.12.12 11:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll MOD - [2010.12.12 11:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll MOD - [2010.12.12 11:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll MOD - [2010.12.12 11:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll MOD - [2010.12.12 11:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll MOD - [2010.12.12 11:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll ========== Services (SafeList) ========== SRV - [2012.10.30 13:08:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.15 14:45:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.11 10:24:43 | 000,122,368 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService) SRV - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.20 15:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.01.20 15:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.01.16 07:50:58 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.01.10 20:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.01 12:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.11.01 12:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2011.11.01 12:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.10.20 17:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2011.10.19 13:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.10.18 10:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.10.18 10:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.10.18 10:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.03 21:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.24 14:01:40 | 000,416,592 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.12.15 16:01:08 | 014,646,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.12.06 02:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.31 14:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.10.19 13:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.10.19 13:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.10.11 12:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.10.10 15:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.09.08 16:40:24 | 000,508,520 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2011.09.05 08:38:22 | 000,212,544 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) DRV:64bit: - [2011.09.05 08:38:22 | 000,069,184 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) DRV:64bit: - [2011.08.29 15:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.07.28 13:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.05.19 00:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.29 16:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.09.30 20:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 20:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.03 21:23:46 | 000,019,456 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb185?a=6PQPFUUJC1&i=26 IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb185/?search={searchTerms}&loc=IB_DS&a=6PQPFUUJC1&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: wisestamp@wisestamp.com:3.11.21 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6PQPFUUJC1&&i=26&search=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 13:08:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 13:08:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.15 08:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2012.11.14 08:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\01pvotic.default\extensions [2012.11.14 08:28:33 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\01pvotic.default\extensions\ffxtlbr@incredibar.com [2012.10.18 20:42:56 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\01pvotic.default\extensions\ich@maltegoetz.de [2012.10.17 16:09:28 | 001,771,909 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\01pvotic.default\extensions\wisestamp@wisestamp.com.xpi [2012.10.18 23:08:04 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\01pvotic.default\extensions\youtube2mp3@mondayx.de.xpi [2012.10.30 13:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.30 13:08:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: MyStart Search () CHR - default_search_provider: search_url = hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&search={searchTerms}&a=6PQPFUUJC1&i=26 CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: New tab for Chrome\u2122 = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: IncrediBar for Chrome\u2122 = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\ CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe () O4 - HKCU..\Run: [Spotify] C:\Users\user\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{212A68AD-2162-44A7-A181-4D5330BD25EC}: NameServer = 192.168.2.240 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFEE7098-4AE5-470B-90BF-490051845002}: DhcpNameServer = 172.16.255.250 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 15:10:46 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Trojaner-Board-Dateien [2012.11.14 15:10:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012.11.14 08:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion [2012.11.14 08:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incredibar.com [2012.11.13 23:15:10 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Dell WebCam Central [2012.11.13 12:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickDic [2012.11.13 10:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tuloxFreeWBE [2012.11.13 10:04:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tulox [2012.11.13 10:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tulox [2012.11.12 23:46:07 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Einkauf & Finanzen [2012.11.12 23:41:26 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Reisen [2012.11.12 23:38:13 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Cádiz [2012.11.11 23:10:56 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Marcos MUC [2012.11.10 19:48:31 | 000,000,000 | ---D | C] -- C:\Users\user\.rainlendar2 [2012.11.10 19:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2 [2012.11.10 19:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rainlendar2 [2012.10.30 19:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2012.10.30 19:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.10.30 19:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.10.30 19:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.10.30 19:50:46 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.10.30 19:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2012.10.30 19:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.10.30 19:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012.10.30 19:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.10.30 19:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.10.30 19:47:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft Help [2012.10.30 19:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.10.30 19:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.10.30 19:47:13 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.10.30 13:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.24 08:52:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Diagnostics [2012.10.23 15:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyClient [2012.10.23 15:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\AnyClient [2012.10.23 15:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.10.23 15:29:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Cisco [2012.10.23 15:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2012.10.23 15:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco [2012.10.23 11:58:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Spotify [2012.10.23 11:53:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Spotify [2012.10.18 13:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher [2012.10.18 13:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DsNET Corp [2012.10.17 15:04:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\OpenOffice.org [2012.10.17 15:04:02 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.10.17 15:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2012.10.16 22:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.10.16 22:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.10.16 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Google [2012.10.16 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Reallusion [2012.10.16 02:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.10.15 16:59:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ElevatedDiagnostics [2012.10.15 16:06:23 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Eigene Dateien ========== Files - Modified Within 30 Days ========== [2012.11.14 15:10:46 | 000,051,280 | ---- | M] () -- C:\Users\user\Desktop\Trojaner-Board.html [2012.11.14 15:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012.11.14 15:10:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.14 14:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.14 13:41:35 | 002,186,747 | ---- | M] () -- C:\Users\user\Kriminologie-FH-2012-13-03-ppp.pdf [2012.11.14 13:22:46 | 000,001,284 | ---- | M] () -- C:\Users\user\site.xml [2012.11.14 12:27:58 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 12:27:58 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 12:26:59 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.14 12:26:59 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.14 12:26:59 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.14 12:26:59 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.14 12:26:59 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.14 12:20:48 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.14 12:20:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.14 12:20:33 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 08:28:34 | 000,000,450 | ---- | M] () -- C:\user.js [2012.11.12 20:57:40 | 000,199,150 | ---- | M] () -- C:\Users\user\Using multiple senses in service experience creating consumer loyality in tourism.pdf [2012.11.12 20:57:38 | 000,411,667 | ---- | M] () -- C:\Users\user\The tourist experience. Exploring the relationship.pdf [2012.11.12 20:57:24 | 000,350,618 | ---- | M] () -- C:\Users\user\Creating Value for Participants in the Experience Industry.pdf [2012.11.12 00:38:33 | 000,001,103 | ---- | M] () -- C:\Users\user\Desktop\Eigene Dateien.lnk [2012.11.01 19:52:42 | 000,433,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.23 11:58:31 | 000,001,799 | ---- | M] () -- C:\Users\user\Desktop\Spotify.lnk [2012.10.16 22:25:19 | 000,002,247 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk [2012.10.15 15:36:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.10.15 15:36:26 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf ========== Files Created - No Company Name ========== [2012.11.14 15:10:45 | 000,051,280 | ---- | C] () -- C:\Users\user\Desktop\Trojaner-Board.html [2012.11.14 13:40:49 | 002,186,747 | ---- | C] () -- C:\Users\user\Kriminologie-FH-2012-13-03-ppp.pdf [2012.11.14 08:28:33 | 000,000,450 | ---- | C] () -- C:\user.js [2012.11.13 12:16:59 | 000,001,037 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk [2012.11.12 20:57:39 | 000,199,150 | ---- | C] () -- C:\Users\user\Using multiple senses in service experience creating consumer loyality in tourism.pdf [2012.11.12 20:57:34 | 000,411,667 | ---- | C] () -- C:\Users\user\The tourist experience. Exploring the relationship.pdf [2012.11.12 20:57:21 | 000,350,618 | ---- | C] () -- C:\Users\user\Creating Value for Participants in the Experience Industry.pdf [2012.11.12 20:50:51 | 000,001,284 | ---- | C] () -- C:\Users\user\site.xml [2012.10.23 11:58:31 | 000,001,799 | ---- | C] () -- C:\Users\user\Desktop\Spotify.lnk [2012.10.23 11:58:31 | 000,001,785 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.10.16 22:25:19 | 000,002,247 | ---- | C] () -- C:\Users\user\Desktop\Google Chrome.lnk [2012.10.16 22:05:50 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.16 22:05:49 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.15 16:06:02 | 000,001,103 | ---- | C] () -- C:\Users\user\Desktop\Eigene Dateien.lnk [2012.10.15 15:36:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.10.15 15:36:26 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.10.15 08:42:20 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.10.15 08:42:18 | 000,261,196 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.10.15 08:42:14 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.15 08:42:09 | 013,168,640 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.10.11 14:04:00 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin [2012.10.11 13:48:25 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.01.10 19:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.23 15:29:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cisco [2012.10.17 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org [2012.11.14 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Spotify [2012.10.14 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.12 00:38:40 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.10.11 13:42:00 | 000,000,000 | ---D | M] -- C:\Dell [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.10.11 13:39:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.10.11 23:33:02 | 000,000,000 | ---D | M] -- C:\Drivers [2012.10.11 23:33:02 | 000,000,000 | ---D | M] -- C:\Hotfix [2012.10.11 13:49:36 | 000,000,000 | ---D | M] -- C:\Intel [2012.10.30 19:47:13 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.14 08:29:48 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.14 08:28:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.10.30 19:47:37 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.10.11 13:39:39 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.11 13:39:39 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.11.14 15:16:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.11 13:39:47 | 000,000,000 | R--D | M] -- C:\Users [2012.11.12 00:36:26 | 000,000,000 | ---D | M] -- C:\Verena [2012.10.30 19:50:46 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,011,718 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.10.15 12:38:16 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.10.16 22:05:49 | 000,001,102 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.10.16 22:05:50 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Verena\Windows\System32\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Verena\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Verena\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Verena\Windows\System32\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Verena\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Verena\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Verena\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Verena\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Verena\Windows\System32\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Verena\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2012.01.25 10:42:45 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Verena\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2012.01.25 10:42:45 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Verena\Windows\explorer.exe [2012.01.25 10:42:45 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Verena\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2012.01.25 10:42:45 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Verena\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Verena\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2012.01.25 10:42:45 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Verena\Windows\SysWOW64\explorer.exe [2012.01.25 10:42:45 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Verena\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Verena\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Users\user\AppData\Local\Temp\drp\DP_MassStorage_wnt6-x64_1110\drp\x64\M\Intel\2\iaStor.sys [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Verena\Drivers\Chipset_IRST\f6flpy-x64\iaStor.sys [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Verena\Windows\System32\drivers\iaStor.sys [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Verena\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Verena\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Verena\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Verena\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2012.01.25 10:42:43 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Verena\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2012.01.25 10:42:43 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Verena\Windows\System32\drivers\iaStorV.sys [2012.01.25 10:42:43 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Verena\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2012.01.25 10:42:43 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Verena\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Verena\Windows\System32\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Verena\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Verena\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Verena\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2012.01.25 10:42:43 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Verena\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2012.01.25 10:42:43 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Verena\Windows\System32\drivers\nvstor.sys [2012.01.25 10:42:43 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Verena\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2012.01.25 10:42:43 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Verena\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Verena\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Verena\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Verena\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Verena\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Verena\Windows\System32\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Verena\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Verena\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Verena\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Verena\Windows\System32\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Verena\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Verena\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Verena\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Verena\Windows\System32\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Verena\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Verena\Windows\System32\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Verena\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Verena\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Verena\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.11.14 15:09:40 | 000,000,081 | ---- | M] () -- C:\Users\user\config.txt [2012.11.12 20:57:24 | 000,350,618 | ---- | M] () -- C:\Users\user\Creating Value for Participants in the Experience Industry.pdf [2012.11.14 13:41:35 | 002,186,747 | ---- | M] () -- C:\Users\user\Kriminologie-FH-2012-13-03-ppp.pdf [2012.11.14 15:26:48 | 001,310,720 | ---- | M] () -- C:\Users\user\NTUSER.DAT [2012.11.14 15:26:48 | 000,262,144 | -HS- | M] () -- C:\Users\user\ntuser.dat.LOG1 [2012.10.11 13:39:47 | 000,000,000 | -HS- | M] () -- C:\Users\user\ntuser.dat.LOG2 [2012.10.11 13:56:10 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.10.11 13:56:10 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.10.11 13:56:10 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.10.11 13:39:47 | 000,000,020 | -HS- | M] () -- C:\Users\user\ntuser.ini [2012.11.14 13:22:46 | 000,001,284 | ---- | M] () -- C:\Users\user\site.xml [2012.11.12 20:57:38 | 000,411,667 | ---- | M] () -- C:\Users\user\The tourist experience. Exploring the relationship.pdf [2012.11.12 20:57:40 | 000,199,150 | ---- | M] () -- C:\Users\user\Using multiple senses in service experience creating consumer loyality in tourism.pdf < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Extras.Txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.11.2012 15:14:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 70,07% Memory free 7,79 Gb Paging File | 6,52 Gb Available in Paging File | 83,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 161,33 Gb Free Space | 54,14% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11B3F046-B7B7-44F5-BE3B-FB88210849AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{19CAF06D-E8FE-487C-8237-82F7D2A647A3}" = lport=445 | protocol=6 | dir=in | app=system | "{1AEFB21C-52BD-46B6-A7D9-2DB52C9C5A37}" = rport=10243 | protocol=6 | dir=out | app=system | "{22D521F7-DF58-4811-9112-56F67FED99E3}" = rport=137 | protocol=17 | dir=out | app=system | "{28C41D6A-287B-4CF5-BF61-A5B08E95EB7C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{3CA21F34-9A7F-4782-AB08-7AA53AACE6BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3ED4D816-E74B-47F6-B1ED-E3F1F45F9DCE}" = rport=139 | protocol=6 | dir=out | app=system | "{499EF3F9-0782-44AC-8D5D-38B409C28C3E}" = rport=138 | protocol=17 | dir=out | app=system | "{4ACFEAB2-4B23-4AC5-B816-8318421FD4DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6455DB88-E7B2-4FC7-B289-5051560F2F7B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{658F2930-EDC7-42B6-A5C3-D63D6B818A66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7AF93022-C48F-4D5D-BDAB-77AF019CAC89}" = lport=139 | protocol=6 | dir=in | app=system | "{806B0555-42EE-4E93-9F02-6C40E1E23697}" = lport=10243 | protocol=6 | dir=in | app=system | "{88B8EAD1-9087-4497-B743-8FD556D00060}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8AF9D7AD-7D58-47F0-82B3-86C6FE30AAE1}" = lport=137 | protocol=17 | dir=in | app=system | "{A331195A-A0C8-449E-90DA-4DFF21F85100}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AE467DC5-083F-4E56-AA45-7BCBFFD162CA}" = lport=2869 | protocol=6 | dir=in | app=system | "{C2CD14E3-65CB-4409-A0A8-3345F17E7CD7}" = lport=138 | protocol=17 | dir=in | app=system | "{D0CA1C81-72BC-4988-A050-6A6659D55803}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D0D5183F-D797-4CE1-9292-5A4E442E6678}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D65BB914-FE18-471C-95C2-9EBE543E167C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F15CC3D9-4CB0-457A-9674-808903876CE0}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C14F9BC-96B8-4C51-AB96-F5103B96447A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0F459EAD-6199-4FB4-919F-411FA5D2C35B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1EF6BEBD-BFFF-41C4-8C37-44EF9C68CE72}" = protocol=6 | dir=out | app=system | "{2F4062CB-345B-4248-8F60-A65C0A571873}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{346C38D0-6E86-46D2-97F6-0D6A6A2C83B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{35BABE8D-522A-4100-8863-0555C039640F}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{37DD6CBF-4C96-4B8E-9B74-FB6B352FFC10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{38BFB0E5-794D-4929-8B89-FE589A51B4D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3C59823E-75CE-4BC8-B85E-C35789569937}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{41EF822A-DA6F-4D61-AF73-42EA556D8429}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{47A7CBAD-AB34-485E-93DA-0CFA62540FE7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{4D8C15AC-6550-499B-A65F-BC1EC6B1FC7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{56B565B0-32A9-482F-804C-3A067E5311BE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{58B1962E-F137-4157-B268-4FADC0A6EC8F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5AE06F85-53F1-4C0E-ACDD-5A623D280540}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5FF2C991-AB90-4C6E-A908-33C423D03F97}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{859A3E68-DA6F-4735-8D6A-4167017E1A30}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{9AC72D83-4BB7-4554-9B71-5581270F5825}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{A2C34739-77F3-4AA2-B112-B94A01563834}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A9BCA59D-AD7B-4D6A-8F65-4F02A699E8C8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B1F49EA4-096C-4DFD-AE01-0319823B259B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B76ABEB0-087E-4211-805D-A53E5C70C66C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BAA1C696-E8BE-4B84-B536-954582AFD869}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CA8D17F6-0CA9-493D-98E6-7BE56E7E5C75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D31764FC-11A6-4D0D-9258-1639FCFD5117}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D59363E8-2857-461D-A4ED-2EA5DBE855FB}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{D75C10ED-674B-471F-BA13-73BAF98B0E78}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{D894B55F-8835-4B10-AB78-E65BF17BCB87}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{D9FC7BA0-419E-4135-902C-38D731B9A650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{9C657DE1-0783-4781-A4A5-23784A062AF6}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | "TCP Query User{A4A6374B-8B4E-4682-9AA6-8BA0CEF728BB}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | "TCP Query User{ECF3E46F-D2F6-40F9-BCBB-2F9F36A26648}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | "TCP Query User{F18A6D90-4084-4233-98EF-6A60B180A574}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | "UDP Query User{1E50AA43-D109-4EAA-AD56-9E69C5D6A22A}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | "UDP Query User{5D1E164A-4810-40FB-875D-B1D6F21924AD}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | "UDP Query User{8618F05B-9652-4252-B132-ED671A01B52F}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | "UDP Query User{EFB5BBBF-A6B3-4139-A8C3-CC85FF5F28C6}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{319C2C53-4B27-4F29-AA9C-43BDB6F5A073}" = Fresco Logic USB3.0 Host Controller "{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "9458-3297-1521-7844" = AnyClient 5.0.0.65 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "ProInst" = Intel PROSet Wireless [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{6005535D-8A83-4108-A757-E1AB9886AECA}" = Cisco AnyConnect VPN Client "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "aTube Catcher" = aTube Catcher "Dell Webcam Central" = Dell Webcam Central "Google Chrome" = Google Chrome "incredibar" = Incredibar Toolbar on IE "Messenger Plus! for Skype" = Messenger Plus! for Skype "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "ProInst" = Intel PROSet Wireless "Rainlendar2" = Rainlendar2 (remove only) "tulox Freeware-Wörterbuch (Englisch)" = tulox Freeware-Wörterbuch (Englisch) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12.11.2012 18:48:21 | Computer Name = user-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\user\Documents\Admin\SoftonicDownloader_fuer_pandora-recovery.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 13.11.2012 04:31:13 | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 13.11.2012 05:02:51 | Computer Name = user-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\user\Downloads\SoftonicDownloader_fuer_tulox-freeware-worterbuch.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 13.11.2012 05:02:53 | Computer Name = user-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\user\Downloads\SoftonicDownloader_fuer_tulox-freeware-worterbuch.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 13.11.2012 12:41:49 | Computer Name = user-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\user\downloads\SoftonicDownloader_fuer_tulox-freeware-worterbuch.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 13.11.2012 14:56:07 | Computer Name = user-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\user\Downloads\SoftonicDownloader_fuer_tulox-freeware-worterbuch.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 14.11.2012 02:13:15 | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 14.11.2012 03:28:11 | Computer Name = user-PC | Source = Application Hang | ID = 1002 Description = Programm Setup.exe, Version 2.0.24.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10c0 Startzeit: 01cdc23904052b7d Endzeit: 7 Anwendungspfad: C:\Users\user\Downloads\Setup.exe Berichts-ID: Error - 14.11.2012 04:50:32 | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 14.11.2012 07:20:57 | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = [ Cisco AnyConnect VPN Client Events ] Error - 14.11.2012 07:00:10 | Computer Name = user-PC | Source = vpndownloader | ID = 50659329 Description = Function: CHttpSessionWinInet::HandleError Return code: 12007 File: ..\Common\Utility\HttpSession_wininet.cpp Line: 712 Description: Der Servername oder die Serveradresse konnte nicht verarbeitet werden. Error - 14.11.2012 07:00:10 | Computer Name = user-PC | Source = vpndownloader | ID = 50659329 Description = Function: SendRequest Return code: 12007 File: .\FileDownloader.cpp Line: 353 Description: Der Servername oder die Serveradresse konnte nicht verarbeitet werden. Error - 14.11.2012 07:00:10 | Computer Name = user-PC | Source = vpndownloader | ID = 50659329 Description = Function: RequestFileFromNetwork Return code: 0xFEFF000A File: .\FileDownloader.cpp Line: 308 Description: unknown Error - 14.11.2012 07:00:10 | Computer Name = user-PC | Source = vpndownloader | ID = 50659329 Description = Function: CFileDownloader::DoDownload Return code: 0xFEFF000A File: .\ManifestMgr.cpp Line: 396 Description: unknown Failed to download from https://vpngw.fh-kempten.de/+CSCOT+/translation-table?type=combined-manifest&textdomain=AnyConnect to C:\Users\user\AppData\Local\Temp\11328.tmp\ComboManifest.xml Error - 14.11.2012 07:00:22 | Computer Name = user-PC | Source = vpndownloader | ID = 50659329 Description = Function: CHttpSessionWinInet::HandleError Return code: 12007 File: ..\Common\Utility\HttpSession_wininet.cpp Line: 712 Description: Der Servername oder die Serveradresse konnte nicht verarbeitet werden. Error - 14.11.2012 07:00:22 | Computer Name = user-PC | Source = vpndownloader | ID = 50659329 Description = Function: SendRequest Return code: 12007 File: .\FileDownloader.cpp Line: 353 Description: Der Servername oder die Serveradresse konnte nicht verarbeitet werden. Error - 14.11.2012 07:00:22 | Computer Name = user-PC | Source = vpndownloader | ID = 50659329 Description = Function: RequestFileFromNetwork Return code: 0xFEFF000A File: .\FileDownloader.cpp Line: 308 Description: unknown Error - 14.11.2012 07:00:22 | Computer Name = user-PC | Source = vpndownloader | ID = 50659329 Description = Function: CFileDownloader::DoDownload Return code: 0xFEFF000A File: .\ManifestMgr.cpp Line: 396 Description: unknown Failed to download from https://vpngw.fh-kempten.de/CACHE/stc/1/VPNManifest.xml to C:\Users\user\AppData\Local\Temp\11328.tmp\VPNManifest.xml Error - 14.11.2012 07:00:22 | Computer Name = user-PC | Source = vpndownloader | ID = 50659329 Description = Function: GetManifest Return code: 0 File: .\ManifestMgr.cpp Line: 591 Description: Failed to get main manifest Error - 14.11.2012 07:00:22 | Computer Name = user-PC | Source = vpnui | ID = 50724865 Description = Function: ConnectMgr :: launchCachedDownloader Return code: 1 File: .\ConnectMgr.cpp Line: 4299 Description: Cached Downloader terminated abnormally [ System Events ] Error - 15.10.2012 11:05:05 | Computer Name = user-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005 Error - 15.10.2012 11:05:05 | Computer Name = user-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus. Error - 15.10.2012 11:07:29 | Computer Name = user-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 8 unter Windows 7 für x64-basierte Systeme (KB2544521) Error - 15.10.2012 11:07:29 | Computer Name = user-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für Internet Explorer*8 für Windows 7 für x64-basierte Systeme (KB2598845) Error - 15.10.2012 11:59:37 | Computer Name = user-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{212A68AD-2162-44A7-A181-4D5330BD25EC} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 15.10.2012 11:59:37 | Computer Name = user-PC | Source = NetBT | ID = 4321 Description = Der Name "USER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.10 registriert werden. Der Computer mit IP-Adresse 192.168.2.202 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.10.2012 11:59:37 | Computer Name = user-PC | Source = NetBT | ID = 4321 Description = Der Name "USER-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.10 registriert werden. Der Computer mit IP-Adresse 192.168.2.202 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 16.10.2012 16:12:22 | Computer Name = user-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b Error - 22.10.2012 13:53:41 | Computer Name = user-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0) Error - 12.11.2012 12:42:11 | Computer Name = user-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. < End of report > |
14.11.2012, 16:54 | #4 |
/// Malware-holic | Incredibar loswerden hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.11.2012, 17:38 | #5 |
| Incredibar loswerden 17:35:18.0716 10140 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:35:18.0801 10140 ============================================================ 17:35:18.0801 10140 Current date / time: 2012/11/14 17:35:18.0801 17:35:18.0801 10140 SystemInfo: 17:35:18.0801 10140 17:35:18.0801 10140 OS Version: 6.1.7601 ServicePack: 1.0 17:35:18.0801 10140 Product type: Workstation 17:35:18.0801 10140 ComputerName: USER-PC 17:35:18.0801 10140 UserName: user 17:35:18.0801 10140 Windows directory: C:\Windows 17:35:18.0801 10140 System windows directory: C:\Windows 17:35:18.0801 10140 Running under WOW64 17:35:18.0801 10140 Processor architecture: Intel x64 17:35:18.0801 10140 Number of processors: 4 17:35:18.0801 10140 Page size: 0x1000 17:35:18.0801 10140 Boot type: Normal boot 17:35:18.0801 10140 ============================================================ 17:35:19.0851 10140 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:35:19.0857 10140 ============================================================ 17:35:19.0857 10140 \Device\Harddisk0\DR0: 17:35:19.0857 10140 MBR partitions: 17:35:19.0857 10140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 17:35:19.0857 10140 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800 17:35:19.0857 10140 ============================================================ 17:35:21.0579 10140 C: <-> \Device\Harddisk0\DR0\Partition2 17:35:21.0579 10140 ============================================================ 17:35:21.0579 10140 Initialize success 17:35:21.0579 10140 ============================================================ 17:36:03.0567 4732 ============================================================ 17:36:03.0567 4732 Scan started 17:36:03.0567 4732 Mode: Manual; SigCheck; TDLFS; 17:36:03.0567 4732 ============================================================ 17:36:04.0253 4732 ================ Scan system memory ======================== 17:36:04.0253 4732 System memory - ok 17:36:04.0253 4732 ================ Scan services ============================= 17:36:04.0534 4732 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 17:36:04.0596 4732 1394ohci - ok 17:36:04.0628 4732 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:36:04.0643 4732 ACPI - ok 17:36:04.0643 4732 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:36:04.0706 4732 AcpiPmi - ok 17:36:04.0768 4732 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:36:04.0799 4732 AdobeARMservice - ok 17:36:04.0877 4732 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:36:04.0893 4732 AdobeFlashPlayerUpdateSvc - ok 17:36:04.0940 4732 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 17:36:04.0986 4732 adp94xx - ok 17:36:05.0018 4732 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 17:36:05.0049 4732 adpahci - ok 17:36:05.0049 4732 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 17:36:05.0064 4732 adpu320 - ok 17:36:05.0080 4732 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:36:05.0220 4732 AeLookupSvc - ok 17:36:05.0283 4732 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 17:36:05.0298 4732 AERTFilters - ok 17:36:05.0361 4732 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 17:36:05.0408 4732 AFD - ok 17:36:05.0454 4732 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:36:05.0470 4732 agp440 - ok 17:36:05.0486 4732 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:36:05.0501 4732 ALG - ok 17:36:05.0517 4732 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 17:36:05.0517 4732 aliide - ok 17:36:05.0532 4732 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 17:36:05.0532 4732 amdide - ok 17:36:05.0532 4732 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 17:36:05.0564 4732 AmdK8 - ok 17:36:05.0564 4732 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 17:36:05.0579 4732 AmdPPM - ok 17:36:05.0595 4732 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:36:05.0610 4732 amdsata - ok 17:36:05.0642 4732 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 17:36:05.0642 4732 amdsbs - ok 17:36:05.0657 4732 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:36:05.0673 4732 amdxata - ok 17:36:05.0704 4732 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys 17:36:05.0735 4732 AMPPAL - ok 17:36:05.0735 4732 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys 17:36:05.0751 4732 AMPPALP - ok 17:36:05.0813 4732 [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 17:36:05.0876 4732 AMPPALR3 - ok 17:36:05.0922 4732 [ D95A13CA98E86B837714E0985D22BFEC ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 17:36:05.0938 4732 ApfiltrService - ok 17:36:05.0969 4732 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 17:36:06.0110 4732 AppID - ok 17:36:06.0125 4732 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:36:06.0172 4732 AppIDSvc - ok 17:36:06.0188 4732 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 17:36:06.0234 4732 Appinfo - ok 17:36:06.0266 4732 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 17:36:06.0266 4732 arc - ok 17:36:06.0281 4732 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 17:36:06.0281 4732 arcsas - ok 17:36:06.0312 4732 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:36:06.0375 4732 AsyncMac - ok 17:36:06.0390 4732 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 17:36:06.0390 4732 atapi - ok 17:36:06.0406 4732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:36:06.0468 4732 AudioEndpointBuilder - ok 17:36:06.0468 4732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:36:06.0515 4732 AudioSrv - ok 17:36:06.0531 4732 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:36:06.0593 4732 AxInstSV - ok 17:36:06.0640 4732 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 17:36:06.0671 4732 b06bdrv - ok 17:36:06.0718 4732 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:36:06.0765 4732 b57nd60a - ok 17:36:06.0796 4732 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 17:36:06.0827 4732 BDESVC - ok 17:36:06.0843 4732 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 17:36:06.0890 4732 Beep - ok 17:36:06.0936 4732 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 17:36:06.0983 4732 BFE - ok 17:36:06.0999 4732 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 17:36:07.0061 4732 BITS - ok 17:36:07.0077 4732 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:36:07.0092 4732 blbdrive - ok 17:36:07.0170 4732 [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 17:36:07.0217 4732 Bluetooth Device Monitor - ok 17:36:07.0233 4732 [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 17:36:07.0280 4732 Bluetooth Media Service - ok 17:36:07.0326 4732 [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 17:36:07.0358 4732 Bluetooth OBEX Service - ok 17:36:07.0420 4732 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:36:07.0451 4732 bowser - ok 17:36:07.0467 4732 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 17:36:07.0498 4732 BrFiltLo - ok 17:36:07.0514 4732 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 17:36:07.0529 4732 BrFiltUp - ok 17:36:07.0592 4732 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 17:36:07.0623 4732 Browser - ok 17:36:07.0623 4732 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:36:07.0638 4732 Brserid - ok 17:36:07.0638 4732 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:36:07.0685 4732 BrSerWdm - ok 17:36:07.0685 4732 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:36:07.0716 4732 BrUsbMdm - ok 17:36:07.0716 4732 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:36:07.0732 4732 BrUsbSer - ok 17:36:07.0794 4732 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 17:36:07.0857 4732 BthEnum - ok 17:36:07.0872 4732 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 17:36:07.0904 4732 BTHMODEM - ok 17:36:07.0935 4732 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 17:36:07.0966 4732 BthPan - ok 17:36:07.0982 4732 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 17:36:08.0013 4732 BTHPORT - ok 17:36:08.0044 4732 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 17:36:08.0075 4732 bthserv - ok 17:36:08.0106 4732 [ D6CEEC2F878149E4DB9FE93FA5D8FE60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 17:36:08.0106 4732 BTHSSecurityMgr - ok 17:36:08.0122 4732 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 17:36:08.0169 4732 BTHUSB - ok 17:36:08.0184 4732 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\Windows\system32\drivers\btmaud.sys 17:36:08.0231 4732 btmaudio - ok 17:36:08.0247 4732 [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys 17:36:08.0294 4732 btmaux - ok 17:36:08.0309 4732 [ 5BA4C6F82A5CA3307C0579D9F7B36E28 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys 17:36:08.0356 4732 btmhsf - ok 17:36:08.0387 4732 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:36:08.0450 4732 cdfs - ok 17:36:08.0465 4732 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:36:08.0481 4732 cdrom - ok 17:36:08.0512 4732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 17:36:08.0543 4732 CertPropSvc - ok 17:36:08.0543 4732 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 17:36:08.0559 4732 circlass - ok 17:36:08.0574 4732 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 17:36:08.0590 4732 CLFS - ok 17:36:08.0652 4732 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:36:08.0668 4732 clr_optimization_v2.0.50727_32 - ok 17:36:08.0715 4732 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:36:08.0730 4732 clr_optimization_v2.0.50727_64 - ok 17:36:08.0855 4732 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:36:08.0871 4732 clr_optimization_v4.0.30319_32 - ok 17:36:08.0933 4732 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:36:08.0964 4732 clr_optimization_v4.0.30319_64 - ok 17:36:08.0980 4732 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:36:09.0011 4732 CmBatt - ok 17:36:09.0027 4732 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:36:09.0042 4732 cmdide - ok 17:36:09.0105 4732 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 17:36:09.0167 4732 CNG - ok 17:36:09.0167 4732 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:36:09.0183 4732 Compbatt - ok 17:36:09.0198 4732 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 17:36:09.0230 4732 CompositeBus - ok 17:36:09.0245 4732 COMSysApp - ok 17:36:09.0292 4732 [ A2B976596A9A316A5E23CCC37B166FE5 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 17:36:09.0308 4732 cphs - ok 17:36:09.0323 4732 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 17:36:09.0339 4732 crcdisk - ok 17:36:09.0386 4732 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:36:09.0417 4732 CryptSvc - ok 17:36:09.0432 4732 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys 17:36:09.0464 4732 CtClsFlt - ok 17:36:09.0526 4732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:36:09.0635 4732 DcomLaunch - ok 17:36:09.0666 4732 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 17:36:09.0698 4732 defragsvc - ok 17:36:09.0729 4732 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:36:09.0760 4732 DfsC - ok 17:36:09.0791 4732 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 17:36:09.0807 4732 Dhcp - ok 17:36:09.0807 4732 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 17:36:09.0854 4732 discache - ok 17:36:09.0869 4732 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 17:36:09.0869 4732 Disk - ok 17:36:09.0916 4732 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:36:09.0963 4732 Dnscache - ok 17:36:09.0978 4732 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:36:10.0041 4732 dot3svc - ok 17:36:10.0056 4732 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 17:36:10.0103 4732 DPS - ok 17:36:10.0119 4732 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:36:10.0166 4732 drmkaud - ok 17:36:10.0212 4732 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:36:10.0259 4732 DXGKrnl - ok 17:36:10.0275 4732 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 17:36:10.0322 4732 EapHost - ok 17:36:10.0384 4732 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 17:36:10.0462 4732 ebdrv - ok 17:36:10.0509 4732 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 17:36:10.0524 4732 EFS - ok 17:36:10.0571 4732 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:36:10.0618 4732 ehRecvr - ok 17:36:10.0649 4732 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 17:36:10.0649 4732 ehSched - ok 17:36:10.0680 4732 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 17:36:10.0712 4732 elxstor - ok 17:36:10.0727 4732 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:36:10.0743 4732 ErrDev - ok 17:36:10.0774 4732 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 17:36:10.0821 4732 EventSystem - ok 17:36:10.0914 4732 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 17:36:10.0992 4732 EvtEng - ok 17:36:11.0024 4732 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 17:36:11.0055 4732 exfat - ok 17:36:11.0086 4732 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:36:11.0164 4732 fastfat - ok 17:36:11.0211 4732 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 17:36:11.0258 4732 Fax - ok 17:36:11.0273 4732 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 17:36:11.0289 4732 fdc - ok 17:36:11.0304 4732 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 17:36:11.0336 4732 fdPHost - ok 17:36:11.0336 4732 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 17:36:11.0382 4732 FDResPub - ok 17:36:11.0414 4732 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:36:11.0414 4732 FileInfo - ok 17:36:11.0414 4732 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:36:11.0460 4732 Filetrace - ok 17:36:11.0460 4732 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 17:36:11.0476 4732 flpydisk - ok 17:36:11.0476 4732 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:36:11.0492 4732 FltMgr - ok 17:36:11.0538 4732 [ F910874E4789DC95F37D2CF6285A85FA ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys 17:36:11.0538 4732 FLxHCIc - ok 17:36:11.0554 4732 [ B957F9A14F696DBC0DC65497AAFD0CA4 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys 17:36:11.0554 4732 FLxHCIh - ok 17:36:11.0616 4732 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 17:36:11.0679 4732 FontCache - ok 17:36:11.0710 4732 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:36:11.0726 4732 FontCache3.0.0.0 - ok 17:36:11.0741 4732 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:36:11.0757 4732 FsDepends - ok 17:36:11.0788 4732 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:36:11.0804 4732 Fs_Rec - ok 17:36:11.0819 4732 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:36:11.0835 4732 fvevol - ok 17:36:11.0866 4732 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 17:36:11.0866 4732 gagp30kx - ok 17:36:11.0897 4732 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 17:36:11.0944 4732 gpsvc - ok 17:36:12.0006 4732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:36:12.0022 4732 gupdate - ok 17:36:12.0038 4732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:36:12.0053 4732 gupdatem - ok 17:36:12.0053 4732 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:36:12.0084 4732 hcw85cir - ok 17:36:12.0100 4732 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:36:12.0131 4732 HdAudAddService - ok 17:36:12.0162 4732 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:36:12.0178 4732 HDAudBus - ok 17:36:12.0178 4732 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 17:36:12.0194 4732 HidBatt - ok 17:36:12.0209 4732 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 17:36:12.0225 4732 HidBth - ok 17:36:12.0225 4732 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 17:36:12.0240 4732 HidIr - ok 17:36:12.0256 4732 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 17:36:12.0287 4732 hidserv - ok 17:36:12.0318 4732 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:36:12.0334 4732 HidUsb - ok 17:36:12.0350 4732 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:36:12.0396 4732 hkmsvc - ok 17:36:12.0412 4732 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:36:12.0428 4732 HomeGroupListener - ok 17:36:12.0459 4732 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:36:12.0474 4732 HomeGroupProvider - ok 17:36:12.0506 4732 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:36:12.0506 4732 HpSAMD - ok 17:36:12.0521 4732 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:36:12.0584 4732 HTTP - ok 17:36:12.0584 4732 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:36:12.0599 4732 hwpolicy - ok 17:36:12.0599 4732 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:36:12.0615 4732 i8042prt - ok 17:36:12.0677 4732 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 17:36:12.0724 4732 iaStor - ok 17:36:12.0755 4732 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:36:12.0786 4732 iaStorV - ok 17:36:12.0818 4732 [ 806422F30DF9CE8307457485779C77B7 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys 17:36:12.0833 4732 iBtFltCoex - ok 17:36:12.0896 4732 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:36:12.0958 4732 idsvc - ok 17:36:13.0254 4732 [ 0638D16029B1C800908D965AC78970C7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 17:36:13.0660 4732 igfx - ok 17:36:13.0707 4732 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 17:36:13.0722 4732 iirsp - ok 17:36:13.0754 4732 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 17:36:13.0832 4732 IKEEXT - ok 17:36:13.0925 4732 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 17:36:14.0003 4732 IntcAzAudAddService - ok 17:36:14.0034 4732 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 17:36:14.0066 4732 IntcDAud - ok 17:36:14.0144 4732 [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 17:36:14.0206 4732 Intel(R) Capability Licensing Service Interface - ok 17:36:14.0206 4732 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 17:36:14.0222 4732 intelide - ok 17:36:14.0268 4732 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:36:14.0300 4732 intelppm - ok 17:36:14.0315 4732 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:36:14.0362 4732 IPBusEnum - ok 17:36:14.0378 4732 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:36:14.0409 4732 IpFilterDriver - ok 17:36:14.0424 4732 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:36:14.0471 4732 iphlpsvc - ok 17:36:14.0487 4732 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:36:14.0487 4732 IPMIDRV - ok 17:36:14.0502 4732 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:36:14.0534 4732 IPNAT - ok 17:36:14.0549 4732 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:36:14.0565 4732 IRENUM - ok 17:36:14.0580 4732 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:36:14.0596 4732 isapnp - ok 17:36:14.0612 4732 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:36:14.0627 4732 iScsiPrt - ok 17:36:14.0643 4732 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:36:14.0643 4732 kbdclass - ok 17:36:14.0658 4732 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 17:36:14.0674 4732 kbdhid - ok 17:36:14.0705 4732 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 17:36:14.0705 4732 KeyIso - ok 17:36:14.0752 4732 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:36:14.0783 4732 KSecDD - ok 17:36:14.0799 4732 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:36:14.0814 4732 KSecPkg - ok 17:36:14.0830 4732 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:36:14.0877 4732 ksthunk - ok 17:36:14.0908 4732 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 17:36:14.0955 4732 KtmRm - ok 17:36:15.0002 4732 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 17:36:15.0048 4732 LanmanServer - ok 17:36:15.0064 4732 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:36:15.0111 4732 LanmanWorkstation - ok 17:36:15.0126 4732 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:36:15.0173 4732 lltdio - ok 17:36:15.0204 4732 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:36:15.0251 4732 lltdsvc - ok 17:36:15.0251 4732 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:36:15.0298 4732 lmhosts - ok 17:36:15.0360 4732 [ AB41542FA180CB3317F597ED7E7D5C5D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 17:36:15.0392 4732 LMS - ok 17:36:15.0407 4732 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 17:36:15.0423 4732 LSI_FC - ok 17:36:15.0423 4732 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 17:36:15.0438 4732 LSI_SAS - ok 17:36:15.0454 4732 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 17:36:15.0454 4732 LSI_SAS2 - ok 17:36:15.0470 4732 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 17:36:15.0470 4732 LSI_SCSI - ok 17:36:15.0485 4732 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 17:36:15.0532 4732 luafv - ok 17:36:15.0548 4732 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:36:15.0579 4732 Mcx2Svc - ok 17:36:15.0594 4732 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 17:36:15.0594 4732 megasas - ok 17:36:15.0610 4732 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 17:36:15.0626 4732 MegaSR - ok 17:36:15.0704 4732 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 17:36:15.0735 4732 MEIx64 - ok 17:36:15.0782 4732 Microsoft SharePoint Workspace Audit Service - ok 17:36:15.0813 4732 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 17:36:15.0875 4732 MMCSS - ok 17:36:15.0875 4732 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 17:36:15.0922 4732 Modem - ok 17:36:15.0938 4732 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:36:15.0953 4732 monitor - ok 17:36:15.0969 4732 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:36:15.0984 4732 mouclass - ok 17:36:16.0016 4732 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:36:16.0031 4732 mouhid - ok 17:36:16.0031 4732 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:36:16.0047 4732 mountmgr - ok 17:36:16.0109 4732 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:36:16.0140 4732 MozillaMaintenance - ok 17:36:16.0140 4732 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 17:36:16.0156 4732 mpio - ok 17:36:16.0156 4732 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:36:16.0187 4732 mpsdrv - ok 17:36:16.0234 4732 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 17:36:16.0296 4732 MpsSvc - ok 17:36:16.0312 4732 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:36:16.0328 4732 MRxDAV - ok 17:36:16.0374 4732 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:36:16.0421 4732 mrxsmb - ok 17:36:16.0437 4732 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:36:16.0468 4732 mrxsmb10 - ok 17:36:16.0484 4732 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:36:16.0499 4732 mrxsmb20 - ok 17:36:16.0515 4732 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 17:36:16.0530 4732 msahci - ok 17:36:16.0530 4732 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:36:16.0546 4732 msdsm - ok 17:36:16.0577 4732 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 17:36:16.0608 4732 MSDTC - ok 17:36:16.0608 4732 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:36:16.0655 4732 Msfs - ok 17:36:16.0733 4732 [ 56E474148B2A5EEFF177DA9791E737CB ] MsgPlusService C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe 17:36:16.0764 4732 MsgPlusService ( UnsignedFile.Multi.Generic ) - warning 17:36:16.0764 4732 MsgPlusService - detected UnsignedFile.Multi.Generic (1) 17:36:16.0780 4732 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:36:16.0858 4732 mshidkmdf - ok 17:36:16.0874 4732 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:36:16.0889 4732 msisadrv - ok 17:36:16.0905 4732 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:36:16.0936 4732 MSiSCSI - ok 17:36:16.0936 4732 msiserver - ok 17:36:16.0967 4732 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:36:17.0030 4732 MSKSSRV - ok 17:36:17.0030 4732 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:36:17.0076 4732 MSPCLOCK - ok 17:36:17.0092 4732 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:36:17.0139 4732 MSPQM - ok 17:36:17.0154 4732 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:36:17.0170 4732 MsRPC - ok 17:36:17.0186 4732 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:36:17.0186 4732 mssmbios - ok 17:36:17.0201 4732 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:36:17.0248 4732 MSTEE - ok 17:36:17.0264 4732 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 17:36:17.0279 4732 MTConfig - ok 17:36:17.0279 4732 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 17:36:17.0295 4732 Mup - ok 17:36:17.0342 4732 [ 265937BC59819DF1DAB65E27C60F94C0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 17:36:17.0357 4732 MyWiFiDHCPDNS - ok 17:36:17.0388 4732 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 17:36:17.0435 4732 napagent - ok 17:36:17.0466 4732 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:36:17.0498 4732 NativeWifiP - ok 17:36:17.0560 4732 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:36:17.0607 4732 NDIS - ok 17:36:17.0622 4732 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:36:17.0654 4732 NdisCap - ok 17:36:17.0669 4732 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:36:17.0700 4732 NdisTapi - ok 17:36:17.0716 4732 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:36:17.0747 4732 Ndisuio - ok 17:36:17.0763 4732 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:36:17.0794 4732 NdisWan - ok 17:36:17.0810 4732 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:36:17.0841 4732 NDProxy - ok 17:36:17.0841 4732 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:36:17.0872 4732 NetBIOS - ok 17:36:17.0903 4732 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:36:17.0934 4732 NetBT - ok 17:36:17.0966 4732 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 17:36:17.0966 4732 Netlogon - ok 17:36:17.0997 4732 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 17:36:18.0044 4732 Netman - ok 17:36:18.0044 4732 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 17:36:18.0090 4732 netprofm - ok 17:36:18.0122 4732 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:36:18.0122 4732 NetTcpPortSharing - ok 17:36:18.0278 4732 [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 17:36:18.0512 4732 NETwNs64 - ok 17:36:18.0543 4732 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 17:36:18.0558 4732 nfrd960 - ok 17:36:18.0590 4732 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:36:18.0668 4732 NlaSvc - ok 17:36:18.0668 4732 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:36:18.0714 4732 Npfs - ok 17:36:18.0730 4732 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 17:36:18.0761 4732 nsi - ok 17:36:18.0777 4732 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:36:18.0808 4732 nsiproxy - ok 17:36:18.0902 4732 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:36:18.0995 4732 Ntfs - ok 17:36:19.0011 4732 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 17:36:19.0058 4732 Null - ok 17:36:19.0104 4732 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys 17:36:19.0120 4732 nusb3hub - ok 17:36:19.0136 4732 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys 17:36:19.0167 4732 nusb3xhc - ok 17:36:19.0198 4732 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:36:19.0198 4732 nvraid - ok 17:36:19.0229 4732 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:36:19.0245 4732 nvstor - ok 17:36:19.0260 4732 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:36:19.0276 4732 nv_agp - ok 17:36:19.0292 4732 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:36:19.0307 4732 ohci1394 - ok 17:36:19.0385 4732 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:36:19.0401 4732 ose - ok 17:36:19.0588 4732 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:36:19.0713 4732 osppsvc - ok 17:36:19.0760 4732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:36:19.0791 4732 p2pimsvc - ok 17:36:19.0822 4732 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 17:36:19.0838 4732 p2psvc - ok 17:36:19.0869 4732 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 17:36:19.0884 4732 Parport - ok 17:36:19.0931 4732 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:36:19.0931 4732 partmgr - ok 17:36:19.0947 4732 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:36:19.0978 4732 PcaSvc - ok 17:36:19.0994 4732 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 17:36:20.0009 4732 pci - ok 17:36:20.0025 4732 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 17:36:20.0025 4732 pciide - ok 17:36:20.0040 4732 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 17:36:20.0056 4732 pcmcia - ok 17:36:20.0056 4732 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 17:36:20.0072 4732 pcw - ok 17:36:20.0087 4732 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:36:20.0134 4732 PEAUTH - ok 17:36:20.0150 4732 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:36:20.0165 4732 PerfHost - ok 17:36:20.0212 4732 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 17:36:20.0274 4732 pla - ok 17:36:20.0352 4732 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:36:20.0415 4732 PlugPlay - ok 17:36:20.0430 4732 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:36:20.0446 4732 PNRPAutoReg - ok 17:36:20.0477 4732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:36:20.0493 4732 PNRPsvc - ok 17:36:20.0524 4732 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:36:20.0571 4732 PolicyAgent - ok 17:36:20.0586 4732 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 17:36:20.0633 4732 Power - ok 17:36:20.0664 4732 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:36:20.0727 4732 PptpMiniport - ok 17:36:20.0742 4732 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 17:36:20.0758 4732 Processor - ok 17:36:20.0805 4732 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 17:36:20.0836 4732 ProfSvc - ok 17:36:20.0852 4732 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 17:36:20.0867 4732 ProtectedStorage - ok 17:36:20.0898 4732 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:36:20.0945 4732 Psched - ok 17:36:20.0992 4732 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 17:36:21.0039 4732 ql2300 - ok 17:36:21.0054 4732 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 17:36:21.0070 4732 ql40xx - ok 17:36:21.0086 4732 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 17:36:21.0101 4732 QWAVE - ok 17:36:21.0101 4732 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:36:21.0132 4732 QWAVEdrv - ok 17:36:21.0148 4732 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:36:21.0179 4732 RasAcd - ok 17:36:21.0210 4732 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:36:21.0242 4732 RasAgileVpn - ok 17:36:21.0242 4732 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 17:36:21.0288 4732 RasAuto - ok 17:36:21.0288 4732 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:36:21.0335 4732 Rasl2tp - ok 17:36:21.0351 4732 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 17:36:21.0382 4732 RasMan - ok 17:36:21.0398 4732 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:36:21.0429 4732 RasPppoe - ok 17:36:21.0460 4732 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:36:21.0522 4732 RasSstp - ok 17:36:21.0538 4732 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:36:21.0585 4732 rdbss - ok 17:36:21.0600 4732 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 17:36:21.0616 4732 rdpbus - ok 17:36:21.0616 4732 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:36:21.0647 4732 RDPCDD - ok 17:36:21.0678 4732 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:36:21.0710 4732 RDPENCDD - ok 17:36:21.0725 4732 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:36:21.0756 4732 RDPREFMP - ok 17:36:21.0803 4732 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:36:21.0834 4732 RDPWD - ok 17:36:21.0866 4732 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:36:21.0881 4732 rdyboost - ok 17:36:21.0959 4732 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 17:36:22.0006 4732 RegSrvc - ok 17:36:22.0022 4732 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:36:22.0068 4732 RemoteAccess - ok 17:36:22.0068 4732 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:36:22.0115 4732 RemoteRegistry - ok 17:36:22.0146 4732 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 17:36:22.0193 4732 RFCOMM - ok 17:36:22.0209 4732 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:36:22.0256 4732 RpcEptMapper - ok 17:36:22.0271 4732 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 17:36:22.0302 4732 RpcLocator - ok 17:36:22.0318 4732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 17:36:22.0349 4732 RpcSs - ok 17:36:22.0380 4732 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:36:22.0412 4732 rspndr - ok 17:36:22.0458 4732 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 17:36:22.0474 4732 RSUSBSTOR - ok 17:36:22.0521 4732 [ 36FCA0C67BCDC0DA047F5F36743B5CB9 ] RSUSBVSTOR C:\Windows\system32\Drivers\RTSUVSTOR.sys 17:36:22.0552 4732 RSUSBVSTOR - ok 17:36:22.0583 4732 [ A6284C8C29CCCCAD9109C4DA5CD916BD ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys 17:36:22.0599 4732 RTL8169 - ok 17:36:22.0614 4732 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 17:36:22.0630 4732 SamSs - ok 17:36:22.0646 4732 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:36:22.0646 4732 sbp2port - ok 17:36:22.0661 4732 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:36:22.0708 4732 SCardSvr - ok 17:36:22.0724 4732 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:36:22.0755 4732 scfilter - ok 17:36:22.0770 4732 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 17:36:22.0833 4732 Schedule - ok 17:36:22.0864 4732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 17:36:22.0895 4732 SCPolicySvc - ok 17:36:22.0911 4732 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:36:22.0926 4732 SDRSVC - ok 17:36:22.0958 4732 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:36:23.0005 4732 secdrv - ok 17:36:23.0005 4732 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 17:36:23.0051 4732 seclogon - ok 17:36:23.0067 4732 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 17:36:23.0114 4732 SENS - ok 17:36:23.0114 4732 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:36:23.0145 4732 SensrSvc - ok 17:36:23.0145 4732 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 17:36:23.0176 4732 Serenum - ok 17:36:23.0192 4732 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 17:36:23.0207 4732 Serial - ok 17:36:23.0223 4732 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 17:36:23.0239 4732 sermouse - ok 17:36:23.0270 4732 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 17:36:23.0301 4732 SessionEnv - ok 17:36:23.0301 4732 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:36:23.0317 4732 sffdisk - ok 17:36:23.0317 4732 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:36:23.0332 4732 sffp_mmc - ok 17:36:23.0332 4732 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:36:23.0348 4732 sffp_sd - ok 17:36:23.0363 4732 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 17:36:23.0363 4732 sfloppy - ok 17:36:23.0379 4732 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:36:23.0426 4732 SharedAccess - ok 17:36:23.0457 4732 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:36:23.0504 4732 ShellHWDetection - ok 17:36:23.0504 4732 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 17:36:23.0519 4732 SiSRaid2 - ok 17:36:23.0535 4732 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 17:36:23.0535 4732 SiSRaid4 - ok 17:36:23.0582 4732 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 17:36:23.0613 4732 SkypeUpdate - ok 17:36:23.0629 4732 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:36:23.0660 4732 Smb - ok 17:36:23.0707 4732 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:36:23.0738 4732 SNMPTRAP - ok 17:36:23.0753 4732 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 17:36:23.0769 4732 spldr - ok 17:36:23.0831 4732 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 17:36:23.0878 4732 Spooler - ok 17:36:23.0972 4732 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 17:36:24.0112 4732 sppsvc - ok 17:36:24.0128 4732 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:36:24.0159 4732 sppuinotify - ok 17:36:24.0206 4732 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 17:36:24.0253 4732 srv - ok 17:36:24.0268 4732 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:36:24.0299 4732 srv2 - ok 17:36:24.0346 4732 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:36:24.0377 4732 srvnet - ok 17:36:24.0409 4732 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:36:24.0440 4732 SSDPSRV - ok 17:36:24.0455 4732 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:36:24.0487 4732 SstpSvc - ok 17:36:24.0502 4732 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 17:36:24.0518 4732 stexstor - ok 17:36:24.0549 4732 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 17:36:24.0580 4732 stisvc - ok 17:36:24.0596 4732 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:36:24.0611 4732 swenum - ok 17:36:24.0627 4732 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 17:36:24.0674 4732 swprv - ok 17:36:24.0721 4732 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 17:36:24.0783 4732 SysMain - ok 17:36:24.0799 4732 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:36:24.0814 4732 TabletInputService - ok 17:36:24.0814 4732 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:36:24.0861 4732 TapiSrv - ok 17:36:24.0861 4732 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 17:36:24.0908 4732 TBS - ok 17:36:25.0017 4732 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:36:25.0079 4732 Tcpip - ok 17:36:25.0126 4732 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:36:25.0157 4732 TCPIP6 - ok 17:36:25.0189 4732 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:36:25.0235 4732 tcpipreg - ok 17:36:25.0251 4732 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:36:25.0267 4732 TDPIPE - ok 17:36:25.0313 4732 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:36:25.0329 4732 TDTCP - ok 17:36:25.0345 4732 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:36:25.0407 4732 tdx - ok 17:36:25.0423 4732 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:36:25.0423 4732 TermDD - ok 17:36:25.0469 4732 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 17:36:25.0547 4732 TermService - ok 17:36:25.0563 4732 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 17:36:25.0579 4732 Themes - ok 17:36:25.0579 4732 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 17:36:25.0610 4732 THREADORDER - ok 17:36:25.0625 4732 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 17:36:25.0672 4732 TrkWks - ok 17:36:25.0703 4732 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:36:25.0750 4732 TrustedInstaller - ok 17:36:25.0750 4732 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:36:25.0781 4732 tssecsrv - ok 17:36:25.0813 4732 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 17:36:25.0828 4732 TsUsbFlt - ok 17:36:25.0828 4732 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 17:36:25.0844 4732 TsUsbGD - ok 17:36:25.0859 4732 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:36:25.0906 4732 tunnel - ok 17:36:25.0906 4732 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 17:36:25.0922 4732 uagp35 - ok 17:36:25.0922 4732 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:36:25.0969 4732 udfs - ok 17:36:26.0000 4732 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:36:26.0000 4732 UI0Detect - ok 17:36:26.0031 4732 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:36:26.0031 4732 uliagpkx - ok 17:36:26.0047 4732 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:36:26.0062 4732 umbus - ok 17:36:26.0062 4732 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 17:36:26.0078 4732 UmPass - ok 17:36:26.0140 4732 [ 182BBA1B43898D5DA0938D2E9A526B31 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 17:36:26.0156 4732 UNS - ok 17:36:26.0171 4732 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 17:36:26.0218 4732 upnphost - ok 17:36:26.0249 4732 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:36:26.0265 4732 usbccgp - ok 17:36:26.0296 4732 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:36:26.0327 4732 usbcir - ok 17:36:26.0390 4732 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 17:36:26.0421 4732 usbehci - ok 17:36:26.0452 4732 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:36:26.0483 4732 usbhub - ok 17:36:26.0515 4732 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:36:26.0546 4732 usbohci - ok 17:36:26.0561 4732 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:36:26.0577 4732 usbprint - ok 17:36:26.0593 4732 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:36:26.0624 4732 USBSTOR - ok 17:36:26.0639 4732 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 17:36:26.0655 4732 usbuhci - ok 17:36:26.0671 4732 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 17:36:26.0702 4732 usbvideo - ok 17:36:26.0733 4732 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 17:36:26.0795 4732 UxSms - ok 17:36:26.0811 4732 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 17:36:26.0811 4732 VaultSvc - ok 17:36:26.0842 4732 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 17:36:26.0842 4732 vdrvroot - ok 17:36:26.0873 4732 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 17:36:26.0920 4732 vds - ok 17:36:26.0936 4732 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:36:26.0951 4732 vga - ok 17:36:26.0967 4732 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 17:36:27.0014 4732 VgaSave - ok 17:36:27.0014 4732 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 17:36:27.0029 4732 vhdmp - ok 17:36:27.0045 4732 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 17:36:27.0045 4732 viaide - ok 17:36:27.0061 4732 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:36:27.0076 4732 volmgr - ok 17:36:27.0076 4732 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:36:27.0092 4732 volmgrx - ok 17:36:27.0107 4732 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:36:27.0123 4732 volsnap - ok 17:36:27.0217 4732 [ CB7859F7029AC19E9B9C76AA0E5E79D2 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 17:36:27.0248 4732 vpnagent - ok 17:36:27.0263 4732 [ A6CA1C89EB232697CA6369EB55729E48 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys 17:36:27.0279 4732 vpnva - ok 17:36:27.0310 4732 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 17:36:27.0310 4732 vsmraid - ok 17:36:27.0373 4732 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 17:36:27.0451 4732 VSS - ok 17:36:27.0466 4732 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 17:36:27.0482 4732 vwifibus - ok 17:36:27.0513 4732 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 17:36:27.0544 4732 vwififlt - ok 17:36:27.0544 4732 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 17:36:27.0575 4732 vwifimp - ok 17:36:27.0607 4732 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 17:36:27.0653 4732 W32Time - ok 17:36:27.0700 4732 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 17:36:27.0731 4732 WacomPen - ok 17:36:27.0747 4732 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:36:27.0809 4732 WANARP - ok 17:36:27.0825 4732 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:36:27.0856 4732 Wanarpv6 - ok 17:36:27.0887 4732 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 17:36:27.0934 4732 wbengine - ok 17:36:27.0950 4732 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:36:27.0965 4732 WbioSrvc - ok 17:36:27.0981 4732 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:36:28.0012 4732 wcncsvc - ok 17:36:28.0012 4732 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:36:28.0043 4732 WcsPlugInService - ok 17:36:28.0059 4732 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 17:36:28.0075 4732 Wd - ok 17:36:28.0090 4732 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:36:28.0121 4732 Wdf01000 - ok 17:36:28.0121 4732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:36:28.0153 4732 WdiServiceHost - ok 17:36:28.0153 4732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:36:28.0168 4732 WdiSystemHost - ok 17:36:28.0184 4732 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 17:36:28.0199 4732 WebClient - ok 17:36:28.0215 4732 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:36:28.0262 4732 Wecsvc - ok 17:36:28.0277 4732 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:36:28.0324 4732 wercplsupport - ok 17:36:28.0340 4732 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 17:36:28.0371 4732 WerSvc - ok 17:36:28.0387 4732 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:36:28.0418 4732 WfpLwf - ok 17:36:28.0433 4732 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:36:28.0449 4732 WIMMount - ok 17:36:28.0465 4732 WinDefend - ok 17:36:28.0465 4732 WinHttpAutoProxySvc - ok 17:36:28.0527 4732 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:36:28.0574 4732 Winmgmt - ok 17:36:28.0636 4732 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 17:36:28.0699 4732 WinRM - ok 17:36:28.0745 4732 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 17:36:28.0792 4732 Wlansvc - ok 17:36:28.0792 4732 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 17:36:28.0823 4732 WmiAcpi - ok 17:36:28.0839 4732 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:36:28.0870 4732 wmiApSrv - ok 17:36:28.0886 4732 WMPNetworkSvc - ok 17:36:28.0917 4732 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:36:28.0933 4732 WPCSvc - ok 17:36:28.0948 4732 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:36:28.0964 4732 WPDBusEnum - ok 17:36:28.0979 4732 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:36:29.0011 4732 ws2ifsl - ok 17:36:29.0026 4732 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 17:36:29.0057 4732 wscsvc - ok 17:36:29.0057 4732 WSearch - ok 17:36:29.0151 4732 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 17:36:29.0229 4732 wuauserv - ok 17:36:29.0245 4732 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:36:29.0276 4732 WudfPf - ok 17:36:29.0307 4732 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:36:29.0354 4732 WUDFRd - ok 17:36:29.0369 4732 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:36:29.0416 4732 wudfsvc - ok 17:36:29.0432 4732 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 17:36:29.0463 4732 WwanSvc - ok 17:36:29.0479 4732 ================ Scan global =============================== 17:36:29.0494 4732 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 17:36:29.0541 4732 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 17:36:29.0557 4732 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 17:36:29.0588 4732 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 17:36:29.0619 4732 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 17:36:29.0619 4732 [Global] - ok 17:36:29.0619 4732 ================ Scan MBR ================================== 17:36:29.0635 4732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:36:29.0947 4732 \Device\Harddisk0\DR0 - ok 17:36:29.0947 4732 ================ Scan VBR ================================== 17:36:29.0962 4732 [ 58C1C8F6DB2423849FE283769247632C ] \Device\Harddisk0\DR0\Partition1 17:36:29.0962 4732 \Device\Harddisk0\DR0\Partition1 - ok 17:36:29.0993 4732 [ 788E90FE4A06AC0DB859AB6C3F3D5558 ] \Device\Harddisk0\DR0\Partition2 17:36:29.0993 4732 \Device\Harddisk0\DR0\Partition2 - ok 17:36:29.0993 4732 ============================================================ 17:36:30.0009 4732 Scan finished 17:36:30.0009 4732 ============================================================ 17:36:30.0025 8688 Detected object count: 1 17:36:30.0025 8688 Actual detected object count: 1 17:36:37.0528 8688 MsgPlusService ( UnsignedFile.Multi.Generic ) - skipped by user 17:36:37.0528 8688 MsgPlusService ( UnsignedFile.Multi.Generic ) - User select action: Skip |
14.11.2012, 19:45 | #6 |
/// Malware-holic | Incredibar loswerden hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Incredibar loswerden |
14.11.2012, 22:24 | #7 |
| Incredibar loswerden Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.14.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 user :: USER-PC [Administrator] 14.11.2012 21:40:02 mbam-log-2012-11-14 (21-40-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 426090 Laufzeit: 42 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\user\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Pictures\2011\Hochzeitsbilder vom Internet_2\Codec-C.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Verena\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Ich weiß nicht, ob das Problem jetzt durch Malwarebytes behoben sein müsste, aber es ist auf jeden Fall immer noch da.... Was wäre der nächste Schritt? LG und Danke! Ich weiß nicht, ob das Problem durch Malwarebytes jetzt behoben sein müsste, aber es ist auf jeden Fall immer noch da... Was ist nun der nächste Schritt? LG und Danke... |
16.11.2012, 13:31 | #8 |
/// Malware-holic | Incredibar loswerden immer mit der ruhe. lade den CCleaner standard: CCleaner Download - CCleaner 3.24.1850 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.11.2012, 13:26 | #9 |
| Incredibar loswerden Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.10.2012 6,00MB 11.4.402.287 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.10.2012 6,00MB 11.4.402.287 notwendig Adobe Reader XI - Deutsch Adobe Systems Incorporated 15.10.2012 128MB 11.0.00 notwendig Advanced Audio FX Engine Creative Technology Ltd 11.10.2012 1.12.05 unbekannt Akamai NetSession Interface Akamai Technologies, Inc 15.10.2012 unbekannt AnyClient 5.0.0.65 JSCAPE 23.10.2012 5.0.0.65 notwendig aTube Catcher DsNET Corp 18.10.2012 2.7.778 notwendig CCleaner Piriform 24.10.2012 3.24 notwendig Cisco AnyConnect VPN Client Cisco Systems, Inc. 23.10.2012 3,23MB 2.3.0254 notwendig Dell Touchpad ALPS ELECTRIC CO., LTD. 15.10.2012 7.1209.101.215 notwendig Dell Webcam Central Creative Technology Ltd 11.10.2012 1.40.05 notwendig Fresco Logic USB3.0 Host Controller Fresco Logic Inc. 11.10.2012 3,53MB 3.4.6.0 unbekannt Google Chrome Google Inc. 16.10.2012 23.0.1271.64 notwendig Incredibar Toolbar on IE 14.11.2012 die muss weg Intel(R) Management Engine Components Intel Corporation 15.10.2012 8.0.1.1399 unbekannt Intel(R) OpenCL CPU Runtime Intel Corporation 15.10.2012 unbekannt Intel(R) Processor Graphics Intel Corporation 15.10.2012 8.15.10.2598 unbekannt Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel Corporation 11.10.2012 90,1MB 1.2.1.0608 notwendig Intel(R) PROSet/Wireless WiFi-Software Intel Corporation 11.10.2012 136MB 14.03.0000 notwendig Intel® Trusted Connect Service Client Intel Corporation 15.10.2012 10,6MB 1.23.219.2 unbekannt Java 7 Update 9 (64-bit) Oracle 23.10.2012 127MB 7.0.90 notwendig Live! Cam Avatar Creator Creative Technology Ltd 11.10.2012 4.6.3009.1 unbekannt Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 14.11.2012 19,4MB 1.65.1.1000 notwendig Messenger Plus! for Skype Yuna Software 15.10.2012 1.5.0.120 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.10.2012 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 16.10.2012 2,93MB 4.0.30319 unbekannt Microsoft Office Professional Plus 2010 Microsoft Corporation 30.10.2012 14.0.4763.1000 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.10.2012 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.10.2012 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 15.10.2012 13,6MB 10.0.30319 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 15.10.2012 11,0MB 10.0.30319 unbekannt Mozilla Firefox 16.0.2 (x86 de) Mozilla 31.10.2012 38,5MB 16.0.2 notwendig Mozilla Maintenance Service Mozilla 31.10.2012 329KB 16.0.2 unbekannt OpenOffice.org 3.4.1 Apache Software Foundation 17.10.2012 331MB 3.41.9593 notwendig Quickset64 Dell Inc. 11.10.2012 7,52MB 11.0.15 unbekannt Rainlendar2 (remove only) 10.11.2012 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 11.10.2012 6.0.1.6482 unbekannt Realtek USB 2.0 Reader Driver Realtek Semiconductor Corp. 15.10.2012 6.1.7601.39013 unbekannt Skype™ 5.10 Skype Technologies S.A. 15.10.2012 19,4MB 5.10.116 notwendig Spotify Spotify AB 26.10.2012 0.8.5.1333.g822e0de8 notwendig tulox Freeware-Wörterbuch (Englisch) 13.11.2012 notwendig VLC media player 2.0.4 VideoLAN 15.11.2012 2.0.4 notwendig |
19.11.2012, 17:33 | #10 |
/// Malware-holic | Incredibar loswerden deinstaliere: Incredibar Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.11.2012, 22:06 | #11 |
| Incredibar loswerden # AdwCleaner v2.008 - Datei am 19/11/2012 um 22:04:03 erstellt # Aktualisiert am 17/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : user - USER-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\user\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\user.js Ordner Gefunden : C:\Program Files (x86)\Perion ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\IM Schlüssel Gefunden : HKCU\Software\ImInstaller Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gefunden : HKLM\Software\IB Updater Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : HKU\S-1-5-21-2056309371-2243272444-117162636-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb185?a=6PQPFUUJC1&i=26 -\\ Mozilla Firefox v16.0.2 (de) -\\ Google Chrome v [Version kann nicht ermittelt werden] ************************* AdwCleaner[R1].txt - [2184 octets] - [19/11/2012 22:04:03] ########## EOF - C:\AdwCleaner[R1].txt - [2244 octets] ########## |
20.11.2012, 20:39 | #12 |
/// Malware-holic | Incredibar loswerden hi
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
20.11.2012, 21:07 | #13 |
| Incredibar loswerden # AdwCleaner v2.008 - Datei am 20/11/2012 um 21:04:13 erstellt # Aktualisiert am 17/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : user - USER-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\user\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\user.js Ordner Gelöscht : C:\Program Files (x86)\Perion ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\Software\IB Updater Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb185?a=6PQPFUUJC1&i=26 --> hxxp://www.google.com -\\ Mozilla Firefox v16.0.2 (de) -\\ Google Chrome v [Version kann nicht ermittelt werden] ************************* AdwCleaner[R1].txt - [2307 octets] - [19/11/2012 22:04:03] AdwCleaner[S1].txt - [2025 octets] - [20/11/2012 21:04:13] ########## EOF - C:\AdwCleaner[S1].txt - [2085 octets] ########## |
21.11.2012, 20:35 | #14 |
/// Malware-holic | Incredibar loswerden hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb185?a=6PQPFUUJC1i=26 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb185/?search={searchTerms}loc=IB_DSa=6PQPFUUJC1i=26 FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb185/?loc=IB_DSa=6PQPFUUJC1&i=26search=" :Files :Commands [EMPTYFLASH] [emptytemp] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.11.2012, 21:08 | #15 |
| Incredibar loswerden All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Prefs.js: "MyStart Search" removed from browser.search.defaultenginename Prefs.js: "MyStart Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://mystart.incredibar.com/mb185/?loc=IB_DSa=6PQPFUUJC1&i=26search=" removed from keyword.URL ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: user ->Flash cache emptied: 2218 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: user ->Temp folder emptied: 2821280 bytes ->Temporary Internet Files folder emptied: 35024023 bytes ->FireFox cache emptied: 313509864 bytes ->Google Chrome cache emptied: 70585157 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 13800448 bytes %systemroot%\System32 (64bit) .tmp files removed: 21628048 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 29380406 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52700 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 464,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11212012_210459 Files\Folders moved on Reboot... C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\SysNative\SET18C.tmp not found! File\Folder C:\Windows\SysNative\SET57A.tmp not found! File\Folder C:\Windows\SysNative\SETFDBA.tmp not found! File\Folder C:\Windows\SysNative\SETFDDB.tmp not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... |
Themen zu Incredibar loswerden |
andere, anderen, angelegt, gelegt, incredibar, incredibar loswerden, installier, installiert, laptop, loswerden, programm, versehentlich, vorgehen |