| |
| |||||||
Log-Analyse und Auswertung: AVIRA findet EXP/Dldr.Java.NWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.12.2012, 16:03
| #1 |
 |  AVIRA findet EXP/Dldr.Java.N Hi zusammen! Eben hat AVIRA zwei mal auf meinem Rechner eine verdächtige Datei mit der Bezeichung EXP/Dldr.Java.N gefunden und in Quaeantäne geschoben. Leider hatte ich gerade vorher eineige Kreditkarten Transaktionen durchgeführt. Jetzt bin ich natürlich verunsichert... Was soll ich tun? Kreditkarte sperren? Hier erst mal die Logs von OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 08.12.2012 15:45:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PH\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,38% Memory free 7,87 Gb Paging File | 6,00 Gb Available in Paging File | 76,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 341,70 Gb Total Space | 235,22 Gb Free Space | 68,84% Space Free | Partition Type: NTFS Computer Name: PH-SHUTTLE | User Name: PH | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.08 15:40:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PH\Desktop\OTL.exe PRC - [2012.12.08 15:40:02 | 000,050,477 | ---- | M] () -- C:\Users\PH\Desktop\Defogger.exe PRC - [2012.11.27 10:25:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.27 10:25:40 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.27 10:25:40 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.17 12:07:29 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\PH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe PRC - [2012.11.13 22:47:27 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012.10.27 16:53:48 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\PH\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2010.11.18 05:35:52 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2010.02.10 13:46:40 | 000,697,640 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe PRC - [2009.11.02 13:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.07.06 13:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2008.06.24 15:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.12.08 15:40:02 | 000,050,477 | ---- | M] () -- C:\Users\PH\Desktop\Defogger.exe MOD - [2012.11.13 22:47:27 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll MOD - [2012.10.27 16:53:48 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.02.09 09:52:34 | 033,744,168 | ---- | M] () -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll MOD - [2009.11.02 13:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 13:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV - [2012.11.27 10:25:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.27 10:25:40 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.13 22:47:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.27 16:53:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.26 17:42:45 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.15 12:54:54 | 000,313,408 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe -- (ArchiCrypt Sichere Loeschzonen) SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.11.18 13:35:50 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.06.06 18:48:17 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.10.07 13:48:28 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor) DRV:64bit: - [2009.10.07 13:48:26 | 000,376,304 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:3.0.0 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.23 FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3.1 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 16:53:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 16:53:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.06 18:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PH\AppData\Roaming\mozilla\Extensions [2012.12.04 22:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PH\AppData\Roaming\mozilla\Firefox\Profiles\nsu3mzw6.default\extensions [2012.09.19 20:45:01 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\PH\AppData\Roaming\mozilla\Firefox\Profiles\nsu3mzw6.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2012.10.22 08:00:51 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\PH\AppData\Roaming\mozilla\Firefox\Profiles\nsu3mzw6.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2012.10.05 17:42:44 | 000,000,000 | ---D | M] (WOT) -- C:\Users\PH\AppData\Roaming\mozilla\Firefox\Profiles\nsu3mzw6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.06.09 10:52:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\PH\AppData\Roaming\mozilla\Firefox\Profiles\nsu3mzw6.default\extensions\DeviceDetection@logitech.com [2012.12.04 22:17:38 | 000,531,070 | ---- | M] () (No name found) -- C:\Users\PH\AppData\Roaming\mozilla\firefox\profiles\nsu3mzw6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.06.06 18:44:23 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\PH\AppData\Roaming\mozilla\firefox\profiles\nsu3mzw6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.12.01 16:59:51 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\PH\AppData\Roaming\mozilla\firefox\profiles\nsu3mzw6.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.10.27 16:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.27 16:53:48 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.12 18:58:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.01 17:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [InstantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (CyberLink Corporation.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [ArchiCrypt Scheduler 6] File not found O4 - HKCU..\Run: [ArchiCrypt SecureDZone] File not found O4 - HKCU..\Run: [ArchiCrypt Shredder 6] File not found O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [SkyDrive] C:\Users\PH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - Startup: C:\Users\PH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\PH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{773DBAD3-B683-431D-878F-56CE4070912F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.08 15:40:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PH\Desktop\OTL.exe [2012.12.04 22:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.04 22:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.04 22:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.12.04 22:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.04 22:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.11.24 16:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.24 16:52:16 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.24 16:52:16 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.24 16:52:16 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.17 12:54:41 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.17 12:54:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.17 12:51:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.17 12:49:06 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.17 12:49:06 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.17 12:49:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.17 12:49:06 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.17 12:15:13 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.17 12:15:13 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.17 12:15:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.17 12:15:04 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.17 12:15:04 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.17 12:15:04 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.17 12:15:04 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.17 12:15:03 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.17 12:15:03 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.17 12:14:49 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.17 12:14:49 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll ========== Files - Modified Within 30 Days ========== [2012.12.08 15:44:59 | 000,000,000 | ---- | M] () -- C:\Users\PH\defogger_reenable [2012.12.08 15:40:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PH\Desktop\OTL.exe [2012.12.08 15:40:02 | 000,050,477 | ---- | M] () -- C:\Users\PH\Desktop\Defogger.exe [2012.12.08 15:10:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.08 11:57:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.07 21:44:22 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.07 21:44:22 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.07 21:36:25 | 3167,887,360 | -HS- | M] () -- C:\hiberfil.sys [2012.12.02 13:28:55 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.02 13:28:55 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.02 13:28:55 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.02 13:28:55 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.02 13:28:55 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.28 19:22:50 | 002,282,359 | ---- | M] () -- C:\Users\PH\Desktop\Energie-Monitoringbericht_2012.pdf [2012.11.17 19:02:26 | 000,427,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.13 22:47:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.13 22:47:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.12.08 15:44:59 | 000,000,000 | ---- | C] () -- C:\Users\PH\defogger_reenable [2012.12.08 15:40:00 | 000,050,477 | ---- | C] () -- C:\Users\PH\Desktop\Defogger.exe [2012.11.28 12:20:35 | 002,282,359 | ---- | C] () -- C:\Users\PH\Desktop\Energie-Monitoringbericht_2012.pdf [2012.11.17 12:54:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 12:49:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.06.10 21:21:59 | 000,000,105 | ---- | C] () -- C:\Users\PH\AppData\Roaming\default.pls [2012.06.10 21:09:34 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2012.06.10 21:09:23 | 000,001,024 | ---- | C] () -- C:\Users\PH\.rnd [2011.02.11 18:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011.02.11 18:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011.02.11 18:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Und hier die Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.12.2012 15:45:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PH\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,38% Memory free
7,87 Gb Paging File | 6,00 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,70 Gb Total Space | 235,22 Gb Free Space | 68,84% Space Free | Partition Type: NTFS
Computer Name: PH-SHUTTLE | User Name: PH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" "%1"
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /ADD "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" "%1"
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /ADD "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F86D64-0A2E-4B9A-B6BE-C701806339B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BCDA9B4-56F1-4E18-8BAD-347949786339}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F9C3962-CB00-4058-8760-FD363F73C236}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2239C597-6641-43F7-BEB4-944EDBCDB998}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29FC3F35-F88D-41A9-A306-D13D42190B27}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C9E39C3-7B8E-4A74-9958-4567B5DD818B}" = rport=138 | protocol=17 | dir=out | app=system |
"{3168D8CD-D146-462B-8FBE-8C8299BE54EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{360F1F11-1592-4BFC-A607-2B578F10D881}" = lport=138 | protocol=17 | dir=in | app=system |
"{48A31A27-187B-428D-8015-276981C7FF6E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{60721806-FE00-47E1-AA94-B24E2C8893F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{752D9745-3A08-4F01-AAAD-48B6B49CCCF2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78C2DF22-095B-43A6-8162-10F9478B7192}" = rport=137 | protocol=17 | dir=out | app=system |
"{8A92D906-1F6E-46B7-91BE-FE633E92742B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A80AED25-3BF4-4225-9A2B-F4993E26439F}" = rport=445 | protocol=6 | dir=out | app=system |
"{AB6F7214-CD57-4F48-8ACC-3924AF926EDF}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD0877F4-C4FF-4565-A2C4-9FBC8EADB399}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{ADC19227-DC80-43C0-A6EC-21C350975DFD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB7F6DA4-D6F3-44E1-8B85-D3F774F316B7}" = lport=137 | protocol=17 | dir=in | app=system |
"{D13A23EE-D438-4A6C-A91A-6CB795158C7E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D44B61B0-93DE-4940-9F13-5B72CCA32B62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F80F0126-EB40-44AB-9C17-3A8ED336209C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBAC3D26-AB4D-479E-8E50-B8B2775B745A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039B63F9-ABD3-4EAF-938A-982A540764AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{05C78AC9-AD31-4017-A5FA-ABAFDEDA1E86}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{08EBB936-2DAA-4323-AEF7-2A4B8ADDD384}" = protocol=17 | dir=in | app=c:\users\ph\appdata\local\microsoft\skydrive\skydrive.exe |
"{0F65DA93-D468-4416-B298-13C7AED15F8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{157328C2-5F23-4C4E-A50B-37AA8AC4183E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1893E2A4-F4FD-4610-A337-2256CDC57239}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{21C1FBA7-12CF-47DB-B515-420A0E5A9129}" = protocol=17 | dir=in | app=c:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe |
"{29591965-F53E-47A2-B3B7-F290DF499C0C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{2E81644C-1D44-4608-8C3A-69247A0ACAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{39CEB074-D778-4DD7-B012-67570353BB3C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3AEF2935-98DF-4B8E-BE0D-E78CB0E8AB90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B4123F9-F7A7-4794-BCE9-99915F57838D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{52748C1D-E007-4769-8708-CFBAA608B9E5}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{53D37C68-6E43-4DF0-9C50-89931A12A6A6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{554057A3-C517-46E2-A625-D2737F0C0D35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5754A9B6-BB27-4944-86E9-D3DAC65D853A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FED57D3-2DD0-41B3-BAE4-BDADF1363F74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60B0C927-253F-41D7-98ED-FC94CFEE5EED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{619A67C4-0C46-47F6-AD87-3B25FD592761}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6CC5A48B-BB76-461D-8337-47165D54B7CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{70CC4748-EA23-42B9-9545-DBC524B7CA66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73DAD11E-1E58-4E9C-9FDF-17C16E93EB1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{74CF7B48-F988-4079-BD99-A9F136E1E2DD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{77CDFDDA-3119-4ABA-B8E7-267FCC8BC58E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F57BAEF-4803-4499-B352-CCD6B6680C50}" = protocol=6 | dir=out | app=system |
"{817EA795-88DE-414E-B03E-3CECC8C6D961}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{902FBFC7-D567-4FB3-96EF-9AF9A7638C29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{973AEB83-BFB9-45F9-8B59-B7AD76D01099}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{9C34E2B1-F88D-4D79-B220-792B35542BED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7789495-399F-47DE-A93A-3504003B7D64}" = protocol=6 | dir=in | app=c:\users\ph\appdata\local\microsoft\skydrive\skydrive.exe |
"{B33D613A-7166-438D-8B90-21B9CAF8B673}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B6B23BAB-A91A-41F4-A94D-C8B699B98F8C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B9DFF597-4A19-4F3A-9C30-041D6B1B8B16}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFB4F1B8-45E6-4F17-90DB-8BEDD0ADB1AD}" = protocol=6 | dir=in | app=c:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe |
"{C53D224E-A2C3-49BF-A59F-FBDDF7668CE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C77AFCB1-9D88-441A-B989-51FBE1AEF749}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2FAEDEB-167D-44DD-ABB8-7241E2F13650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7984C89-9F2E-4A0D-A18E-3D96814969F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E7CCC1B1-2D33-46E9-8CCB-C65D752F9DB7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE61B5BC-3581-49FA-8262-7F7AC958B49D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1DA1152-0E15-43C0-943D-CFC478F8493D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"TCP Query User{8FE66A0E-1228-4181-B0E7-6E4B26138F65}C:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3457BA4E-3931-45AF-A6DE-2C0DF76D52AC}C:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A5F80AA-FCA7-41C5-BF1C-74727ECE1031}" = Nero 8 Essentials
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83721450-E604-4C37-ABEB-CE7F18C587C8}" = LightScribe Template Labeler
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E4B4330-1CE8-4725-9C7F-BD4CC995FF54}" = Garmin City Navigator Europe (Unicode) NT 2013.10 Update
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"8461-7759-5462-8226" = Vuze
"ACRYSH6_is1" = ArchiCrypt Shredder Version 6.0.2.5634
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Premium 2010
"Picasa 3" = Picasa 3
"Steam App 105430" = Age of Empires Online
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.12.2012 13:07:53 | Computer Name = PH-Shuttle | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 02.12.2012 13:12:00 | Computer Name = PH-Shuttle | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.7.0.21 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fc0 Startzeit:
01cdd0ac4f85dc9f Endzeit: 60 Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe
Berichts-ID:
Error - 02.12.2012 13:41:06 | Computer Name = PH-Shuttle | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iTunes.exe, Version: 10.7.0.21, Zeitstempel:
0x504d85d9 Name des fehlerhaften Moduls: JavaScriptCore.dll, Version: 7536.26.7.2,
Zeitstempel: 0x502dac30 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0010e97c ID des fehlerhaften
Prozesses: 0x1e4 Startzeit der fehlerhaften Anwendung: 0x01cdd0b02678859d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\iTunes\iTunes.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\JavaScriptCore.dll
Berichtskennung:
72def2a8-3ca7-11e2-aae2-00301bbd7471
Error - 02.12.2012 14:32:21 | Computer Name = PH-Shuttle | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.12.2012 14:32:21 | Computer Name = PH-Shuttle | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5991
Error - 02.12.2012 14:32:21 | Computer Name = PH-Shuttle | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5991
Error - 04.12.2012 16:58:34 | Computer Name = PH-Shuttle | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 07.12.2012 16:30:57 | Computer Name = PH-Shuttle | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 08.12.2012 07:33:42 | Computer Name = PH-Shuttle | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 08.12.2012 07:48:52 | Computer Name = PH-Shuttle | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 04.12.2012 17:04:38 | Computer Name = PH-Shuttle | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 04.12.2012 17:04:49 | Computer Name = PH-Shuttle | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 04.12.2012 17:05:49 | Computer Name = PH-Shuttle | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 04.12.2012 17:15:58 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 04.12.2012 17:15:58 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 04.12.2012 17:17:49 | Computer Name = PH-Shuttle | Source = bowser | ID = 8003
Description =
Error - 07.12.2012 16:06:33 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 07.12.2012 16:06:33 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 07.12.2012 16:36:27 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 07.12.2012 16:36:27 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
< End of report >
Könnt Ihr mir sagen ob der PC jetzt sauber ist? Beste Grüße! H. Hallo! Kann mir jemand helfen? Oder mir zumindest sagen ob ich den Defogger wieder enabeln kann??ß VG Hallo?! Hallo! Kann sich das mal bitte jemand ansehen!!! |
|
10.12.2012, 16:02
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | AVIRA findet EXP/Dldr.Java.N Hallo und
__________________ Zitat:
Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Zitat:
__________________ |
|
11.12.2012, 22:33
| #3 |
| | AVIRA findet EXP/Dldr.Java.N So hallo!
__________________Jetzt war ich einige Zeit unpässlich, sorry! Hier das Avira Log Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 8. Dezember 2012 14:54
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : PH
Computername : PH-SHUTTLE
Versionsinformationen:
BUILD.DAT : 13.0.0.2832 48424 Bytes 20.11.2012 13:46:00
AVSCAN.EXE : 13.4.0.294 639264 Bytes 27.11.2012 09:25:41
AVSCANRC.DLL : 13.4.0.219 64800 Bytes 09.10.2012 12:49:58
LUKE.DLL : 13.4.0.267 67360 Bytes 27.11.2012 09:25:51
AVSCPLR.DLL : 13.4.0.271 93984 Bytes 27.11.2012 09:25:54
AVREG.DLL : 13.4.0.267 245536 Bytes 27.11.2012 09:25:53
avlode.dll : 13.4.0.294 426784 Bytes 27.11.2012 09:25:54
avlode.rdf : 13.0.0.24 7196 Bytes 27.09.2012 09:30:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 15:53:06
VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 15:53:06
VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 15:53:06
VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 15:53:06
VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 15:53:06
VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 15:53:06
VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 15:53:06
VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 15:53:06
VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 09:25:37
VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 22:16:23
VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 16:02:07
VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 20:54:54
VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 20:12:30
VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 20:12:30
VBASE021.VDF : 7.11.52.226 2048 Bytes 06.12.2012 20:12:30
VBASE022.VDF : 7.11.52.227 2048 Bytes 06.12.2012 20:12:30
VBASE023.VDF : 7.11.52.228 2048 Bytes 06.12.2012 20:12:30
VBASE024.VDF : 7.11.52.229 2048 Bytes 06.12.2012 20:12:31
VBASE025.VDF : 7.11.52.230 2048 Bytes 06.12.2012 20:12:31
VBASE026.VDF : 7.11.52.231 2048 Bytes 06.12.2012 20:12:31
VBASE027.VDF : 7.11.52.232 2048 Bytes 06.12.2012 20:12:31
VBASE028.VDF : 7.11.52.233 2048 Bytes 06.12.2012 20:12:31
VBASE029.VDF : 7.11.52.234 2048 Bytes 06.12.2012 20:12:31
VBASE030.VDF : 7.11.52.235 2048 Bytes 06.12.2012 20:12:31
VBASE031.VDF : 7.11.53.28 99840 Bytes 08.12.2012 10:57:47
Engineversion : 8.2.10.216
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.72 467323 Bytes 07.12.2012 20:12:41
AESCN.DLL : 8.1.9.4 131445 Bytes 24.11.2012 15:53:11
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 10:09:14
AEPACK.DLL : 8.3.0.40 815479 Bytes 24.11.2012 15:53:11
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 14:00:38
AEHEUR.DLL : 8.1.4.160 5624184 Bytes 07.12.2012 20:12:40
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.6.10 438646 Bytes 24.11.2012 15:53:07
AEEXP.DLL : 8.2.0.18 123253 Bytes 07.12.2012 20:12:41
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.29.2 201079 Bytes 07.11.2012 10:09:14
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30
AVPREF.DLL : 13.4.0.163 50464 Bytes 19.09.2012 17:07:51
AVREP.DLL : 13.4.0.244 177952 Bytes 30.10.2012 13:06:41
AVARKT.DLL : 13.4.0.292 260384 Bytes 27.11.2012 09:25:38
AVEVTLOG.DLL : 13.4.0.267 167200 Bytes 27.11.2012 09:25:39
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54
NETNT.DLL : 13.4.0.163 15648 Bytes 19.09.2012 17:16:26
RCIMAGE.DLL : 13.4.0.163 4780832 Bytes 19.09.2012 17:21:16
RCTEXT.DLL : 13.4.0.163 68384 Bytes 19.09.2012 17:21:16
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: A:, C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 8. Dezember 2012 14:54
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'A:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '143' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '168' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArchiCryptInjector64.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'IoctlSvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'SkyDrive.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexStoreSvr.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'IBurn.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD9Serv.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexingService.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSPPSVC.EXE' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3654' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'A:\' <Daten>
Beginne mit der Suche in 'C:\'
[0] Archivtyp: RSRC
--> C:\Users\PH\AppData\Roaming\Dropbox\bin\Dropbox.exe
[1] Archivtyp: RSRC
--> C:\$Recycle.Bin\S-1-5-21-2394378626-3793514668-1418206493-1000\$R7NG94T.exe
[2] Archivtyp: NSIS
--> C:\$Recycle.Bin\S-1-5-21-2394378626-3793514668-1418206493-1000\$REUFVZM.exe
[3] Archivtyp: Runtime Packed
--> C:\Users\PH\AppData\Local\Temp\jar_cache1373831904636412684.tmp
[4] Archivtyp: ZIP
--> wJevoepPd.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Dldr.Java.N
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\PH\AppData\Local\Temp\jar_cache1373831904636412684.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/Dldr.Java.N
--> C:\Users\PH\AppData\Local\Temp\jar_cache7761653589004740980.tmp
[4] Archivtyp: ZIP
--> wJevoepPd.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Dldr.Java.N
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\PH\AppData\Local\Temp\jar_cache7761653589004740980.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/Dldr.Java.N
Beginne mit der Desinfektion:
C:\Users\PH\AppData\Local\Temp\jar_cache7761653589004740980.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/Dldr.Java.N
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5914e22e.qua' verschoben!
C:\Users\PH\AppData\Local\Temp\jar_cache1373831904636412684.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/Dldr.Java.N
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4183cd89.qua' verschoben!
Ende des Suchlaufs: Samstag, 8. Dezember 2012 15:28
Benötigte Zeit: 32:43 Minute(n)
Der Suchlauf wurde abgebrochen!
11729 Verzeichnisse wurden überprüft
386784 Dateien wurden geprüft
4 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
386780 Dateien ohne Befall
4384 Archive wurden durchsucht
2 Warnungen
2 Hinweise
|
|
12.12.2012, 12:21
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVIRA findet EXP/Dldr.Java.N Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.12.2012, 19:37
| #5 |
| | AVIRA findet EXP/Dldr.Java.N Hi! Nein, andere Scans habe ich nicht gemacht. Daher auch keine anderen Logs... Hier noch die exportierte Ereignis Datei aus Avira Code:
ATTFilter Exportierte Ereignisse:
12.12.2012 19:31 [Echtzeit-Scanner] Dienst gestartet
Der Dienst wurde gestartet.
Dienst Version: 13.6.0.400
Engine Version: 8.2.10.216
VDF Version: 7.11.53.146
08.12.2012 15:28 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\PH\AppData\Local\Temp\jar_cache7761653589004740980.tmp'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Dldr.Java.N' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5914e22e.qua'
verschoben!
08.12.2012 15:28 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\PH\AppData\Local\Temp\jar_cache1373831904636412684.tmp'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Dldr.Java.N' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4183cd89.qua'
verschoben!
Beste Grüße! |
|
13.12.2012, 14:50
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVIRA findet EXP/Dldr.Java.N Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> AVIRA findet EXP/Dldr.Java.N |
|
14.12.2012, 18:41
| #7 |
| | AVIRA findet EXP/Dldr.Java.N Hallo! Log 1 Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-14 18:32:56
-----------------------------
18:32:56.681 OS Version: Windows x64 6.1.7601 Service Pack 1
18:32:56.681 Number of processors: 2 586 0x1706
18:32:56.681 ComputerName: PH-SHUTTLE UserName: PH
18:32:57.898 Initialize success
18:33:03.966 AVAST engine defs: 12121400
18:33:15.963 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5
18:33:15.963 Disk 0 Vendor: WDC_WD10EARX-00N0YB0 51.0AB51 Size: 953869MB BusType: 3
18:33:15.963 Disk 0 MBR read successfully
18:33:15.963 Disk 0 MBR scan
18:33:15.978 Disk 0 Windows 7 default MBR code
18:33:15.978 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:33:15.978 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 349899 MB offset 206848
18:33:15.994 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 603867 MB offset 716800000
18:33:16.025 Disk 0 scanning C:\Windows\system32\drivers
18:33:25.074 Service scanning
18:33:41.813 Modules scanning
18:33:41.813 Disk 0 trace - called modules:
18:33:41.829 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:33:41.829 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c24410]
18:33:41.844 3 CLASSPNP.SYS[fffff8800198f43f] -> nt!IofCallDriver -> [0xfffffa80046aec40]
18:33:41.844 5 ACPI.sys[fffff88000ef37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-5[0xfffffa80046ee060]
18:33:41.860 Scan finished successfully
18:34:02.826 Disk 0 MBR has been saved successfully to "C:\Users\PH\Desktop\MBR.dat"
18:34:02.826 The log file has been saved successfully to "C:\Users\PH\Desktop\aswMBR.txt"
Code:
ATTFilter 18:35:03.0588 2800 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:35:03.0682 2800 ============================================================
18:35:03.0682 2800 Current date / time: 2012/12/14 18:35:03.0682
18:35:03.0682 2800 SystemInfo:
18:35:03.0682 2800
18:35:03.0682 2800 OS Version: 6.1.7601 ServicePack: 1.0
18:35:03.0682 2800 Product type: Workstation
18:35:03.0682 2800 ComputerName: PH-SHUTTLE
18:35:03.0682 2800 UserName: PH
18:35:03.0682 2800 Windows directory: C:\Windows
18:35:03.0682 2800 System windows directory: C:\Windows
18:35:03.0682 2800 Running under WOW64
18:35:03.0682 2800 Processor architecture: Intel x64
18:35:03.0682 2800 Number of processors: 2
18:35:03.0682 2800 Page size: 0x1000
18:35:03.0682 2800 Boot type: Normal boot
18:35:03.0682 2800 ============================================================
18:35:04.0712 2800 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:35:04.0727 2800 ============================================================
18:35:04.0727 2800 \Device\Harddisk0\DR0:
18:35:04.0727 2800 MBR partitions:
18:35:04.0727 2800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:35:04.0727 2800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2AB65800
18:35:04.0727 2800 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2AB98000, BlocksNum 0x49B6D800
18:35:04.0727 2800 ============================================================
18:35:04.0758 2800 C: <-> \Device\Harddisk0\DR0\Partition2
18:35:04.0790 2800 A: <-> \Device\Harddisk0\DR0\Partition3
18:35:04.0790 2800 ============================================================
18:35:04.0790 2800 Initialize success
18:35:04.0790 2800 ============================================================
18:35:40.0771 1420 ============================================================
18:35:40.0771 1420 Scan started
18:35:40.0771 1420 Mode: Manual; SigCheck; TDLFS;
18:35:40.0771 1420 ============================================================
18:35:41.0099 1420 ================ Scan system memory ========================
18:35:41.0099 1420 System memory - ok
18:35:41.0099 1420 ================ Scan services =============================
18:35:41.0239 1420 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:35:41.0348 1420 1394ohci - ok
18:35:41.0364 1420 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:35:41.0380 1420 ACPI - ok
18:35:41.0411 1420 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:35:41.0473 1420 AcpiPmi - ok
18:35:41.0567 1420 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:35:41.0582 1420 AdobeARMservice - ok
18:35:41.0692 1420 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:35:41.0692 1420 AdobeFlashPlayerUpdateSvc - ok
18:35:41.0754 1420 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:35:41.0770 1420 adp94xx - ok
18:35:41.0801 1420 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:35:41.0816 1420 adpahci - ok
18:35:41.0848 1420 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:35:41.0863 1420 adpu320 - ok
18:35:41.0879 1420 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:35:42.0004 1420 AeLookupSvc - ok
18:35:42.0050 1420 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:35:42.0097 1420 AFD - ok
18:35:42.0113 1420 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:35:42.0128 1420 agp440 - ok
18:35:42.0144 1420 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:35:42.0206 1420 ALG - ok
18:35:42.0238 1420 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:35:42.0238 1420 aliide - ok
18:35:42.0253 1420 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:35:42.0269 1420 amdide - ok
18:35:42.0284 1420 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:35:42.0331 1420 AmdK8 - ok
18:35:42.0331 1420 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:35:42.0362 1420 AmdPPM - ok
18:35:42.0378 1420 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:35:42.0394 1420 amdsata - ok
18:35:42.0425 1420 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:35:42.0440 1420 amdsbs - ok
18:35:42.0456 1420 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:35:42.0472 1420 amdxata - ok
18:35:42.0550 1420 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:35:42.0565 1420 AntiVirSchedulerService - ok
18:35:42.0596 1420 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:35:42.0596 1420 AntiVirService - ok
18:35:42.0628 1420 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:35:42.0752 1420 AppID - ok
18:35:42.0752 1420 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:35:42.0815 1420 AppIDSvc - ok
18:35:42.0830 1420 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:35:42.0877 1420 Appinfo - ok
18:35:42.0955 1420 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:35:42.0955 1420 Apple Mobile Device - ok
18:35:42.0971 1420 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:35:42.0986 1420 arc - ok
18:35:43.0018 1420 [ 57FD55F0C8F08BF715BB7A5DD73A9E60 ] ArchiCrypt Sichere Loeschzonen C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe
18:35:43.0080 1420 ArchiCrypt Sichere Loeschzonen - ok
18:35:43.0096 1420 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:35:43.0111 1420 arcsas - ok
18:35:43.0127 1420 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:35:43.0189 1420 AsyncMac - ok
18:35:43.0220 1420 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:35:43.0236 1420 atapi - ok
18:35:43.0252 1420 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:35:43.0330 1420 AudioEndpointBuilder - ok
18:35:43.0345 1420 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:35:43.0376 1420 AudioSrv - ok
18:35:43.0423 1420 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:35:43.0439 1420 avgntflt - ok
18:35:43.0439 1420 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:35:43.0454 1420 avipbb - ok
18:35:43.0486 1420 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:35:43.0486 1420 avkmgr - ok
18:35:43.0548 1420 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:35:43.0610 1420 AxInstSV - ok
18:35:43.0642 1420 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:35:43.0688 1420 b06bdrv - ok
18:35:43.0735 1420 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:35:43.0766 1420 b57nd60a - ok
18:35:43.0782 1420 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:35:43.0813 1420 BDESVC - ok
18:35:43.0844 1420 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:35:43.0891 1420 Beep - ok
18:35:43.0954 1420 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:35:44.0000 1420 BFE - ok
18:35:44.0047 1420 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:35:44.0110 1420 BITS - ok
18:35:44.0141 1420 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:35:44.0172 1420 blbdrive - ok
18:35:44.0234 1420 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:35:44.0250 1420 Bonjour Service - ok
18:35:44.0266 1420 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:35:44.0297 1420 bowser - ok
18:35:44.0297 1420 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:35:44.0359 1420 BrFiltLo - ok
18:35:44.0359 1420 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:35:44.0406 1420 BrFiltUp - ok
18:35:44.0422 1420 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:35:44.0453 1420 Browser - ok
18:35:44.0484 1420 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:35:44.0515 1420 Brserid - ok
18:35:44.0515 1420 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:35:44.0546 1420 BrSerWdm - ok
18:35:44.0546 1420 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:35:44.0562 1420 BrUsbMdm - ok
18:35:44.0562 1420 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:35:44.0578 1420 BrUsbSer - ok
18:35:44.0578 1420 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:35:44.0593 1420 BTHMODEM - ok
18:35:44.0624 1420 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:35:44.0671 1420 bthserv - ok
18:35:44.0671 1420 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:35:44.0718 1420 cdfs - ok
18:35:44.0765 1420 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:35:44.0796 1420 cdrom - ok
18:35:44.0827 1420 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:35:44.0874 1420 CertPropSvc - ok
18:35:44.0890 1420 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:35:44.0921 1420 circlass - ok
18:35:44.0968 1420 [ 125327DF629324FAD78D9A95CCD0F425 ] CLBStor C:\Windows\system32\DRIVERS\CLBStor.sys
18:35:44.0983 1420 CLBStor - ok
18:35:45.0014 1420 [ 9C0CD75FEA24E7E0E835EEE7F14406F7 ] CLBUDF C:\Windows\system32\drivers\CLBUDF.sys
18:35:45.0030 1420 CLBUDF - ok
18:35:45.0046 1420 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:35:45.0061 1420 CLFS - ok
18:35:45.0155 1420 [ 4642B5A3E0D2E61D08163DE95FC5B949 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
18:35:45.0155 1420 CLKMSVC10_9EC60124 - ok
18:35:45.0217 1420 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:35:45.0233 1420 clr_optimization_v2.0.50727_32 - ok
18:35:45.0248 1420 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:35:45.0264 1420 clr_optimization_v2.0.50727_64 - ok
18:35:45.0326 1420 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:35:45.0342 1420 clr_optimization_v4.0.30319_32 - ok
18:35:45.0389 1420 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:35:45.0389 1420 clr_optimization_v4.0.30319_64 - ok
18:35:45.0420 1420 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:35:45.0436 1420 CmBatt - ok
18:35:45.0467 1420 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:35:45.0467 1420 cmdide - ok
18:35:45.0498 1420 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:35:45.0529 1420 CNG - ok
18:35:45.0529 1420 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:35:45.0545 1420 Compbatt - ok
18:35:45.0592 1420 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:35:45.0607 1420 CompositeBus - ok
18:35:45.0607 1420 COMSysApp - ok
18:35:45.0638 1420 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:35:45.0654 1420 crcdisk - ok
18:35:45.0701 1420 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:35:45.0716 1420 CryptSvc - ok
18:35:45.0763 1420 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:35:45.0810 1420 DcomLaunch - ok
18:35:45.0857 1420 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:35:45.0904 1420 defragsvc - ok
18:35:45.0950 1420 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:35:45.0997 1420 DfsC - ok
18:35:46.0044 1420 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:35:46.0106 1420 Dhcp - ok
18:35:46.0122 1420 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:35:46.0153 1420 discache - ok
18:35:46.0184 1420 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:35:46.0200 1420 Disk - ok
18:35:46.0216 1420 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:35:46.0262 1420 Dnscache - ok
18:35:46.0294 1420 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:35:46.0356 1420 dot3svc - ok
18:35:46.0387 1420 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:35:46.0434 1420 DPS - ok
18:35:46.0481 1420 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:35:46.0496 1420 drmkaud - ok
18:35:46.0528 1420 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:35:46.0559 1420 DXGKrnl - ok
18:35:46.0574 1420 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:35:46.0621 1420 EapHost - ok
18:35:46.0668 1420 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:35:46.0762 1420 ebdrv - ok
18:35:46.0793 1420 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:35:46.0824 1420 EFS - ok
18:35:46.0855 1420 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:35:46.0902 1420 ehRecvr - ok
18:35:46.0918 1420 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:35:46.0933 1420 ehSched - ok
18:35:46.0964 1420 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:35:46.0980 1420 elxstor - ok
18:35:47.0011 1420 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:35:47.0027 1420 ErrDev - ok
18:35:47.0058 1420 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:35:47.0120 1420 EventSystem - ok
18:35:47.0120 1420 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:35:47.0167 1420 exfat - ok
18:35:47.0183 1420 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:35:47.0214 1420 fastfat - ok
18:35:47.0261 1420 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:35:47.0323 1420 Fax - ok
18:35:47.0339 1420 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:35:47.0370 1420 fdc - ok
18:35:47.0386 1420 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:35:47.0432 1420 fdPHost - ok
18:35:47.0464 1420 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:35:47.0495 1420 FDResPub - ok
18:35:47.0510 1420 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:35:47.0526 1420 FileInfo - ok
18:35:47.0542 1420 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:35:47.0588 1420 Filetrace - ok
18:35:47.0620 1420 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:35:47.0620 1420 flpydisk - ok
18:35:47.0666 1420 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:35:47.0682 1420 FltMgr - ok
18:35:47.0729 1420 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:35:47.0791 1420 FontCache - ok
18:35:47.0838 1420 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:35:47.0838 1420 FontCache3.0.0.0 - ok
18:35:47.0854 1420 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:35:47.0869 1420 FsDepends - ok
18:35:47.0900 1420 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:35:47.0900 1420 Fs_Rec - ok
18:35:47.0963 1420 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:35:47.0978 1420 fvevol - ok
18:35:47.0994 1420 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:35:48.0010 1420 gagp30kx - ok
18:35:48.0041 1420 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:35:48.0041 1420 GEARAspiWDM - ok
18:35:48.0119 1420 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:35:48.0212 1420 gpsvc - ok
18:35:48.0368 1420 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:35:48.0384 1420 gusvc - ok
18:35:48.0400 1420 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:35:48.0415 1420 hcw85cir - ok
18:35:48.0462 1420 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:35:48.0493 1420 HdAudAddService - ok
18:35:48.0509 1420 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:35:48.0540 1420 HDAudBus - ok
18:35:48.0556 1420 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:35:48.0587 1420 HidBatt - ok
18:35:48.0602 1420 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:35:48.0634 1420 HidBth - ok
18:35:48.0649 1420 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:35:48.0665 1420 HidIr - ok
18:35:48.0680 1420 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:35:48.0712 1420 hidserv - ok
18:35:48.0743 1420 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:35:48.0743 1420 HidUsb - ok
18:35:48.0790 1420 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:35:48.0836 1420 hkmsvc - ok
18:35:48.0868 1420 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:35:48.0914 1420 HomeGroupListener - ok
18:35:48.0930 1420 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:35:48.0961 1420 HomeGroupProvider - ok
18:35:48.0992 1420 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:35:48.0992 1420 HpSAMD - ok
18:35:49.0055 1420 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:35:49.0102 1420 HTTP - ok
18:35:49.0133 1420 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:35:49.0148 1420 hwpolicy - ok
18:35:49.0180 1420 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:35:49.0195 1420 i8042prt - ok
18:35:49.0226 1420 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:35:49.0242 1420 iaStorV - ok
18:35:49.0304 1420 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:35:49.0320 1420 idsvc - ok
18:35:49.0507 1420 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:35:49.0741 1420 igfx - ok
18:35:49.0804 1420 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:35:49.0819 1420 iirsp - ok
18:35:49.0850 1420 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:35:49.0913 1420 IKEEXT - ok
18:35:49.0928 1420 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:35:49.0944 1420 intelide - ok
18:35:49.0975 1420 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:35:49.0991 1420 intelppm - ok
18:35:50.0022 1420 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:35:50.0069 1420 IPBusEnum - ok
18:35:50.0100 1420 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:35:50.0131 1420 IpFilterDriver - ok
18:35:50.0178 1420 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:35:50.0209 1420 iphlpsvc - ok
18:35:50.0225 1420 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:35:50.0240 1420 IPMIDRV - ok
18:35:50.0256 1420 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:35:50.0287 1420 IPNAT - ok
18:35:50.0350 1420 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:35:50.0365 1420 iPod Service - ok
18:35:50.0381 1420 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:35:50.0428 1420 IRENUM - ok
18:35:50.0459 1420 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:35:50.0474 1420 isapnp - ok
18:35:50.0490 1420 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:35:50.0506 1420 iScsiPrt - ok
18:35:50.0537 1420 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:35:50.0537 1420 kbdclass - ok
18:35:50.0552 1420 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:35:50.0568 1420 kbdhid - ok
18:35:50.0568 1420 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:35:50.0584 1420 KeyIso - ok
18:35:50.0599 1420 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:35:50.0615 1420 KSecDD - ok
18:35:50.0646 1420 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:35:50.0646 1420 KSecPkg - ok
18:35:50.0662 1420 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:35:50.0693 1420 ksthunk - ok
18:35:50.0724 1420 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:35:50.0771 1420 KtmRm - ok
18:35:50.0802 1420 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:35:50.0833 1420 LanmanServer - ok
18:35:50.0864 1420 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:35:50.0911 1420 LanmanWorkstation - ok
18:35:50.0989 1420 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:35:51.0005 1420 LBTServ - ok
18:35:51.0036 1420 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:35:51.0052 1420 LHidFilt - ok
18:35:51.0130 1420 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:35:51.0161 1420 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:35:51.0161 1420 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:35:51.0176 1420 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:35:51.0223 1420 lltdio - ok
18:35:51.0254 1420 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:35:51.0317 1420 lltdsvc - ok
18:35:51.0332 1420 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:35:51.0379 1420 lmhosts - ok
18:35:51.0410 1420 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:35:51.0426 1420 LMouFilt - ok
18:35:51.0442 1420 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:35:51.0457 1420 LSI_FC - ok
18:35:51.0473 1420 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:35:51.0488 1420 LSI_SAS - ok
18:35:51.0504 1420 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:35:51.0520 1420 LSI_SAS2 - ok
18:35:51.0535 1420 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:35:51.0551 1420 LSI_SCSI - ok
18:35:51.0566 1420 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:35:51.0613 1420 luafv - ok
18:35:51.0644 1420 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:35:51.0676 1420 Mcx2Svc - ok
18:35:51.0691 1420 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:35:51.0707 1420 megasas - ok
18:35:51.0722 1420 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:35:51.0738 1420 MegaSR - ok
18:35:51.0800 1420 Microsoft SharePoint Workspace Audit Service - ok
18:35:51.0816 1420 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:35:51.0847 1420 MMCSS - ok
18:35:51.0878 1420 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:35:51.0925 1420 Modem - ok
18:35:51.0925 1420 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:35:51.0956 1420 monitor - ok
18:35:51.0972 1420 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:35:51.0988 1420 mouclass - ok
18:35:52.0019 1420 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:35:52.0034 1420 mouhid - ok
18:35:52.0066 1420 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:35:52.0081 1420 mountmgr - ok
18:35:52.0128 1420 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:35:52.0144 1420 MozillaMaintenance - ok
18:35:52.0159 1420 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:35:52.0175 1420 mpio - ok
18:35:52.0190 1420 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:35:52.0222 1420 mpsdrv - ok
18:35:52.0268 1420 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:35:52.0315 1420 MpsSvc - ok
18:35:52.0346 1420 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:35:52.0378 1420 MRxDAV - ok
18:35:52.0409 1420 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:35:52.0440 1420 mrxsmb - ok
18:35:52.0456 1420 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:35:52.0471 1420 mrxsmb10 - ok
18:35:52.0487 1420 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:35:52.0502 1420 mrxsmb20 - ok
18:35:52.0534 1420 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:35:52.0549 1420 msahci - ok
18:35:52.0580 1420 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:35:52.0596 1420 msdsm - ok
18:35:52.0612 1420 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:35:52.0627 1420 MSDTC - ok
18:35:52.0658 1420 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:35:52.0705 1420 Msfs - ok
18:35:52.0721 1420 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:35:52.0752 1420 mshidkmdf - ok
18:35:52.0768 1420 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:35:52.0783 1420 msisadrv - ok
18:35:52.0814 1420 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:35:52.0861 1420 MSiSCSI - ok
18:35:52.0861 1420 msiserver - ok
18:35:52.0877 1420 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:35:52.0924 1420 MSKSSRV - ok
18:35:52.0924 1420 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:35:52.0970 1420 MSPCLOCK - ok
18:35:52.0986 1420 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:35:53.0017 1420 MSPQM - ok
18:35:53.0048 1420 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:35:53.0064 1420 MsRPC - ok
18:35:53.0080 1420 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:35:53.0080 1420 mssmbios - ok
18:35:53.0095 1420 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:35:53.0142 1420 MSTEE - ok
18:35:53.0142 1420 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:35:53.0158 1420 MTConfig - ok
18:35:53.0173 1420 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:35:53.0189 1420 Mup - ok
18:35:53.0236 1420 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:35:53.0282 1420 napagent - ok
18:35:53.0314 1420 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:35:53.0329 1420 NativeWifiP - ok
18:35:53.0423 1420 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:35:53.0454 1420 NDIS - ok
18:35:53.0470 1420 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:35:53.0501 1420 NdisCap - ok
18:35:53.0532 1420 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:35:53.0563 1420 NdisTapi - ok
18:35:53.0610 1420 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:35:53.0672 1420 Ndisuio - ok
18:35:53.0704 1420 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:35:53.0735 1420 NdisWan - ok
18:35:53.0766 1420 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:35:53.0797 1420 NDProxy - ok
18:35:53.0875 1420 [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
18:35:53.0906 1420 Nero BackItUp Scheduler 3 - ok
18:35:53.0922 1420 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:35:53.0969 1420 NetBIOS - ok
18:35:54.0000 1420 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:35:54.0047 1420 NetBT - ok
18:35:54.0062 1420 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:35:54.0062 1420 Netlogon - ok
18:35:54.0125 1420 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:35:54.0156 1420 Netman - ok
18:35:54.0172 1420 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:35:54.0203 1420 netprofm - ok
18:35:54.0234 1420 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:35:54.0250 1420 NetTcpPortSharing - ok
18:35:54.0265 1420 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:35:54.0281 1420 nfrd960 - ok
18:35:54.0312 1420 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:35:54.0328 1420 NlaSvc - ok
18:35:54.0421 1420 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
18:35:54.0437 1420 NMIndexingService - ok
18:35:54.0437 1420 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:35:54.0484 1420 Npfs - ok
18:35:54.0515 1420 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:35:54.0546 1420 nsi - ok
18:35:54.0562 1420 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:35:54.0593 1420 nsiproxy - ok
18:35:54.0640 1420 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:35:54.0686 1420 Ntfs - ok
18:35:54.0702 1420 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:35:54.0733 1420 Null - ok
18:35:54.0764 1420 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:35:54.0764 1420 nvraid - ok
18:35:54.0811 1420 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:35:54.0827 1420 nvstor - ok
18:35:54.0842 1420 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:35:54.0842 1420 nv_agp - ok
18:35:54.0874 1420 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:35:54.0889 1420 ohci1394 - ok
18:35:54.0920 1420 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:35:54.0936 1420 ose - ok
18:35:55.0030 1420 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:35:55.0154 1420 osppsvc - ok
18:35:55.0170 1420 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:35:55.0217 1420 p2pimsvc - ok
18:35:55.0232 1420 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:35:55.0248 1420 p2psvc - ok
18:35:55.0279 1420 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:35:55.0310 1420 Parport - ok
18:35:55.0326 1420 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:35:55.0342 1420 partmgr - ok
18:35:55.0357 1420 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:35:55.0388 1420 PcaSvc - ok
18:35:55.0420 1420 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:35:55.0420 1420 pci - ok
18:35:55.0435 1420 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:35:55.0451 1420 pciide - ok
18:35:55.0466 1420 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:35:55.0482 1420 pcmcia - ok
18:35:55.0498 1420 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:35:55.0513 1420 pcw - ok
18:35:55.0544 1420 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:35:55.0576 1420 PEAUTH - ok
18:35:55.0654 1420 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:35:55.0685 1420 PerfHost - ok
18:35:55.0732 1420 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:35:55.0810 1420 pla - ok
18:35:55.0825 1420 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
18:35:55.0856 1420 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
18:35:55.0856 1420 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
18:35:55.0903 1420 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:35:55.0934 1420 PlugPlay - ok
18:35:55.0950 1420 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:35:55.0950 1420 PNRPAutoReg - ok
18:35:55.0966 1420 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:35:55.0981 1420 PNRPsvc - ok
18:35:55.0997 1420 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:35:56.0044 1420 PolicyAgent - ok
18:35:56.0059 1420 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:35:56.0106 1420 Power - ok
18:35:56.0153 1420 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:35:56.0200 1420 PptpMiniport - ok
18:35:56.0215 1420 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:35:56.0231 1420 Processor - ok
18:35:56.0278 1420 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:35:56.0309 1420 ProfSvc - ok
18:35:56.0324 1420 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:35:56.0340 1420 ProtectedStorage - ok
18:35:56.0387 1420 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:35:56.0434 1420 Psched - ok
18:35:56.0465 1420 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:35:56.0496 1420 ql2300 - ok
18:35:56.0512 1420 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:35:56.0527 1420 ql40xx - ok
18:35:56.0558 1420 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:35:56.0574 1420 QWAVE - ok
18:35:56.0590 1420 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:35:56.0605 1420 QWAVEdrv - ok
18:35:56.0621 1420 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:35:56.0652 1420 RasAcd - ok
18:35:56.0668 1420 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:35:56.0699 1420 RasAgileVpn - ok
18:35:56.0730 1420 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:35:56.0777 1420 RasAuto - ok
18:35:56.0808 1420 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:35:56.0839 1420 Rasl2tp - ok
18:35:56.0886 1420 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:35:56.0917 1420 RasMan - ok
18:35:56.0933 1420 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:35:56.0995 1420 RasPppoe - ok
18:35:57.0011 1420 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:35:57.0042 1420 RasSstp - ok
18:35:57.0058 1420 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:35:57.0089 1420 rdbss - ok
18:35:57.0104 1420 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:35:57.0120 1420 rdpbus - ok
18:35:57.0136 1420 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:35:57.0167 1420 RDPCDD - ok
18:35:57.0198 1420 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:35:57.0229 1420 RDPENCDD - ok
18:35:57.0245 1420 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:35:57.0292 1420 RDPREFMP - ok
18:35:57.0323 1420 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:35:57.0354 1420 RDPWD - ok
18:35:57.0385 1420 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:35:57.0385 1420 rdyboost - ok
18:35:57.0416 1420 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:35:57.0463 1420 RemoteAccess - ok
18:35:57.0494 1420 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:35:57.0541 1420 RemoteRegistry - ok
18:35:57.0572 1420 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:35:57.0604 1420 RpcEptMapper - ok
18:35:57.0619 1420 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:35:57.0650 1420 RpcLocator - ok
18:35:57.0682 1420 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:35:57.0728 1420 RpcSs - ok
18:35:57.0744 1420 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:35:57.0791 1420 rspndr - ok
18:35:57.0806 1420 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:35:57.0822 1420 SamSs - ok
18:35:57.0853 1420 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:35:57.0869 1420 sbp2port - ok
18:35:57.0884 1420 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:35:57.0931 1420 SCardSvr - ok
18:35:57.0962 1420 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:35:57.0994 1420 scfilter - ok
18:35:58.0040 1420 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:35:58.0087 1420 Schedule - ok
18:35:58.0134 1420 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:35:58.0165 1420 SCPolicySvc - ok
18:35:58.0196 1420 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:35:58.0228 1420 SDRSVC - ok
18:35:58.0243 1420 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:35:58.0290 1420 secdrv - ok
18:35:58.0306 1420 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:35:58.0337 1420 seclogon - ok
18:35:58.0337 1420 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:35:58.0399 1420 SENS - ok
18:35:58.0399 1420 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:35:58.0430 1420 SensrSvc - ok
18:35:58.0462 1420 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:35:58.0477 1420 Serenum - ok
18:35:58.0493 1420 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:35:58.0524 1420 Serial - ok
18:35:58.0540 1420 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:35:58.0555 1420 sermouse - ok
18:35:58.0602 1420 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:35:58.0633 1420 SessionEnv - ok
18:35:58.0664 1420 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:35:58.0680 1420 sffdisk - ok
18:35:58.0696 1420 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:35:58.0711 1420 sffp_mmc - ok
18:35:58.0711 1420 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:35:58.0727 1420 sffp_sd - ok
18:35:58.0742 1420 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:35:58.0758 1420 sfloppy - ok
18:35:58.0789 1420 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:35:58.0820 1420 SharedAccess - ok
18:35:58.0852 1420 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:35:58.0898 1420 ShellHWDetection - ok
18:35:58.0930 1420 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:35:58.0930 1420 SiSRaid2 - ok
18:35:58.0945 1420 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:35:58.0961 1420 SiSRaid4 - ok
18:35:58.0976 1420 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:35:59.0008 1420 Smb - ok
18:35:59.0054 1420 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:35:59.0070 1420 SNMPTRAP - ok
18:35:59.0101 1420 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:35:59.0101 1420 spldr - ok
18:35:59.0132 1420 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:35:59.0164 1420 Spooler - ok
18:35:59.0242 1420 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:35:59.0366 1420 sppsvc - ok
18:35:59.0382 1420 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:35:59.0444 1420 sppuinotify - ok
18:35:59.0476 1420 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:35:59.0522 1420 srv - ok
18:35:59.0554 1420 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:35:59.0569 1420 srv2 - ok
18:35:59.0585 1420 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:35:59.0600 1420 srvnet - ok
18:35:59.0616 1420 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:35:59.0663 1420 SSDPSRV - ok
18:35:59.0678 1420 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:35:59.0710 1420 SstpSvc - ok
18:35:59.0741 1420 Steam Client Service - ok
18:35:59.0756 1420 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:35:59.0772 1420 stexstor - ok
18:35:59.0819 1420 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:35:59.0850 1420 stisvc - ok
18:35:59.0881 1420 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:35:59.0881 1420 swenum - ok
18:35:59.0912 1420 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:35:59.0959 1420 swprv - ok
18:36:00.0006 1420 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:36:00.0053 1420 SysMain - ok
18:36:00.0068 1420 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:36:00.0100 1420 TabletInputService - ok
18:36:00.0131 1420 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:36:00.0178 1420 TapiSrv - ok
18:36:00.0193 1420 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:36:00.0240 1420 TBS - ok
18:36:00.0302 1420 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:36:00.0349 1420 Tcpip - ok
18:36:00.0396 1420 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:36:00.0443 1420 TCPIP6 - ok
18:36:00.0458 1420 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:36:00.0490 1420 tcpipreg - ok
18:36:00.0505 1420 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:36:00.0536 1420 TDPIPE - ok
18:36:00.0552 1420 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:36:00.0568 1420 TDTCP - ok
18:36:00.0599 1420 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:36:00.0646 1420 tdx - ok
18:36:00.0677 1420 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:36:00.0692 1420 TermDD - ok
18:36:00.0724 1420 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:36:00.0770 1420 TermService - ok
18:36:00.0786 1420 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:36:00.0802 1420 Themes - ok
18:36:00.0817 1420 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:36:00.0848 1420 THREADORDER - ok
18:36:00.0864 1420 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:36:00.0895 1420 TrkWks - ok
18:36:00.0958 1420 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
18:36:00.0973 1420 truecrypt - ok
18:36:01.0004 1420 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:36:01.0067 1420 TrustedInstaller - ok
18:36:01.0098 1420 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:36:01.0129 1420 tssecsrv - ok
18:36:01.0160 1420 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:36:01.0192 1420 TsUsbFlt - ok
18:36:01.0238 1420 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:36:01.0285 1420 tunnel - ok
18:36:01.0301 1420 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:36:01.0316 1420 uagp35 - ok
18:36:01.0332 1420 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:36:01.0379 1420 udfs - ok
18:36:01.0410 1420 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:36:01.0426 1420 UI0Detect - ok
18:36:01.0441 1420 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:36:01.0441 1420 uliagpkx - ok
18:36:01.0472 1420 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:36:01.0488 1420 umbus - ok
18:36:01.0504 1420 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:36:01.0519 1420 UmPass - ok
18:36:01.0535 1420 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:36:01.0582 1420 upnphost - ok
18:36:01.0613 1420 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:36:01.0613 1420 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:36:01.0613 1420 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:36:01.0628 1420 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:36:01.0675 1420 usbccgp - ok
18:36:01.0706 1420 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:36:01.0722 1420 usbcir - ok
18:36:01.0738 1420 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:36:01.0753 1420 usbehci - ok
18:36:01.0769 1420 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:36:01.0784 1420 usbhub - ok
18:36:01.0800 1420 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:36:01.0816 1420 usbohci - ok
18:36:01.0847 1420 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:36:01.0862 1420 usbprint - ok
18:36:01.0878 1420 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:36:01.0894 1420 USBSTOR - ok
18:36:01.0909 1420 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:36:01.0925 1420 usbuhci - ok
18:36:01.0956 1420 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:36:02.0003 1420 UxSms - ok
18:36:02.0018 1420 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:36:02.0034 1420 VaultSvc - ok
18:36:02.0034 1420 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:36:02.0050 1420 vdrvroot - ok
18:36:02.0096 1420 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:36:02.0128 1420 vds - ok
18:36:02.0143 1420 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:36:02.0159 1420 vga - ok
18:36:02.0174 1420 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:36:02.0206 1420 VgaSave - ok
18:36:02.0221 1420 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:36:02.0237 1420 vhdmp - ok
18:36:02.0268 1420 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:36:02.0268 1420 viaide - ok
18:36:02.0284 1420 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:36:02.0299 1420 volmgr - ok
18:36:02.0330 1420 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:36:02.0346 1420 volmgrx - ok
18:36:02.0362 1420 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:36:02.0377 1420 volsnap - ok
18:36:02.0408 1420 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:36:02.0424 1420 vsmraid - ok
18:36:02.0471 1420 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:36:02.0549 1420 VSS - ok
18:36:02.0564 1420 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:36:02.0580 1420 vwifibus - ok
18:36:02.0611 1420 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:36:02.0658 1420 W32Time - ok
18:36:02.0689 1420 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:36:02.0705 1420 WacomPen - ok
18:36:02.0736 1420 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:36:02.0783 1420 WANARP - ok
18:36:02.0783 1420 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:36:02.0814 1420 Wanarpv6 - ok
18:36:02.0876 1420 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:36:02.0939 1420 wbengine - ok
18:36:02.0954 1420 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:36:02.0970 1420 WbioSrvc - ok
18:36:03.0001 1420 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:36:03.0048 1420 wcncsvc - ok
18:36:03.0048 1420 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:36:03.0079 1420 WcsPlugInService - ok
18:36:03.0095 1420 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:36:03.0110 1420 Wd - ok
18:36:03.0142 1420 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:36:03.0173 1420 Wdf01000 - ok
18:36:03.0188 1420 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:36:03.0251 1420 WdiServiceHost - ok
18:36:03.0251 1420 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:36:03.0282 1420 WdiSystemHost - ok
18:36:03.0313 1420 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:36:03.0344 1420 WebClient - ok
18:36:03.0376 1420 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:36:03.0407 1420 Wecsvc - ok
18:36:03.0438 1420 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:36:03.0469 1420 wercplsupport - ok
18:36:03.0485 1420 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:36:03.0547 1420 WerSvc - ok
18:36:03.0563 1420 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:36:03.0594 1420 WfpLwf - ok
18:36:03.0625 1420 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:36:03.0625 1420 WIMMount - ok
18:36:03.0641 1420 WinDefend - ok
18:36:03.0656 1420 WinHttpAutoProxySvc - ok
18:36:03.0703 1420 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:36:03.0734 1420 Winmgmt - ok
18:36:03.0797 1420 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:36:03.0875 1420 WinRM - ok
18:36:03.0922 1420 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:36:03.0937 1420 WinUsb - ok
18:36:03.0968 1420 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:36:04.0015 1420 Wlansvc - ok
18:36:04.0093 1420 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:36:04.0156 1420 wlidsvc - ok
18:36:04.0171 1420 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:36:04.0187 1420 WmiAcpi - ok
18:36:04.0218 1420 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:36:04.0234 1420 wmiApSrv - ok
18:36:04.0249 1420 WMPNetworkSvc - ok
18:36:04.0265 1420 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:36:04.0280 1420 WPCSvc - ok
18:36:04.0312 1420 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:36:04.0327 1420 WPDBusEnum - ok
18:36:04.0343 1420 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:36:04.0390 1420 ws2ifsl - ok
18:36:04.0405 1420 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:36:04.0421 1420 wscsvc - ok
18:36:04.0421 1420 WSearch - ok
18:36:04.0483 1420 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:36:04.0561 1420 wuauserv - ok
18:36:04.0577 1420 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:36:04.0624 1420 WudfPf - ok
18:36:04.0655 1420 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:36:04.0670 1420 WUDFRd - ok
18:36:04.0702 1420 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:36:04.0717 1420 wudfsvc - ok
18:36:04.0733 1420 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:36:04.0764 1420 WwanSvc - ok
18:36:04.0795 1420 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
18:36:04.0826 1420 yukonw7 - ok
18:36:04.0826 1420 ================ Scan global ===============================
18:36:04.0842 1420 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:36:04.0873 1420 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:36:04.0889 1420 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:36:04.0904 1420 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:36:04.0936 1420 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:36:04.0936 1420 [Global] - ok
18:36:04.0936 1420 ================ Scan MBR ==================================
18:36:04.0936 1420 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:36:05.0170 1420 \Device\Harddisk0\DR0 - ok
18:36:05.0170 1420 ================ Scan VBR ==================================
18:36:05.0170 1420 [ FA8D45E4CFE165B0774E481E3E6F5587 ] \Device\Harddisk0\DR0\Partition1
18:36:05.0170 1420 \Device\Harddisk0\DR0\Partition1 - ok
18:36:05.0201 1420 [ 937F8BAB11D6B172448207A0EFA1F250 ] \Device\Harddisk0\DR0\Partition2
18:36:05.0201 1420 \Device\Harddisk0\DR0\Partition2 - ok
18:36:05.0216 1420 [ 77EA1404807AF72A7A5EA598F244D286 ] \Device\Harddisk0\DR0\Partition3
18:36:05.0216 1420 \Device\Harddisk0\DR0\Partition3 - ok
18:36:05.0216 1420 ============================================================
18:36:05.0216 1420 Scan finished
18:36:05.0216 1420 ============================================================
18:36:05.0232 4052 Detected object count: 3
18:36:05.0232 4052 Actual detected object count: 3
Viele Grüße! |
|
16.12.2012, 14:36
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVIRA findet EXP/Dldr.Java.N Das Log vom TDSS-Killer ist unvollständig, die untere Zusammenfassung fehlt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.12.2012, 21:56
| #9 |
| | AVIRA findet EXP/Dldr.Java.N Hi! Das ist alles was ich habe Code:
ATTFilter 18:35:03.0588 2800 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:35:03.0682 2800 ============================================================
18:35:03.0682 2800 Current date / time: 2012/12/14 18:35:03.0682
18:35:03.0682 2800 SystemInfo:
18:35:03.0682 2800
18:35:03.0682 2800 OS Version: 6.1.7601 ServicePack: 1.0
18:35:03.0682 2800 Product type: Workstation
18:35:03.0682 2800 ComputerName: PH-SHUTTLE
18:35:03.0682 2800 UserName: PH
18:35:03.0682 2800 Windows directory: C:\Windows
18:35:03.0682 2800 System windows directory: C:\Windows
18:35:03.0682 2800 Running under WOW64
18:35:03.0682 2800 Processor architecture: Intel x64
18:35:03.0682 2800 Number of processors: 2
18:35:03.0682 2800 Page size: 0x1000
18:35:03.0682 2800 Boot type: Normal boot
18:35:03.0682 2800 ============================================================
18:35:04.0712 2800 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:35:04.0727 2800 ============================================================
18:35:04.0727 2800 \Device\Harddisk0\DR0:
18:35:04.0727 2800 MBR partitions:
18:35:04.0727 2800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:35:04.0727 2800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2AB65800
18:35:04.0727 2800 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2AB98000, BlocksNum 0x49B6D800
18:35:04.0727 2800 ============================================================
18:35:04.0758 2800 C: <-> \Device\Harddisk0\DR0\Partition2
18:35:04.0790 2800 A: <-> \Device\Harddisk0\DR0\Partition3
18:35:04.0790 2800 ============================================================
18:35:04.0790 2800 Initialize success
18:35:04.0790 2800 ============================================================
18:35:40.0771 1420 ============================================================
18:35:40.0771 1420 Scan started
18:35:40.0771 1420 Mode: Manual; SigCheck; TDLFS;
18:35:40.0771 1420 ============================================================
18:35:41.0099 1420 ================ Scan system memory ========================
18:35:41.0099 1420 System memory - ok
18:35:41.0099 1420 ================ Scan services =============================
18:35:41.0239 1420 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:35:41.0348 1420 1394ohci - ok
18:35:41.0364 1420 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:35:41.0380 1420 ACPI - ok
18:35:41.0411 1420 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:35:41.0473 1420 AcpiPmi - ok
18:35:41.0567 1420 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:35:41.0582 1420 AdobeARMservice - ok
18:35:41.0692 1420 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:35:41.0692 1420 AdobeFlashPlayerUpdateSvc - ok
18:35:41.0754 1420 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:35:41.0770 1420 adp94xx - ok
18:35:41.0801 1420 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:35:41.0816 1420 adpahci - ok
18:35:41.0848 1420 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:35:41.0863 1420 adpu320 - ok
18:35:41.0879 1420 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:35:42.0004 1420 AeLookupSvc - ok
18:35:42.0050 1420 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:35:42.0097 1420 AFD - ok
18:35:42.0113 1420 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:35:42.0128 1420 agp440 - ok
18:35:42.0144 1420 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:35:42.0206 1420 ALG - ok
18:35:42.0238 1420 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:35:42.0238 1420 aliide - ok
18:35:42.0253 1420 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:35:42.0269 1420 amdide - ok
18:35:42.0284 1420 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:35:42.0331 1420 AmdK8 - ok
18:35:42.0331 1420 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:35:42.0362 1420 AmdPPM - ok
18:35:42.0378 1420 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:35:42.0394 1420 amdsata - ok
18:35:42.0425 1420 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:35:42.0440 1420 amdsbs - ok
18:35:42.0456 1420 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:35:42.0472 1420 amdxata - ok
18:35:42.0550 1420 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:35:42.0565 1420 AntiVirSchedulerService - ok
18:35:42.0596 1420 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:35:42.0596 1420 AntiVirService - ok
18:35:42.0628 1420 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:35:42.0752 1420 AppID - ok
18:35:42.0752 1420 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:35:42.0815 1420 AppIDSvc - ok
18:35:42.0830 1420 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:35:42.0877 1420 Appinfo - ok
18:35:42.0955 1420 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:35:42.0955 1420 Apple Mobile Device - ok
18:35:42.0971 1420 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:35:42.0986 1420 arc - ok
18:35:43.0018 1420 [ 57FD55F0C8F08BF715BB7A5DD73A9E60 ] ArchiCrypt Sichere Loeschzonen C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe
18:35:43.0080 1420 ArchiCrypt Sichere Loeschzonen - ok
18:35:43.0096 1420 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:35:43.0111 1420 arcsas - ok
18:35:43.0127 1420 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:35:43.0189 1420 AsyncMac - ok
18:35:43.0220 1420 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:35:43.0236 1420 atapi - ok
18:35:43.0252 1420 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:35:43.0330 1420 AudioEndpointBuilder - ok
18:35:43.0345 1420 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:35:43.0376 1420 AudioSrv - ok
18:35:43.0423 1420 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:35:43.0439 1420 avgntflt - ok
18:35:43.0439 1420 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:35:43.0454 1420 avipbb - ok
18:35:43.0486 1420 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:35:43.0486 1420 avkmgr - ok
18:35:43.0548 1420 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:35:43.0610 1420 AxInstSV - ok
18:35:43.0642 1420 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:35:43.0688 1420 b06bdrv - ok
18:35:43.0735 1420 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:35:43.0766 1420 b57nd60a - ok
18:35:43.0782 1420 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:35:43.0813 1420 BDESVC - ok
18:35:43.0844 1420 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:35:43.0891 1420 Beep - ok
18:35:43.0954 1420 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:35:44.0000 1420 BFE - ok
18:35:44.0047 1420 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:35:44.0110 1420 BITS - ok
18:35:44.0141 1420 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:35:44.0172 1420 blbdrive - ok
18:35:44.0234 1420 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:35:44.0250 1420 Bonjour Service - ok
18:35:44.0266 1420 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:35:44.0297 1420 bowser - ok
18:35:44.0297 1420 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:35:44.0359 1420 BrFiltLo - ok
18:35:44.0359 1420 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:35:44.0406 1420 BrFiltUp - ok
18:35:44.0422 1420 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:35:44.0453 1420 Browser - ok
18:35:44.0484 1420 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:35:44.0515 1420 Brserid - ok
18:35:44.0515 1420 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:35:44.0546 1420 BrSerWdm - ok
18:35:44.0546 1420 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:35:44.0562 1420 BrUsbMdm - ok
18:35:44.0562 1420 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:35:44.0578 1420 BrUsbSer - ok
18:35:44.0578 1420 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:35:44.0593 1420 BTHMODEM - ok
18:35:44.0624 1420 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:35:44.0671 1420 bthserv - ok
18:35:44.0671 1420 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:35:44.0718 1420 cdfs - ok
18:35:44.0765 1420 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:35:44.0796 1420 cdrom - ok
18:35:44.0827 1420 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:35:44.0874 1420 CertPropSvc - ok
18:35:44.0890 1420 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:35:44.0921 1420 circlass - ok
18:35:44.0968 1420 [ 125327DF629324FAD78D9A95CCD0F425 ] CLBStor C:\Windows\system32\DRIVERS\CLBStor.sys
18:35:44.0983 1420 CLBStor - ok
18:35:45.0014 1420 [ 9C0CD75FEA24E7E0E835EEE7F14406F7 ] CLBUDF C:\Windows\system32\drivers\CLBUDF.sys
18:35:45.0030 1420 CLBUDF - ok
18:35:45.0046 1420 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:35:45.0061 1420 CLFS - ok
18:35:45.0155 1420 [ 4642B5A3E0D2E61D08163DE95FC5B949 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
18:35:45.0155 1420 CLKMSVC10_9EC60124 - ok
18:35:45.0217 1420 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:35:45.0233 1420 clr_optimization_v2.0.50727_32 - ok
18:35:45.0248 1420 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:35:45.0264 1420 clr_optimization_v2.0.50727_64 - ok
18:35:45.0326 1420 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:35:45.0342 1420 clr_optimization_v4.0.30319_32 - ok
18:35:45.0389 1420 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:35:45.0389 1420 clr_optimization_v4.0.30319_64 - ok
18:35:45.0420 1420 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:35:45.0436 1420 CmBatt - ok
18:35:45.0467 1420 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:35:45.0467 1420 cmdide - ok
18:35:45.0498 1420 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:35:45.0529 1420 CNG - ok
18:35:45.0529 1420 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:35:45.0545 1420 Compbatt - ok
18:35:45.0592 1420 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:35:45.0607 1420 CompositeBus - ok
18:35:45.0607 1420 COMSysApp - ok
18:35:45.0638 1420 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:35:45.0654 1420 crcdisk - ok
18:35:45.0701 1420 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:35:45.0716 1420 CryptSvc - ok
18:35:45.0763 1420 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:35:45.0810 1420 DcomLaunch - ok
18:35:45.0857 1420 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:35:45.0904 1420 defragsvc - ok
18:35:45.0950 1420 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:35:45.0997 1420 DfsC - ok
18:35:46.0044 1420 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:35:46.0106 1420 Dhcp - ok
18:35:46.0122 1420 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:35:46.0153 1420 discache - ok
18:35:46.0184 1420 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:35:46.0200 1420 Disk - ok
18:35:46.0216 1420 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:35:46.0262 1420 Dnscache - ok
18:35:46.0294 1420 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:35:46.0356 1420 dot3svc - ok
18:35:46.0387 1420 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:35:46.0434 1420 DPS - ok
18:35:46.0481 1420 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:35:46.0496 1420 drmkaud - ok
18:35:46.0528 1420 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:35:46.0559 1420 DXGKrnl - ok
18:35:46.0574 1420 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:35:46.0621 1420 EapHost - ok
18:35:46.0668 1420 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:35:46.0762 1420 ebdrv - ok
18:35:46.0793 1420 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:35:46.0824 1420 EFS - ok
18:35:46.0855 1420 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:35:46.0902 1420 ehRecvr - ok
18:35:46.0918 1420 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:35:46.0933 1420 ehSched - ok
18:35:46.0964 1420 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:35:46.0980 1420 elxstor - ok
18:35:47.0011 1420 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:35:47.0027 1420 ErrDev - ok
18:35:47.0058 1420 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:35:47.0120 1420 EventSystem - ok
18:35:47.0120 1420 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:35:47.0167 1420 exfat - ok
18:35:47.0183 1420 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:35:47.0214 1420 fastfat - ok
18:35:47.0261 1420 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:35:47.0323 1420 Fax - ok
18:35:47.0339 1420 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:35:47.0370 1420 fdc - ok
18:35:47.0386 1420 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:35:47.0432 1420 fdPHost - ok
18:35:47.0464 1420 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:35:47.0495 1420 FDResPub - ok
18:35:47.0510 1420 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:35:47.0526 1420 FileInfo - ok
18:35:47.0542 1420 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:35:47.0588 1420 Filetrace - ok
18:35:47.0620 1420 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:35:47.0620 1420 flpydisk - ok
18:35:47.0666 1420 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:35:47.0682 1420 FltMgr - ok
18:35:47.0729 1420 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:35:47.0791 1420 FontCache - ok
18:35:47.0838 1420 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:35:47.0838 1420 FontCache3.0.0.0 - ok
18:35:47.0854 1420 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:35:47.0869 1420 FsDepends - ok
18:35:47.0900 1420 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:35:47.0900 1420 Fs_Rec - ok
18:35:47.0963 1420 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:35:47.0978 1420 fvevol - ok
18:35:47.0994 1420 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:35:48.0010 1420 gagp30kx - ok
18:35:48.0041 1420 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:35:48.0041 1420 GEARAspiWDM - ok
18:35:48.0119 1420 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:35:48.0212 1420 gpsvc - ok
18:35:48.0368 1420 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:35:48.0384 1420 gusvc - ok
18:35:48.0400 1420 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:35:48.0415 1420 hcw85cir - ok
18:35:48.0462 1420 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:35:48.0493 1420 HdAudAddService - ok
18:35:48.0509 1420 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:35:48.0540 1420 HDAudBus - ok
18:35:48.0556 1420 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:35:48.0587 1420 HidBatt - ok
18:35:48.0602 1420 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:35:48.0634 1420 HidBth - ok
18:35:48.0649 1420 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:35:48.0665 1420 HidIr - ok
18:35:48.0680 1420 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:35:48.0712 1420 hidserv - ok
18:35:48.0743 1420 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:35:48.0743 1420 HidUsb - ok
18:35:48.0790 1420 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:35:48.0836 1420 hkmsvc - ok
18:35:48.0868 1420 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:35:48.0914 1420 HomeGroupListener - ok
18:35:48.0930 1420 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:35:48.0961 1420 HomeGroupProvider - ok
18:35:48.0992 1420 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:35:48.0992 1420 HpSAMD - ok
18:35:49.0055 1420 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:35:49.0102 1420 HTTP - ok
18:35:49.0133 1420 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:35:49.0148 1420 hwpolicy - ok
18:35:49.0180 1420 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:35:49.0195 1420 i8042prt - ok
18:35:49.0226 1420 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:35:49.0242 1420 iaStorV - ok
18:35:49.0304 1420 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:35:49.0320 1420 idsvc - ok
18:35:49.0507 1420 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:35:49.0741 1420 igfx - ok
18:35:49.0804 1420 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:35:49.0819 1420 iirsp - ok
18:35:49.0850 1420 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:35:49.0913 1420 IKEEXT - ok
18:35:49.0928 1420 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:35:49.0944 1420 intelide - ok
18:35:49.0975 1420 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:35:49.0991 1420 intelppm - ok
18:35:50.0022 1420 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:35:50.0069 1420 IPBusEnum - ok
18:35:50.0100 1420 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:35:50.0131 1420 IpFilterDriver - ok
18:35:50.0178 1420 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:35:50.0209 1420 iphlpsvc - ok
18:35:50.0225 1420 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:35:50.0240 1420 IPMIDRV - ok
18:35:50.0256 1420 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:35:50.0287 1420 IPNAT - ok
18:35:50.0350 1420 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:35:50.0365 1420 iPod Service - ok
18:35:50.0381 1420 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:35:50.0428 1420 IRENUM - ok
18:35:50.0459 1420 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:35:50.0474 1420 isapnp - ok
18:35:50.0490 1420 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:35:50.0506 1420 iScsiPrt - ok
18:35:50.0537 1420 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:35:50.0537 1420 kbdclass - ok
18:35:50.0552 1420 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:35:50.0568 1420 kbdhid - ok
18:35:50.0568 1420 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:35:50.0584 1420 KeyIso - ok
18:35:50.0599 1420 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:35:50.0615 1420 KSecDD - ok
18:35:50.0646 1420 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:35:50.0646 1420 KSecPkg - ok
18:35:50.0662 1420 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:35:50.0693 1420 ksthunk - ok
18:35:50.0724 1420 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:35:50.0771 1420 KtmRm - ok
18:35:50.0802 1420 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:35:50.0833 1420 LanmanServer - ok
18:35:50.0864 1420 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:35:50.0911 1420 LanmanWorkstation - ok
18:35:50.0989 1420 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:35:51.0005 1420 LBTServ - ok
18:35:51.0036 1420 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:35:51.0052 1420 LHidFilt - ok
18:35:51.0130 1420 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:35:51.0161 1420 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:35:51.0161 1420 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:35:51.0176 1420 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:35:51.0223 1420 lltdio - ok
18:35:51.0254 1420 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:35:51.0317 1420 lltdsvc - ok
18:35:51.0332 1420 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:35:51.0379 1420 lmhosts - ok
18:35:51.0410 1420 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:35:51.0426 1420 LMouFilt - ok
18:35:51.0442 1420 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:35:51.0457 1420 LSI_FC - ok
18:35:51.0473 1420 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:35:51.0488 1420 LSI_SAS - ok
18:35:51.0504 1420 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:35:51.0520 1420 LSI_SAS2 - ok
18:35:51.0535 1420 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:35:51.0551 1420 LSI_SCSI - ok
18:35:51.0566 1420 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:35:51.0613 1420 luafv - ok
18:35:51.0644 1420 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:35:51.0676 1420 Mcx2Svc - ok
18:35:51.0691 1420 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:35:51.0707 1420 megasas - ok
18:35:51.0722 1420 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:35:51.0738 1420 MegaSR - ok
18:35:51.0800 1420 Microsoft SharePoint Workspace Audit Service - ok
18:35:51.0816 1420 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:35:51.0847 1420 MMCSS - ok
18:35:51.0878 1420 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:35:51.0925 1420 Modem - ok
18:35:51.0925 1420 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:35:51.0956 1420 monitor - ok
18:35:51.0972 1420 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:35:51.0988 1420 mouclass - ok
18:35:52.0019 1420 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:35:52.0034 1420 mouhid - ok
18:35:52.0066 1420 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:35:52.0081 1420 mountmgr - ok
18:35:52.0128 1420 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:35:52.0144 1420 MozillaMaintenance - ok
18:35:52.0159 1420 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:35:52.0175 1420 mpio - ok
18:35:52.0190 1420 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:35:52.0222 1420 mpsdrv - ok
18:35:52.0268 1420 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:35:52.0315 1420 MpsSvc - ok
18:35:52.0346 1420 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:35:52.0378 1420 MRxDAV - ok
18:35:52.0409 1420 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:35:52.0440 1420 mrxsmb - ok
18:35:52.0456 1420 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:35:52.0471 1420 mrxsmb10 - ok
18:35:52.0487 1420 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:35:52.0502 1420 mrxsmb20 - ok
18:35:52.0534 1420 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:35:52.0549 1420 msahci - ok
18:35:52.0580 1420 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:35:52.0596 1420 msdsm - ok
18:35:52.0612 1420 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:35:52.0627 1420 MSDTC - ok
18:35:52.0658 1420 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:35:52.0705 1420 Msfs - ok
18:35:52.0721 1420 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:35:52.0752 1420 mshidkmdf - ok
18:35:52.0768 1420 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:35:52.0783 1420 msisadrv - ok
18:35:52.0814 1420 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:35:52.0861 1420 MSiSCSI - ok
18:35:52.0861 1420 msiserver - ok
18:35:52.0877 1420 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:35:52.0924 1420 MSKSSRV - ok
18:35:52.0924 1420 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:35:52.0970 1420 MSPCLOCK - ok
18:35:52.0986 1420 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:35:53.0017 1420 MSPQM - ok
18:35:53.0048 1420 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:35:53.0064 1420 MsRPC - ok
18:35:53.0080 1420 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:35:53.0080 1420 mssmbios - ok
18:35:53.0095 1420 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:35:53.0142 1420 MSTEE - ok
18:35:53.0142 1420 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:35:53.0158 1420 MTConfig - ok
18:35:53.0173 1420 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:35:53.0189 1420 Mup - ok
18:35:53.0236 1420 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:35:53.0282 1420 napagent - ok
18:35:53.0314 1420 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:35:53.0329 1420 NativeWifiP - ok
18:35:53.0423 1420 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:35:53.0454 1420 NDIS - ok
18:35:53.0470 1420 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:35:53.0501 1420 NdisCap - ok
18:35:53.0532 1420 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:35:53.0563 1420 NdisTapi - ok
18:35:53.0610 1420 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:35:53.0672 1420 Ndisuio - ok
18:35:53.0704 1420 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:35:53.0735 1420 NdisWan - ok
18:35:53.0766 1420 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:35:53.0797 1420 NDProxy - ok
18:35:53.0875 1420 [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
18:35:53.0906 1420 Nero BackItUp Scheduler 3 - ok
18:35:53.0922 1420 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:35:53.0969 1420 NetBIOS - ok
18:35:54.0000 1420 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:35:54.0047 1420 NetBT - ok
18:35:54.0062 1420 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:35:54.0062 1420 Netlogon - ok
18:35:54.0125 1420 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:35:54.0156 1420 Netman - ok
18:35:54.0172 1420 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:35:54.0203 1420 netprofm - ok
18:35:54.0234 1420 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:35:54.0250 1420 NetTcpPortSharing - ok
18:35:54.0265 1420 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:35:54.0281 1420 nfrd960 - ok
18:35:54.0312 1420 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:35:54.0328 1420 NlaSvc - ok
18:35:54.0421 1420 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
18:35:54.0437 1420 NMIndexingService - ok
18:35:54.0437 1420 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:35:54.0484 1420 Npfs - ok
18:35:54.0515 1420 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:35:54.0546 1420 nsi - ok
18:35:54.0562 1420 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:35:54.0593 1420 nsiproxy - ok
18:35:54.0640 1420 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:35:54.0686 1420 Ntfs - ok
18:35:54.0702 1420 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:35:54.0733 1420 Null - ok
18:35:54.0764 1420 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:35:54.0764 1420 nvraid - ok
18:35:54.0811 1420 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:35:54.0827 1420 nvstor - ok
18:35:54.0842 1420 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:35:54.0842 1420 nv_agp - ok
18:35:54.0874 1420 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:35:54.0889 1420 ohci1394 - ok
18:35:54.0920 1420 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:35:54.0936 1420 ose - ok
18:35:55.0030 1420 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:35:55.0154 1420 osppsvc - ok
18:35:55.0170 1420 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:35:55.0217 1420 p2pimsvc - ok
18:35:55.0232 1420 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:35:55.0248 1420 p2psvc - ok
18:35:55.0279 1420 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:35:55.0310 1420 Parport - ok
18:35:55.0326 1420 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:35:55.0342 1420 partmgr - ok
18:35:55.0357 1420 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:35:55.0388 1420 PcaSvc - ok
18:35:55.0420 1420 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:35:55.0420 1420 pci - ok
18:35:55.0435 1420 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:35:55.0451 1420 pciide - ok
18:35:55.0466 1420 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:35:55.0482 1420 pcmcia - ok
18:35:55.0498 1420 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:35:55.0513 1420 pcw - ok
18:35:55.0544 1420 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:35:55.0576 1420 PEAUTH - ok
18:35:55.0654 1420 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:35:55.0685 1420 PerfHost - ok
18:35:55.0732 1420 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:35:55.0810 1420 pla - ok
18:35:55.0825 1420 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
18:35:55.0856 1420 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
18:35:55.0856 1420 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
18:35:55.0903 1420 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:35:55.0934 1420 PlugPlay - ok
18:35:55.0950 1420 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:35:55.0950 1420 PNRPAutoReg - ok
18:35:55.0966 1420 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:35:55.0981 1420 PNRPsvc - ok
18:35:55.0997 1420 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:35:56.0044 1420 PolicyAgent - ok
18:35:56.0059 1420 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:35:56.0106 1420 Power - ok
18:35:56.0153 1420 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:35:56.0200 1420 PptpMiniport - ok
18:35:56.0215 1420 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:35:56.0231 1420 Processor - ok
18:35:56.0278 1420 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:35:56.0309 1420 ProfSvc - ok
18:35:56.0324 1420 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:35:56.0340 1420 ProtectedStorage - ok
18:35:56.0387 1420 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:35:56.0434 1420 Psched - ok
18:35:56.0465 1420 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:35:56.0496 1420 ql2300 - ok
18:35:56.0512 1420 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:35:56.0527 1420 ql40xx - ok
18:35:56.0558 1420 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:35:56.0574 1420 QWAVE - ok
18:35:56.0590 1420 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:35:56.0605 1420 QWAVEdrv - ok
18:35:56.0621 1420 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:35:56.0652 1420 RasAcd - ok
18:35:56.0668 1420 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:35:56.0699 1420 RasAgileVpn - ok
18:35:56.0730 1420 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:35:56.0777 1420 RasAuto - ok
18:35:56.0808 1420 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:35:56.0839 1420 Rasl2tp - ok
18:35:56.0886 1420 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:35:56.0917 1420 RasMan - ok
18:35:56.0933 1420 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:35:56.0995 1420 RasPppoe - ok
18:35:57.0011 1420 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:35:57.0042 1420 RasSstp - ok
18:35:57.0058 1420 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:35:57.0089 1420 rdbss - ok
18:35:57.0104 1420 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:35:57.0120 1420 rdpbus - ok
18:35:57.0136 1420 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:35:57.0167 1420 RDPCDD - ok
18:35:57.0198 1420 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:35:57.0229 1420 RDPENCDD - ok
18:35:57.0245 1420 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:35:57.0292 1420 RDPREFMP - ok
18:35:57.0323 1420 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:35:57.0354 1420 RDPWD - ok
18:35:57.0385 1420 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:35:57.0385 1420 rdyboost - ok
18:35:57.0416 1420 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:35:57.0463 1420 RemoteAccess - ok
18:35:57.0494 1420 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:35:57.0541 1420 RemoteRegistry - ok
18:35:57.0572 1420 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:35:57.0604 1420 RpcEptMapper - ok
18:35:57.0619 1420 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:35:57.0650 1420 RpcLocator - ok
18:35:57.0682 1420 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:35:57.0728 1420 RpcSs - ok
18:35:57.0744 1420 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:35:57.0791 1420 rspndr - ok
18:35:57.0806 1420 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:35:57.0822 1420 SamSs - ok
18:35:57.0853 1420 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:35:57.0869 1420 sbp2port - ok
18:35:57.0884 1420 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:35:57.0931 1420 SCardSvr - ok
18:35:57.0962 1420 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:35:57.0994 1420 scfilter - ok
18:35:58.0040 1420 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:35:58.0087 1420 Schedule - ok
18:35:58.0134 1420 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:35:58.0165 1420 SCPolicySvc - ok
18:35:58.0196 1420 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:35:58.0228 1420 SDRSVC - ok
18:35:58.0243 1420 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:35:58.0290 1420 secdrv - ok
18:35:58.0306 1420 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:35:58.0337 1420 seclogon - ok
18:35:58.0337 1420 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:35:58.0399 1420 SENS - ok
18:35:58.0399 1420 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:35:58.0430 1420 SensrSvc - ok
18:35:58.0462 1420 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:35:58.0477 1420 Serenum - ok
18:35:58.0493 1420 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:35:58.0524 1420 Serial - ok
18:35:58.0540 1420 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:35:58.0555 1420 sermouse - ok
18:35:58.0602 1420 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:35:58.0633 1420 SessionEnv - ok
18:35:58.0664 1420 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:35:58.0680 1420 sffdisk - ok
18:35:58.0696 1420 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:35:58.0711 1420 sffp_mmc - ok
18:35:58.0711 1420 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:35:58.0727 1420 sffp_sd - ok
18:35:58.0742 1420 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:35:58.0758 1420 sfloppy - ok
18:35:58.0789 1420 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:35:58.0820 1420 SharedAccess - ok
18:35:58.0852 1420 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:35:58.0898 1420 ShellHWDetection - ok
18:35:58.0930 1420 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:35:58.0930 1420 SiSRaid2 - ok
18:35:58.0945 1420 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:35:58.0961 1420 SiSRaid4 - ok
18:35:58.0976 1420 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:35:59.0008 1420 Smb - ok
18:35:59.0054 1420 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:35:59.0070 1420 SNMPTRAP - ok
18:35:59.0101 1420 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:35:59.0101 1420 spldr - ok
18:35:59.0132 1420 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:35:59.0164 1420 Spooler - ok
18:35:59.0242 1420 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:35:59.0366 1420 sppsvc - ok
18:35:59.0382 1420 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:35:59.0444 1420 sppuinotify - ok
18:35:59.0476 1420 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:35:59.0522 1420 srv - ok
18:35:59.0554 1420 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:35:59.0569 1420 srv2 - ok
18:35:59.0585 1420 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:35:59.0600 1420 srvnet - ok
18:35:59.0616 1420 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:35:59.0663 1420 SSDPSRV - ok
18:35:59.0678 1420 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:35:59.0710 1420 SstpSvc - ok
18:35:59.0741 1420 Steam Client Service - ok
18:35:59.0756 1420 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:35:59.0772 1420 stexstor - ok
18:35:59.0819 1420 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:35:59.0850 1420 stisvc - ok
18:35:59.0881 1420 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:35:59.0881 1420 swenum - ok
18:35:59.0912 1420 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:35:59.0959 1420 swprv - ok
18:36:00.0006 1420 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:36:00.0053 1420 SysMain - ok
18:36:00.0068 1420 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:36:00.0100 1420 TabletInputService - ok
18:36:00.0131 1420 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:36:00.0178 1420 TapiSrv - ok
18:36:00.0193 1420 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:36:00.0240 1420 TBS - ok
18:36:00.0302 1420 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:36:00.0349 1420 Tcpip - ok
18:36:00.0396 1420 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:36:00.0443 1420 TCPIP6 - ok
18:36:00.0458 1420 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:36:00.0490 1420 tcpipreg - ok
18:36:00.0505 1420 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:36:00.0536 1420 TDPIPE - ok
18:36:00.0552 1420 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:36:00.0568 1420 TDTCP - ok
18:36:00.0599 1420 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:36:00.0646 1420 tdx - ok
18:36:00.0677 1420 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:36:00.0692 1420 TermDD - ok
18:36:00.0724 1420 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:36:00.0770 1420 TermService - ok
18:36:00.0786 1420 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:36:00.0802 1420 Themes - ok
18:36:00.0817 1420 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:36:00.0848 1420 THREADORDER - ok
18:36:00.0864 1420 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:36:00.0895 1420 TrkWks - ok
18:36:00.0958 1420 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
18:36:00.0973 1420 truecrypt - ok
18:36:01.0004 1420 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:36:01.0067 1420 TrustedInstaller - ok
18:36:01.0098 1420 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:36:01.0129 1420 tssecsrv - ok
18:36:01.0160 1420 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:36:01.0192 1420 TsUsbFlt - ok
18:36:01.0238 1420 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:36:01.0285 1420 tunnel - ok
18:36:01.0301 1420 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:36:01.0316 1420 uagp35 - ok
18:36:01.0332 1420 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:36:01.0379 1420 udfs - ok
18:36:01.0410 1420 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:36:01.0426 1420 UI0Detect - ok
18:36:01.0441 1420 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:36:01.0441 1420 uliagpkx - ok
18:36:01.0472 1420 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:36:01.0488 1420 umbus - ok
18:36:01.0504 1420 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:36:01.0519 1420 UmPass - ok
18:36:01.0535 1420 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:36:01.0582 1420 upnphost - ok
18:36:01.0613 1420 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:36:01.0613 1420 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:36:01.0613 1420 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:36:01.0628 1420 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:36:01.0675 1420 usbccgp - ok
18:36:01.0706 1420 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:36:01.0722 1420 usbcir - ok
18:36:01.0738 1420 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:36:01.0753 1420 usbehci - ok
18:36:01.0769 1420 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:36:01.0784 1420 usbhub - ok
18:36:01.0800 1420 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:36:01.0816 1420 usbohci - ok
18:36:01.0847 1420 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:36:01.0862 1420 usbprint - ok
18:36:01.0878 1420 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:36:01.0894 1420 USBSTOR - ok
18:36:01.0909 1420 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:36:01.0925 1420 usbuhci - ok
18:36:01.0956 1420 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:36:02.0003 1420 UxSms - ok
18:36:02.0018 1420 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:36:02.0034 1420 VaultSvc - ok
18:36:02.0034 1420 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:36:02.0050 1420 vdrvroot - ok
18:36:02.0096 1420 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:36:02.0128 1420 vds - ok
18:36:02.0143 1420 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:36:02.0159 1420 vga - ok
18:36:02.0174 1420 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:36:02.0206 1420 VgaSave - ok
18:36:02.0221 1420 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:36:02.0237 1420 vhdmp - ok
18:36:02.0268 1420 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:36:02.0268 1420 viaide - ok
18:36:02.0284 1420 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:36:02.0299 1420 volmgr - ok
18:36:02.0330 1420 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:36:02.0346 1420 volmgrx - ok
18:36:02.0362 1420 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:36:02.0377 1420 volsnap - ok
18:36:02.0408 1420 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:36:02.0424 1420 vsmraid - ok
18:36:02.0471 1420 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:36:02.0549 1420 VSS - ok
18:36:02.0564 1420 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:36:02.0580 1420 vwifibus - ok
18:36:02.0611 1420 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:36:02.0658 1420 W32Time - ok
18:36:02.0689 1420 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:36:02.0705 1420 WacomPen - ok
18:36:02.0736 1420 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:36:02.0783 1420 WANARP - ok
18:36:02.0783 1420 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:36:02.0814 1420 Wanarpv6 - ok
18:36:02.0876 1420 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:36:02.0939 1420 wbengine - ok
18:36:02.0954 1420 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:36:02.0970 1420 WbioSrvc - ok
18:36:03.0001 1420 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:36:03.0048 1420 wcncsvc - ok
18:36:03.0048 1420 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:36:03.0079 1420 WcsPlugInService - ok
18:36:03.0095 1420 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:36:03.0110 1420 Wd - ok
18:36:03.0142 1420 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:36:03.0173 1420 Wdf01000 - ok
18:36:03.0188 1420 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:36:03.0251 1420 WdiServiceHost - ok
18:36:03.0251 1420 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:36:03.0282 1420 WdiSystemHost - ok
18:36:03.0313 1420 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:36:03.0344 1420 WebClient - ok
18:36:03.0376 1420 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:36:03.0407 1420 Wecsvc - ok
18:36:03.0438 1420 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:36:03.0469 1420 wercplsupport - ok
18:36:03.0485 1420 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:36:03.0547 1420 WerSvc - ok
18:36:03.0563 1420 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:36:03.0594 1420 WfpLwf - ok
18:36:03.0625 1420 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:36:03.0625 1420 WIMMount - ok
18:36:03.0641 1420 WinDefend - ok
18:36:03.0656 1420 WinHttpAutoProxySvc - ok
18:36:03.0703 1420 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:36:03.0734 1420 Winmgmt - ok
18:36:03.0797 1420 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:36:03.0875 1420 WinRM - ok
18:36:03.0922 1420 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:36:03.0937 1420 WinUsb - ok
18:36:03.0968 1420 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:36:04.0015 1420 Wlansvc - ok
18:36:04.0093 1420 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:36:04.0156 1420 wlidsvc - ok
18:36:04.0171 1420 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:36:04.0187 1420 WmiAcpi - ok
18:36:04.0218 1420 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:36:04.0234 1420 wmiApSrv - ok
18:36:04.0249 1420 WMPNetworkSvc - ok
18:36:04.0265 1420 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:36:04.0280 1420 WPCSvc - ok
18:36:04.0312 1420 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:36:04.0327 1420 WPDBusEnum - ok
18:36:04.0343 1420 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:36:04.0390 1420 ws2ifsl - ok
18:36:04.0405 1420 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:36:04.0421 1420 wscsvc - ok
18:36:04.0421 1420 WSearch - ok
18:36:04.0483 1420 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:36:04.0561 1420 wuauserv - ok
18:36:04.0577 1420 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:36:04.0624 1420 WudfPf - ok
18:36:04.0655 1420 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:36:04.0670 1420 WUDFRd - ok
18:36:04.0702 1420 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:36:04.0717 1420 wudfsvc - ok
18:36:04.0733 1420 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:36:04.0764 1420 WwanSvc - ok
18:36:04.0795 1420 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
18:36:04.0826 1420 yukonw7 - ok
18:36:04.0826 1420 ================ Scan global ===============================
18:36:04.0842 1420 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:36:04.0873 1420 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:36:04.0889 1420 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:36:04.0904 1420 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:36:04.0936 1420 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:36:04.0936 1420 [Global] - ok
18:36:04.0936 1420 ================ Scan MBR ==================================
18:36:04.0936 1420 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:36:05.0170 1420 \Device\Harddisk0\DR0 - ok
18:36:05.0170 1420 ================ Scan VBR ==================================
18:36:05.0170 1420 [ FA8D45E4CFE165B0774E481E3E6F5587 ] \Device\Harddisk0\DR0\Partition1
18:36:05.0170 1420 \Device\Harddisk0\DR0\Partition1 - ok
18:36:05.0201 1420 [ 937F8BAB11D6B172448207A0EFA1F250 ] \Device\Harddisk0\DR0\Partition2
18:36:05.0201 1420 \Device\Harddisk0\DR0\Partition2 - ok
18:36:05.0216 1420 [ 77EA1404807AF72A7A5EA598F244D286 ] \Device\Harddisk0\DR0\Partition3
18:36:05.0216 1420 \Device\Harddisk0\DR0\Partition3 - ok
18:36:05.0216 1420 ============================================================
18:36:05.0216 1420 Scan finished
18:36:05.0216 1420 ============================================================
18:36:05.0232 4052 Detected object count: 3
18:36:05.0232 4052 Actual detected object count: 3
18:43:15.0995 4052 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:43:15.0995 4052 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:43:15.0995 4052 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:43:15.0995 4052 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:43:15.0995 4052 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:43:15.0995 4052 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:43:25.0417 3536 Deinitialize success
|
|
18.12.2012, 23:22
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVIRA findet EXP/Dldr.Java.N Ist unauffällig adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.12.2012, 09:33
| #11 |
| | AVIRA findet EXP/Dldr.Java.N Da bin ich ja erleichtert! Vielen Dank! AdwCleaner Log Code:
ATTFilter # AdwCleaner v2.101 - Datei am 19/12/2012 um 18:48:55 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : PH - PH-SHUTTLE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\PH\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\PH\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\PH\AppData\Roaming\Mozilla\Firefox\Profiles\nsu3mzw6.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [900 octets] - [19/12/2012 18:48:55]
########## EOF - C:\AdwCleaner[R1].txt - [959 octets] ##########
Geändert von cosinus (19.12.2012 um 22:40 Uhr) Grund: CODE-Tags korrigiert |
|
19.12.2012, 22:41
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVIRA findet EXP/Dldr.Java.N adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.12.2012, 21:28
| #13 |
| | AVIRA findet EXP/Dldr.Java.N adwcleaner Code:
ATTFilter # AdwCleaner v2.101 - Datei am 20/12/2012 um 21:10:58 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : PH - PH-SHUTTLE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\PH\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\PH\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\PH\AppData\Roaming\Mozilla\Firefox\Profiles\nsu3mzw6.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [902 octets] - [20/12/2012 21:10:58]
########## EOF - C:\AdwCleaner[S1].txt - [961 octets] ##########
OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.12.2012 21:15:37 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PH\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,90% Memory free 7,87 Gb Paging File | 6,36 Gb Available in Paging File | 80,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 341,70 Gb Total Space | 229,60 Gb Free Space | 67,20% Space Free | Partition Type: NTFS Computer Name: PH-SHUTTLE | User Name: PH | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\PH\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\PH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\PH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ArchiCrypt Sichere Loeschzonen) -- C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector64.exe (Softwareentwicklung Remus - ArchiCrypt) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (CLBStor) -- C:\Windows\SysNative\drivers\CLBStor.sys (Cyberlink Co.,Ltd.) DRV:64bit: - (CLBUDF) -- C:\Windows\SysNative\drivers\CLBUDF.sys (CyberLink Corporation.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2394378626-3793514668-1418206493-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2394378626-3793514668-1418206493-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2394378626-3793514668-1418206493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2394378626-3793514668-1418206493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9 FF - prefs.js..extensions.enabledAddons: %7B394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B%7D:3.0.0 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1 FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.24 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 16:31:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 16:31:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.06 18:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PH\AppData\Roaming\mozilla\Extensions [2012.12.19 18:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PH\AppData\Roaming\mozilla\Firefox\Profiles\nsu3mzw6.default\extensions [2012.09.19 20:45:01 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\PH\AppData\Roaming\mozilla\Firefox\Profiles\nsu3mzw6.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2012.12.12 19:33:13 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\PH\AppData\Roaming\mozilla\Firefox\Profiles\nsu3mzw6.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2012.10.05 17:42:44 | 000,000,000 | ---D | M] (WOT) -- C:\Users\PH\AppData\Roaming\mozilla\Firefox\Profiles\nsu3mzw6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.06.09 10:52:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\PH\AppData\Roaming\mozilla\Firefox\Profiles\nsu3mzw6.default\extensions\DeviceDetection@logitech.com [2012.12.19 18:38:55 | 000,532,971 | ---- | M] () (No name found) -- C:\Users\PH\AppData\Roaming\mozilla\firefox\profiles\nsu3mzw6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.06.06 18:44:23 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\PH\AppData\Roaming\mozilla\firefox\profiles\nsu3mzw6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.12.01 16:59:51 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\PH\AppData\Roaming\mozilla\firefox\profiles\nsu3mzw6.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.12.08 16:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.08 16:31:18 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.12 18:58:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.01 17:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [InstantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (CyberLink Corporation.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2394378626-3793514668-1418206493-1000..\Run: [ArchiCrypt Scheduler 6] File not found O4 - HKU\S-1-5-21-2394378626-3793514668-1418206493-1000..\Run: [ArchiCrypt SecureDZone] File not found O4 - HKU\S-1-5-21-2394378626-3793514668-1418206493-1000..\Run: [ArchiCrypt Shredder 6] File not found O4 - HKU\S-1-5-21-2394378626-3793514668-1418206493-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-2394378626-3793514668-1418206493-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-2394378626-3793514668-1418206493-1000..\Run: [SkyDrive] C:\Users\PH\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\PH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\PH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{773DBAD3-B683-431D-878F-56CE4070912F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.20 21:09:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PH\Desktop\OTL.exe [2012.12.18 21:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.18 21:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.18 21:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.18 21:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.12.18 21:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.14 17:17:38 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.14 17:17:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.14 17:17:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.14 17:17:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.14 17:17:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.14 17:17:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.14 17:17:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.14 17:16:52 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.14 17:16:52 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.14 17:16:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.14 17:16:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.14 17:16:01 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.14 17:16:01 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.14 17:16:01 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.14 17:16:01 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.14 17:16:00 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.14 17:16:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.14 17:16:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.14 17:16:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.14 17:16:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.14 17:16:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.14 17:16:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.14 17:15:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.14 17:15:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.14 17:15:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.14 17:15:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.14 17:15:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.14 17:15:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.14 17:15:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.14 17:15:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.14 17:15:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.14 17:15:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.14 17:15:45 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.14 17:15:45 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.08 16:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.24 16:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.24 16:52:16 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.24 16:52:16 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.24 16:52:16 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files - Modified Within 30 Days ========== [2012.12.20 21:20:01 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.20 21:20:01 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.20 21:12:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.20 21:12:17 | 3167,887,360 | -HS- | M] () -- C:\hiberfil.sys [2012.12.20 21:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.20 21:09:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PH\Desktop\OTL.exe [2012.12.20 21:09:11 | 000,547,175 | ---- | M] () -- C:\Users\PH\Desktop\adwcleaner.exe [2012.12.20 17:49:57 | 000,001,048 | ---- | M] () -- C:\Users\PH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.20 17:49:20 | 000,001,010 | ---- | M] () -- C:\Users\PH\Desktop\Dropbox.lnk [2012.12.18 23:15:47 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.18 23:15:47 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.18 23:15:47 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.18 23:15:47 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.18 23:15:47 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.18 21:57:28 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.15 16:08:26 | 000,427,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.12 20:12:53 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.12 20:12:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.11 22:33:44 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.11 22:33:44 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2012.12.20 21:09:11 | 000,547,175 | ---- | C] () -- C:\Users\PH\Desktop\adwcleaner.exe [2012.12.18 21:57:28 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.10 21:21:59 | 000,000,105 | ---- | C] () -- C:\Users\PH\AppData\Roaming\default.pls [2012.06.10 21:09:34 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2012.06.10 21:09:23 | 000,001,024 | ---- | C] () -- C:\Users\PH\.rnd [2011.02.11 18:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011.02.11 18:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011.02.11 18:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.12.2012 21:15:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PH\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,90% Memory free
7,87 Gb Paging File | 6,36 Gb Available in Paging File | 80,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,70 Gb Total Space | 229,60 Gb Free Space | 67,20% Space Free | Partition Type: NTFS
Computer Name: PH-SHUTTLE | User Name: PH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2394378626-3793514668-1418206493-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" "%1"
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /ADD "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" "%1"
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /ADD "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F86D64-0A2E-4B9A-B6BE-C701806339B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BCDA9B4-56F1-4E18-8BAD-347949786339}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F9C3962-CB00-4058-8760-FD363F73C236}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2239C597-6641-43F7-BEB4-944EDBCDB998}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29FC3F35-F88D-41A9-A306-D13D42190B27}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C9E39C3-7B8E-4A74-9958-4567B5DD818B}" = rport=138 | protocol=17 | dir=out | app=system |
"{3168D8CD-D146-462B-8FBE-8C8299BE54EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{360F1F11-1592-4BFC-A607-2B578F10D881}" = lport=138 | protocol=17 | dir=in | app=system |
"{48A31A27-187B-428D-8015-276981C7FF6E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{60721806-FE00-47E1-AA94-B24E2C8893F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{752D9745-3A08-4F01-AAAD-48B6B49CCCF2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78C2DF22-095B-43A6-8162-10F9478B7192}" = rport=137 | protocol=17 | dir=out | app=system |
"{8A92D906-1F6E-46B7-91BE-FE633E92742B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A80AED25-3BF4-4225-9A2B-F4993E26439F}" = rport=445 | protocol=6 | dir=out | app=system |
"{AB6F7214-CD57-4F48-8ACC-3924AF926EDF}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD0877F4-C4FF-4565-A2C4-9FBC8EADB399}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{ADC19227-DC80-43C0-A6EC-21C350975DFD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB7F6DA4-D6F3-44E1-8B85-D3F774F316B7}" = lport=137 | protocol=17 | dir=in | app=system |
"{D13A23EE-D438-4A6C-A91A-6CB795158C7E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D44B61B0-93DE-4940-9F13-5B72CCA32B62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F80F0126-EB40-44AB-9C17-3A8ED336209C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBAC3D26-AB4D-479E-8E50-B8B2775B745A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039B63F9-ABD3-4EAF-938A-982A540764AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{05C78AC9-AD31-4017-A5FA-ABAFDEDA1E86}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{08EBB936-2DAA-4323-AEF7-2A4B8ADDD384}" = protocol=17 | dir=in | app=c:\users\ph\appdata\local\microsoft\skydrive\skydrive.exe |
"{0F65DA93-D468-4416-B298-13C7AED15F8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{157328C2-5F23-4C4E-A50B-37AA8AC4183E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1893E2A4-F4FD-4610-A337-2256CDC57239}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{21C1FBA7-12CF-47DB-B515-420A0E5A9129}" = protocol=17 | dir=in | app=c:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe |
"{29591965-F53E-47A2-B3B7-F290DF499C0C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{2E81644C-1D44-4608-8C3A-69247A0ACAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{39CEB074-D778-4DD7-B012-67570353BB3C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3AEF2935-98DF-4B8E-BE0D-E78CB0E8AB90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B4123F9-F7A7-4794-BCE9-99915F57838D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{52748C1D-E007-4769-8708-CFBAA608B9E5}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{53D37C68-6E43-4DF0-9C50-89931A12A6A6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{554057A3-C517-46E2-A625-D2737F0C0D35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5754A9B6-BB27-4944-86E9-D3DAC65D853A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FED57D3-2DD0-41B3-BAE4-BDADF1363F74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60B0C927-253F-41D7-98ED-FC94CFEE5EED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{6CC5A48B-BB76-461D-8337-47165D54B7CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{70CC4748-EA23-42B9-9545-DBC524B7CA66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73DAD11E-1E58-4E9C-9FDF-17C16E93EB1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{74CF7B48-F988-4079-BD99-A9F136E1E2DD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{77CDFDDA-3119-4ABA-B8E7-267FCC8BC58E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F57BAEF-4803-4499-B352-CCD6B6680C50}" = protocol=6 | dir=out | app=system |
"{817EA795-88DE-414E-B03E-3CECC8C6D961}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{902FBFC7-D567-4FB3-96EF-9AF9A7638C29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{973AEB83-BFB9-45F9-8B59-B7AD76D01099}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{9C34E2B1-F88D-4D79-B220-792B35542BED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7789495-399F-47DE-A93A-3504003B7D64}" = protocol=6 | dir=in | app=c:\users\ph\appdata\local\microsoft\skydrive\skydrive.exe |
"{B33D613A-7166-438D-8B90-21B9CAF8B673}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B6B23BAB-A91A-41F4-A94D-C8B699B98F8C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B9DFF597-4A19-4F3A-9C30-041D6B1B8B16}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFB4F1B8-45E6-4F17-90DB-8BEDD0ADB1AD}" = protocol=6 | dir=in | app=c:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe |
"{C53D224E-A2C3-49BF-A59F-FBDDF7668CE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C77AFCB1-9D88-441A-B989-51FBE1AEF749}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2FAEDEB-167D-44DD-ABB8-7241E2F13650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBA5C387-D0D0-4F5A-8553-6029AF46EE2E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E7984C89-9F2E-4A0D-A18E-3D96814969F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E7CCC1B1-2D33-46E9-8CCB-C65D752F9DB7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE61B5BC-3581-49FA-8262-7F7AC958B49D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1DA1152-0E15-43C0-943D-CFC478F8493D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"TCP Query User{8FE66A0E-1228-4181-B0E7-6E4B26138F65}C:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3457BA4E-3931-45AF-A6DE-2C0DF76D52AC}C:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ph\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A5F80AA-FCA7-41C5-BF1C-74727ECE1031}" = Nero 8 Essentials
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83721450-E604-4C37-ABEB-CE7F18C587C8}" = LightScribe Template Labeler
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E4B4330-1CE8-4725-9C7F-BD4CC995FF54}" = Garmin City Navigator Europe (Unicode) NT 2013.10 Update
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"8461-7759-5462-8226" = Vuze
"ACRYSH6_is1" = ArchiCrypt Shredder Version 6.0.2.5634
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Premium 2010
"Picasa 3" = Picasa 3
"Steam App 105430" = Age of Empires Online
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2394378626-3793514668-1418206493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.12.2012 14:29:10 | Computer Name = PH-Shuttle | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.12.2012 14:29:10 | Computer Name = PH-Shuttle | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10000
Error - 15.12.2012 14:29:10 | Computer Name = PH-Shuttle | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000
Error - 15.12.2012 18:14:00 | Computer Name = PH-Shuttle | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
Zeitstempel: 0x50b71a4b Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
Zeitstempel: 0x50b7198b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00144ed8 ID des fehlerhaften
Prozesses: 0x1354 Startzeit der fehlerhaften Anwendung: 0x01cddad66fc3afe2 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
b9bfc3a1-4704-11e2-9586-00301bbd7471
Error - 18.12.2012 17:21:38 | Computer Name = PH-Shuttle | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 20.12.2012 13:16:34 | Computer Name = PH-Shuttle | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 20.12.2012 13:40:19 | Computer Name = PH-Shuttle | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20.12.2012 13:40:19 | Computer Name = PH-Shuttle | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9797
Error - 20.12.2012 13:40:19 | Computer Name = PH-Shuttle | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9797
Error - 20.12.2012 16:13:06 | Computer Name = PH-Shuttle | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NMIndexStoreSvr.exe, Version: 3.3.8.0,
Zeitstempel: 0x4860cce5 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x07070707 ID des fehlerhaften
Prozesses: 0x878 Startzeit der fehlerhaften Anwendung: 0x01cddeee58ef2bd0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a9f5b3f7-4ae1-11e2-9538-00301bbd7471
[ System Events ]
Error - 15.12.2012 11:07:14 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 15.12.2012 11:07:14 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 18.12.2012 16:32:36 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 18.12.2012 16:32:36 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 19.12.2012 13:35:17 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 19.12.2012 13:35:17 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 20.12.2012 12:46:41 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 20.12.2012 12:46:41 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 20.12.2012 16:12:16 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 20.12.2012 16:12:16 | Computer Name = PH-Shuttle | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
< End of report >
|
|
20.12.2012, 21:31
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVIRA findet EXP/Dldr.Java.N Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 19:44
| #15 |
| | AVIRA findet EXP/Dldr.Java.N ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=cfcb8d84ec87bc4d9d2897aca90cf30e
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-21 06:02:33
# local_time=2012-12-21 07:02:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 8967 221536243 1749 0
# compatibility_mode=5893 16776574 100 94 2422117 107742803 0 0
# scanned=23776
# found=0
# cleaned=0
# scan_time=829
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.21.15 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 PH :: PH-SHUTTLE [Administrator] Schutz: Aktiviert 21.12.2012 18:38:06 mbam-log-2012-12-21 (18-38-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207362 Laufzeit: 2 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu AVIRA findet EXP/Dldr.Java.N |
| 7-zip, adobe, antivir, audacity, autorun, avg, avira, bho, bonjour, error, exp/dldr.java.n, explorer, firefox, flash player, format, gruppe, helper, home, install.exe, karte, kreditkarte, logfile, mozilla, plug-in, registry, richtlinie, rundll, scan, security, senden, svchost.exe, udp, version., windows |
Linear-Darstellung
