| |
| |||||||
Log-Analyse und Auswertung: recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.12.2012, 09:03
| #1 |
 |  recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden Hallo, wenn ich meine externe Festplatte anschließe kommt jedesmal eine Fehlermeldung: G:\RECYCLER\470a1245.exe" konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang. Habe den ESET Online Scan durchgeführt hier mein Log: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=163dcb1b50cf354780ad96f057cf2ae4 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-14 09:21:27 # local_time=2012-12-14 10:21:27 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1799 16775165 100 96 11012 220943377 7565 0 # compatibility_mode=5893 16776574 100 94 13246 107149937 0 0 # scanned=211403 # found=8 # cleaned=0 # scan_time=3657 G:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) B1707A4A33A56DCEFF1506B05667686313AD7A53 I G:\Bilder.lnk Win32/Dorkbot.D worm (unable to clean) 163DFB9A7BC45E5B2DA345E6029E73517F3BC28E I G:\Dokumente.lnk Win32/Dorkbot.D worm (unable to clean) F06B677559FD93DD4313A93ADA12F616740C464B I G:\eBooks.lnk Win32/Dorkbot.D worm (unable to clean) 6B2F310E049378B074145B7245CA8CDC66081CCB I G:\Musik.lnk Win32/Dorkbot.D worm (unable to clean) C70D960D5215D7B8A14E7521EC6695ED30BFAD5F I G:\System Volume Information.lnk Win32/Dorkbot.D worm (unable to clean) 6986A3F8216736E2091E8BDBC689AB0EB6009052 I G:\Videos.lnk Win32/Dorkbot.D worm (unable to clean) 99DA8775C1595F057B9FABC748E9751C8B44AF1B I G:\Youtube etc.lnk Win32/Dorkbot.D worm (unable to clean) 6161C08A2DAF147DC42791423956EEA8322E8F91 I Ich hoffe mir kann jemand helfen. mit freundlichen Grüßen |
|
17.12.2012, 19:14
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
18.12.2012, 20:19
| #3 |
| | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden Hi
__________________habe mein System mit Malwarebytes AntiMalware geprüft. Es kam leider zu keinem Fund. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.18.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Jan :: JAN-PC [Administrator] 18.12.2012 14:05:32 mbam-log-2012-12-18 (14-05-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 405144 Laufzeit: 1 Stunde(n), 20 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
18.12.2012, 23:16
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werdenZitat:
  Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.12.2012, 20:03
| #5 |
| | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werdenCode:
ATTFilter OTL logfile created on: 19.12.2012 19:46:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 56,66% Memory free 7,73 Gb Paging File | 6,13 Gb Available in Paging File | 79,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 92,77 Gb Total Space | 5,42 Gb Free Space | 5,85% Space Free | Partition Type: NTFS Drive D: | 205,22 Gb Total Space | 11,30 Gb Free Space | 5,50% Space Free | Partition Type: NTFS Drive E: | 85,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 698,63 Gb Total Space | 479,91 Gb Free Space | 68,69% Space Free | Partition Type: NTFS Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.19 19:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.11 04:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe PRC - [2012.10.10 19:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.05.30 16:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.2.0.18\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.12.13 17:59:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.09 17:40:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.11 04:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe -- (NCO) SRV - [2012.10.10 19:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe -- (NAV) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.17 17:17:48 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.11.01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012.10.08 18:00:02 | 000,776,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.10.04 03:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.sys -- (ccSet_NST) DRV:64bit: - [2012.10.03 18:40:36 | 001,133,216 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2012.10.03 18:40:20 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.sys -- (SymDS) DRV:64bit: - [2012.10.03 18:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.sys -- (ccSet_NAV) DRV:64bit: - [2012.09.06 19:05:14 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnets.sys -- (SymNetS) DRV:64bit: - [2012.09.06 18:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Ironx64.sys -- (SymIRON) DRV:64bit: - [2012.09.06 18:40:52 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.12.17 17:40:29 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121218.020\ex64.sys -- (NAVEX15) DRV - [2012.12.17 17:40:29 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.12.17 17:40:29 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.12.17 17:40:29 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121218.020\eng64.sys -- (NAVENG) DRV - [2012.12.14 17:12:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121218.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.11.30 00:13:05 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF D9 1E 6D CA D6 CD 01 [binary data] IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2012.12.17 17:18:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2012.12.19 14:05:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 17:40:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 17:40:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.19 14:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions [2012.12.13 17:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\mg2mqueh.default\extensions [2012.11.14 02:05:05 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\mg2mqueh.default\extensions\DivXWebPlayer@divx.com.xpi [2012.12.13 17:49:54 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\mg2mqueh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.12.09 17:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.09 17:40:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEF7CDEB-CB02-480D-A876-E30352C5E897}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.10 18:08:45 | 000,000,065 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell - "" = AutoRun O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell\AutoRun\command - "" = rundll32.exe url,FileProtocolHandler index.html O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.19 19:44:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2012.12.17 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes [2012.12.17 20:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.17 20:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.17 20:08:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.17 20:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.17 18:31:26 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\NPE [2012.12.17 17:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012.12.17 17:17:57 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012.12.17 17:17:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64 [2012.12.17 17:17:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012 [2012.12.17 17:17:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe [2012.12.17 17:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe [2012.12.17 17:17:48 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.12.17 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.12.17 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.12.17 17:17:28 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.sys [2012.12.17 17:17:28 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.sys [2012.12.17 17:17:28 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.sys [2012.12.17 17:17:28 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnets.sys [2012.12.17 17:17:28 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Ironx64.sys [2012.12.17 17:17:28 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.sys [2012.12.17 17:17:28 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.sys [2012.12.17 17:17:28 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymELAM.sys [2012.12.17 17:17:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64 [2012.12.17 17:17:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013 [2012.12.17 17:17:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus [2012.12.17 17:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus [2012.12.17 17:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.12.17 17:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.12.17 17:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012.12.17 17:15:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.17 16:51:45 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.17 16:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.12.17 16:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.12.16 17:44:18 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Three Six Mafia - Last 2 Walk [2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\WinRAR [2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.16 17:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2012.12.14 19:19:07 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Avira [2012.12.14 19:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.14 19:13:17 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.14 19:13:17 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.14 19:13:17 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.12.14 19:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.14 19:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.12.12 18:21:01 | 000,000,000 | ---D | C] -- C:\Neuer Ordner [2012.12.09 17:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.27 19:30:46 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Neuer Ordner ========== Files - Modified Within 30 Days ========== [2012.12.19 19:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2012.12.19 19:36:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.19 19:36:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.19 14:15:26 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 14:15:26 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 14:12:48 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.19 14:12:48 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.19 14:12:48 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.19 14:12:48 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.19 14:12:48 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.19 14:05:23 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys [2012.12.18 14:04:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.17 18:22:00 | 000,013,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\VT20121114.016 [2012.12.17 17:18:22 | 002,029,447 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Cat.DB [2012.12.17 17:17:48 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.12.17 17:17:48 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.12.17 17:17:48 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.12.17 17:17:41 | 000,002,473 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2012.12.17 16:51:45 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.15 08:51:22 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.14 19:13:33 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.02 19:31:02 | 000,079,762 | ---- | M] () -- C:\Users\Jan\Documents\Mediathek.xml [2012.11.20 18:42:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf ========== Files Created - No Company Name ========== [2012.12.17 20:09:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.17 18:22:12 | 000,013,946 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\VT20121114.016 [2012.12.17 17:18:12 | 002,029,447 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Cat.DB [2012.12.17 17:17:53 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.cat [2012.12.17 17:17:53 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.inf [2012.12.17 17:17:53 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\isolate.ini [2012.12.17 17:17:48 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.12.17 17:17:48 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.12.17 17:17:41 | 000,002,473 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2012.12.17 17:17:17 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA.inf [2012.12.17 17:17:17 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS.inf [2012.12.17 17:17:17 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymNet.inf [2012.12.17 17:17:17 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.inf [2012.12.17 17:17:17 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.inf [2012.12.17 17:17:17 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symELAM.inf [2012.12.17 17:17:17 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.inf [2012.12.17 17:17:17 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Iron.inf [2012.12.17 17:17:05 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymELAM64.cat [2012.12.17 17:17:05 | 000,009,103 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymVTcer.dat [2012.12.17 17:17:05 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.cat [2012.12.17 17:17:05 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.cat [2012.12.17 17:17:05 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.cat [2012.12.17 17:17:05 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnet64.cat [2012.12.17 17:17:05 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.cat [2012.12.17 17:17:05 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.cat [2012.12.17 17:17:05 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\iron.cat [2012.12.17 17:17:05 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\isolate.ini [2012.12.16 17:43:54 | 000,011,672 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArt_{EDA72DF6-1500-4258-8740-3E7AFE0DE3C7}_Large.jpg [2012.12.16 17:43:48 | 000,002,731 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArt_{EDA72DF6-1500-4258-8740-3E7AFE0DE3C7}_Small.jpg [2012.12.16 17:43:47 | 000,011,672 | -HS- | C] () -- C:\Users\Jan\Desktop\Folder.jpg [2012.12.16 17:43:47 | 000,002,731 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArtSmall.jpg [2012.12.14 19:13:33 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.12 20:57:04 | 1448,495,104 | ---- | C] () -- C:\Users\Jan\Desktop\Planet der Affen Prevolution.avi [2012.12.12 20:56:26 | 735,027,200 | ---- | C] () -- C:\Users\Jan\Desktop\Paul - Ein Alien auf der Flucht.avi [2012.12.02 19:31:02 | 000,079,762 | ---- | C] () -- C:\Users\Jan\Documents\Mediathek.xml [2012.11.24 01:45:02 | 005,778,848 | ---- | C] () -- C:\Users\Jan\Desktop\Waka Flocka- _Vest On_ (Feat. Wooh Da Kid & Nino Cahootz) YScRoll.mp3 [2012.11.24 01:45:02 | 002,829,278 | ---- | C] () -- C:\Users\Jan\Desktop\WC - This is Los Angeles.mp3 [2012.11.24 01:45:01 | 008,279,438 | ---- | C] () -- C:\Users\Jan\Desktop\Sigma & Logistics - Dreams To Reality.mp3 [2012.11.24 01:45:01 | 005,639,388 | ---- | C] () -- C:\Users\Jan\Desktop\Not Meant For Me - Queen Of The Damned [Wayne Static].mp3 [2012.11.24 01:45:01 | 005,424,317 | ---- | C] () -- C:\Users\Jan\Desktop\MOK - Undercover [MW].mp3 [2012.11.24 01:45:00 | 007,045,705 | ---- | C] () -- C:\Users\Jan\Desktop\Jessie J - Nobody's Perfect (Netsky Remix).mp3 [2012.11.24 01:45:00 | 004,559,246 | ---- | C] () -- C:\Users\Jan\Desktop\11 Titelnummer 11.wma [2012.11.24 01:45:00 | 001,660,886 | ---- | C] () -- C:\Users\Jan\Desktop\03 Titelnummer 3.wma [2012.11.20 18:42:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2012.10.17 17:45:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.19 16:02:39 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoft [2012.10.19 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.19 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenCandy [2012.10.19 16:03:01 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.17 18:02:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.17 18:33:22 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.10.17 18:01:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.12.12 18:49:38 | 000,000,000 | ---D | M] -- C:\Neuer Ordner [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.17 17:17:48 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.17 20:08:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.17 20:09:00 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.10.17 18:01:46 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.17 18:01:46 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.12.19 19:48:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.17 18:01:55 | 000,000,000 | R--D | M] -- C:\Users [2012.12.17 18:37:06 | 000,000,000 | ---D | M] -- C:\Windows < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.11.06 15:02:16 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Adobe [2012.10.19 14:21:39 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Apple Computer [2012.12.14 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Avira [2012.10.19 16:02:39 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoft [2012.10.19 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.17 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Identities [2012.10.17 18:17:38 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Macromedia [2012.12.17 20:09:15 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Media Center Programs [2012.10.19 16:02:59 | 000,000,000 | --SD | M] -- C:\Users\Jan\AppData\Roaming\Microsoft [2012.10.19 14:11:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Mozilla [2012.10.19 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenCandy [2012.10.19 16:03:01 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TuneUp Software [2012.12.16 17:43:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.09.24 20:17:24 | 027,448,224 | ---- | M] (TuneUp Software) -- C:\Users\Jan\AppData\Roaming\OpenCandy\711F7903E4AF407CB54BA5DEE11073FB\TuneUpUtilities2013_2200218_de-DE.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 20 bytes -> C:\Users\Jan\Desktop\Planet der Affen Prevolution.avi:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Jan\Desktop\Paul - Ein Alien auf der Flucht.avi:Mac_Metadata < End of report > |
|
19.12.2012, 23:25
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden |
|
20.12.2012, 19:28
| #7 |
| | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden Hier ist das logfile von aswMBR. Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-20 18:20:00
-----------------------------
18:20:00.060 OS Version: Windows x64 6.1.7600
18:20:00.060 Number of processors: 4 586 0x2502
18:20:00.060 ComputerName: JAN-PC UserName: Jan
18:20:02.780 Initialize success
18:21:11.075 AVAST engine defs: 12122000
18:30:29.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:30:29.715 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 11
18:30:29.735 Disk 0 MBR read successfully
18:30:29.735 Disk 0 MBR scan
18:30:29.795 Disk 0 Windows 7 default MBR code
18:30:29.815 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:30:29.835 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 95000 MB offset 206848
18:30:29.855 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 210143 MB offset 194766848
18:30:29.875 Disk 0 scanning C:\Windows\system32\drivers
18:30:39.999 Service scanning
18:31:03.273 Modules scanning
18:31:03.283 Disk 0 trace - called modules:
18:31:03.313 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:31:03.313 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bdf060]
18:31:03.323 3 CLASSPNP.SYS[fffff88001b0943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800491a3b0]
18:31:03.993 AVAST engine scan C:\Windows
18:31:05.583 AVAST engine scan C:\Windows\system32
18:33:58.240 AVAST engine scan C:\Windows\system32\drivers
18:34:10.232 AVAST engine scan C:\Users\Jan
18:36:55.665 AVAST engine scan C:\ProgramData
18:37:30.333 Scan finished successfully
18:43:51.060 Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
18:43:51.070 The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"
Hier ist das Logfile von tdsskiller: Code:
ATTFilter 19:02:13.0282 4000 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:02:13.0392 4000 ============================================================
19:02:13.0392 4000 Current date / time: 2012/12/20 19:02:13.0392
19:02:13.0392 4000 SystemInfo:
19:02:13.0392 4000
19:02:13.0392 4000 OS Version: 6.1.7600 ServicePack: 0.0
19:02:13.0392 4000 Product type: Workstation
19:02:13.0392 4000 ComputerName: JAN-PC
19:02:13.0392 4000 UserName: Jan
19:02:13.0392 4000 Windows directory: C:\Windows
19:02:13.0392 4000 System windows directory: C:\Windows
19:02:13.0392 4000 Running under WOW64
19:02:13.0407 4000 Processor architecture: Intel x64
19:02:13.0407 4000 Number of processors: 4
19:02:13.0407 4000 Page size: 0x1000
19:02:13.0407 4000 Boot type: Normal boot
19:02:13.0407 4000 ============================================================
19:02:15.0607 4000 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:02:15.0638 4000 Drive \Device\Harddisk2\DR2 - Size: 0xAEA8A00000 (698.63 Gb), SectorSize: 0x200, Cylinders: 0x16440, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:02:21.0332 4000 ============================================================
19:02:21.0332 4000 \Device\Harddisk0\DR0:
19:02:21.0348 4000 MBR partitions:
19:02:21.0348 4000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:02:21.0348 4000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xB98C000
19:02:21.0348 4000 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xB9BE800, BlocksNum 0x19A6F800
19:02:21.0348 4000 \Device\Harddisk2\DR2:
19:02:21.0348 4000 MBR partitions:
19:02:21.0348 4000 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57544800
19:02:21.0348 4000 ============================================================
19:02:21.0410 4000 C: <-> \Device\Harddisk0\DR0\Partition2
19:02:21.0441 4000 D: <-> \Device\Harddisk0\DR0\Partition3
19:02:21.0472 4000 G: <-> \Device\Harddisk2\DR2\Partition1
19:02:21.0472 4000 ============================================================
19:02:21.0472 4000 Initialize success
19:02:21.0472 4000 ============================================================
19:03:12.0578 1212 ============================================================
19:03:12.0578 1212 Scan started
19:03:12.0578 1212 Mode: Manual; SigCheck; TDLFS;
19:03:12.0578 1212 ============================================================
19:03:19.0146 1212 ================ Scan system memory ========================
19:03:19.0146 1212 System memory - ok
19:03:19.0146 1212 ================ Scan services =============================
19:03:19.0333 1212 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:03:19.0536 1212 1394ohci - ok
19:03:19.0676 1212 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:03:19.0739 1212 ACPI - ok
19:03:19.0770 1212 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:03:19.0879 1212 AcpiPmi - ok
19:03:20.0082 1212 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:20.0098 1212 AdobeARMservice - ok
19:03:20.0347 1212 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:03:20.0378 1212 AdobeFlashPlayerUpdateSvc - ok
19:03:20.0534 1212 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:03:20.0597 1212 adp94xx - ok
19:03:20.0690 1212 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:03:20.0753 1212 adpahci - ok
19:03:20.0831 1212 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:03:20.0862 1212 adpu320 - ok
19:03:20.0956 1212 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:03:21.0096 1212 AeLookupSvc - ok
19:03:21.0283 1212 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
19:03:21.0330 1212 AFD - ok
19:03:21.0377 1212 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:03:21.0408 1212 agp440 - ok
19:03:21.0455 1212 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:03:21.0626 1212 ALG - ok
19:03:21.0673 1212 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:03:21.0689 1212 aliide - ok
19:03:21.0845 1212 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:03:21.0938 1212 AMD External Events Utility - ok
19:03:21.0970 1212 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:03:21.0985 1212 amdide - ok
19:03:22.0079 1212 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:03:22.0141 1212 AmdK8 - ok
19:03:22.0157 1212 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:03:22.0282 1212 AmdPPM - ok
19:03:22.0406 1212 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:03:22.0438 1212 amdsata - ok
19:03:22.0609 1212 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:03:22.0672 1212 amdsbs - ok
19:03:22.0687 1212 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:03:22.0703 1212 amdxata - ok
19:03:22.0968 1212 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:03:22.0999 1212 AntiVirSchedulerService - ok
19:03:23.0171 1212 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:03:23.0202 1212 AntiVirService - ok
19:03:23.0327 1212 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
19:03:23.0420 1212 AppID - ok
19:03:23.0498 1212 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:03:23.0654 1212 AppIDSvc - ok
19:03:23.0748 1212 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
19:03:23.0795 1212 Appinfo - ok
19:03:23.0982 1212 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:03:24.0013 1212 Apple Mobile Device - ok
19:03:24.0044 1212 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:03:24.0060 1212 arc - ok
19:03:24.0076 1212 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:03:24.0091 1212 arcsas - ok
19:03:24.0122 1212 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:24.0169 1212 AsyncMac - ok
19:03:24.0185 1212 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:03:24.0200 1212 atapi - ok
19:03:24.0372 1212 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:24.0590 1212 atikmdag - ok
19:03:24.0637 1212 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:03:24.0731 1212 AudioEndpointBuilder - ok
19:03:24.0762 1212 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:03:24.0809 1212 AudioSrv - ok
19:03:24.0840 1212 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:03:24.0871 1212 avgntflt - ok
19:03:24.0902 1212 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:03:24.0918 1212 avipbb - ok
19:03:24.0918 1212 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:03:24.0934 1212 avkmgr - ok
19:03:24.0965 1212 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:03:25.0012 1212 AxInstSV - ok
19:03:25.0058 1212 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:03:25.0090 1212 b06bdrv - ok
19:03:25.0152 1212 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:03:25.0199 1212 b57nd60a - ok
19:03:25.0277 1212 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:03:25.0355 1212 BCM43XX - ok
19:03:25.0417 1212 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:03:25.0464 1212 BDESVC - ok
19:03:25.0511 1212 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:03:25.0604 1212 Beep - ok
19:03:25.0667 1212 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
19:03:25.0745 1212 BFE - ok
19:03:25.0948 1212 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
19:03:26.0026 1212 BHDrvx64 - ok
19:03:26.0088 1212 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
19:03:26.0197 1212 BITS - ok
19:03:26.0244 1212 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:03:26.0291 1212 blbdrive - ok
19:03:26.0369 1212 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:03:26.0400 1212 Bonjour Service - ok
19:03:26.0447 1212 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:03:26.0478 1212 bowser - ok
19:03:26.0540 1212 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:03:26.0587 1212 BrFiltLo - ok
19:03:26.0603 1212 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:03:26.0618 1212 BrFiltUp - ok
19:03:26.0665 1212 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
19:03:26.0728 1212 Browser - ok
19:03:26.0743 1212 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:03:26.0806 1212 Brserid - ok
19:03:26.0821 1212 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:26.0868 1212 BrSerWdm - ok
19:03:26.0899 1212 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:26.0962 1212 BrUsbMdm - ok
19:03:26.0977 1212 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:27.0024 1212 BrUsbSer - ok
19:03:27.0024 1212 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:03:27.0055 1212 BTHMODEM - ok
19:03:27.0118 1212 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:03:27.0196 1212 bthserv - ok
19:03:27.0274 1212 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NAV C:\Windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys
19:03:27.0305 1212 ccSet_NAV - ok
19:03:27.0336 1212 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NST C:\Windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys
19:03:27.0352 1212 ccSet_NST - ok
19:03:27.0398 1212 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:03:27.0570 1212 cdfs - ok
19:03:27.0617 1212 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:03:27.0664 1212 cdrom - ok
19:03:27.0710 1212 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
19:03:27.0788 1212 CertPropSvc - ok
19:03:27.0835 1212 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:03:27.0898 1212 circlass - ok
19:03:27.0944 1212 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:03:27.0976 1212 CLFS - ok
19:03:28.0054 1212 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:28.0085 1212 clr_optimization_v2.0.50727_32 - ok
19:03:28.0163 1212 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:03:28.0178 1212 clr_optimization_v2.0.50727_64 - ok
19:03:28.0256 1212 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:28.0288 1212 clr_optimization_v4.0.30319_32 - ok
19:03:28.0350 1212 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:03:28.0381 1212 clr_optimization_v4.0.30319_64 - ok
19:03:28.0412 1212 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:28.0459 1212 CmBatt - ok
19:03:28.0522 1212 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:03:28.0553 1212 cmdide - ok
19:03:28.0600 1212 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
19:03:28.0662 1212 CNG - ok
19:03:28.0678 1212 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:03:28.0693 1212 Compbatt - ok
19:03:28.0709 1212 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:03:28.0740 1212 CompositeBus - ok
19:03:28.0740 1212 COMSysApp - ok
19:03:28.0771 1212 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:03:28.0771 1212 crcdisk - ok
19:03:28.0818 1212 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:03:28.0896 1212 CryptSvc - ok
19:03:28.0943 1212 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:03:28.0974 1212 dc3d - ok
19:03:29.0021 1212 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:03:29.0099 1212 DcomLaunch - ok
19:03:29.0130 1212 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:03:29.0192 1212 defragsvc - ok
19:03:29.0224 1212 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:03:29.0270 1212 DfsC - ok
19:03:29.0302 1212 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
19:03:29.0348 1212 Dhcp - ok
19:03:29.0395 1212 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:03:29.0473 1212 discache - ok
19:03:29.0520 1212 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:03:29.0551 1212 Disk - ok
19:03:29.0582 1212 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:03:29.0614 1212 Dnscache - ok
19:03:29.0645 1212 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
19:03:29.0738 1212 dot3svc - ok
19:03:29.0754 1212 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
19:03:29.0816 1212 DPS - ok
19:03:29.0848 1212 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:03:29.0863 1212 drmkaud - ok
19:03:29.0926 1212 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:03:29.0988 1212 DXGKrnl - ok
19:03:30.0004 1212 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:03:30.0066 1212 EapHost - ok
19:03:30.0175 1212 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:03:30.0284 1212 ebdrv - ok
19:03:30.0362 1212 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:03:30.0409 1212 eeCtrl - ok
19:03:30.0425 1212 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
19:03:30.0487 1212 EFS - ok
19:03:30.0581 1212 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:03:30.0659 1212 ehRecvr - ok
19:03:30.0690 1212 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:03:30.0721 1212 ehSched - ok
19:03:30.0784 1212 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:03:30.0830 1212 elxstor - ok
19:03:30.0877 1212 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:03:30.0893 1212 EraserUtilRebootDrv - ok
19:03:30.0908 1212 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:03:30.0940 1212 ErrDev - ok
19:03:30.0986 1212 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:03:31.0064 1212 EventSystem - ok
19:03:31.0080 1212 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:03:31.0142 1212 exfat - ok
19:03:31.0174 1212 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:03:31.0236 1212 fastfat - ok
19:03:31.0283 1212 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
19:03:31.0361 1212 Fax - ok
19:03:31.0361 1212 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:03:31.0392 1212 fdc - ok
19:03:31.0439 1212 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:03:31.0501 1212 fdPHost - ok
19:03:31.0517 1212 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:03:31.0564 1212 FDResPub - ok
19:03:31.0610 1212 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:03:31.0642 1212 FileInfo - ok
19:03:31.0657 1212 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:03:31.0704 1212 Filetrace - ok
19:03:31.0704 1212 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:03:31.0735 1212 flpydisk - ok
19:03:31.0766 1212 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:03:31.0782 1212 FltMgr - ok
19:03:31.0876 1212 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
19:03:32.0000 1212 FontCache - ok
19:03:32.0047 1212 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:03:32.0063 1212 FontCache3.0.0.0 - ok
19:03:32.0094 1212 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:03:32.0094 1212 FsDepends - ok
19:03:32.0297 1212 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:03:32.0359 1212 Fs_Rec - ok
19:03:32.0515 1212 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:03:32.0546 1212 fvevol - ok
19:03:32.0593 1212 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:03:32.0609 1212 gagp30kx - ok
19:03:32.0749 1212 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:03:32.0765 1212 GEARAspiWDM - ok
19:03:33.0139 1212 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
19:03:33.0202 1212 gpsvc - ok
19:03:33.0217 1212 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:03:33.0264 1212 hcw85cir - ok
19:03:33.0295 1212 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:03:33.0358 1212 HdAudAddService - ok
19:03:33.0404 1212 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:03:33.0451 1212 HDAudBus - ok
19:03:33.0451 1212 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:03:33.0482 1212 HidBatt - ok
19:03:33.0514 1212 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:03:33.0545 1212 HidBth - ok
19:03:33.0560 1212 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:03:33.0576 1212 HidIr - ok
19:03:33.0607 1212 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:03:33.0701 1212 hidserv - ok
19:03:33.0732 1212 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:03:33.0779 1212 HidUsb - ok
19:03:33.0794 1212 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:03:33.0888 1212 hkmsvc - ok
19:03:33.0904 1212 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:03:33.0966 1212 HomeGroupListener - ok
19:03:33.0997 1212 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:03:34.0028 1212 HomeGroupProvider - ok
19:03:34.0075 1212 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:03:34.0106 1212 HpSAMD - ok
19:03:34.0138 1212 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:03:34.0216 1212 HTTP - ok
19:03:34.0247 1212 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:03:34.0262 1212 hwpolicy - ok
19:03:34.0278 1212 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:03:34.0294 1212 i8042prt - ok
19:03:34.0340 1212 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:03:34.0372 1212 iaStorV - ok
19:03:34.0450 1212 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:03:34.0512 1212 idsvc - ok
19:03:34.0606 1212 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121219.001\IDSvia64.sys
19:03:34.0652 1212 IDSVia64 - ok
19:03:34.0684 1212 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:03:34.0699 1212 iirsp - ok
19:03:34.0746 1212 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
19:03:34.0840 1212 IKEEXT - ok
19:03:34.0840 1212 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:03:34.0855 1212 intelide - ok
19:03:34.0871 1212 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:03:34.0902 1212 intelppm - ok
19:03:34.0933 1212 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:03:34.0996 1212 IPBusEnum - ok
19:03:35.0011 1212 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:35.0074 1212 IpFilterDriver - ok
19:03:35.0120 1212 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:03:35.0230 1212 iphlpsvc - ok
19:03:35.0230 1212 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:03:35.0261 1212 IPMIDRV - ok
19:03:35.0276 1212 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:03:35.0339 1212 IPNAT - ok
19:03:35.0370 1212 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:03:35.0401 1212 iPod Service - ok
19:03:35.0432 1212 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:03:35.0448 1212 IRENUM - ok
19:03:35.0448 1212 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:03:35.0464 1212 isapnp - ok
19:03:35.0495 1212 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:03:35.0510 1212 iScsiPrt - ok
19:03:35.0526 1212 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:03:35.0542 1212 kbdclass - ok
19:03:35.0573 1212 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:03:35.0588 1212 kbdhid - ok
19:03:35.0604 1212 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
19:03:35.0620 1212 KeyIso - ok
19:03:35.0635 1212 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:03:35.0651 1212 KSecDD - ok
19:03:35.0666 1212 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:03:35.0682 1212 KSecPkg - ok
19:03:35.0698 1212 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:03:35.0744 1212 ksthunk - ok
19:03:35.0776 1212 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:03:35.0854 1212 KtmRm - ok
19:03:35.0885 1212 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:03:35.0963 1212 LanmanServer - ok
19:03:35.0994 1212 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:03:36.0072 1212 LanmanWorkstation - ok
19:03:36.0119 1212 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:03:36.0197 1212 lltdio - ok
19:03:36.0228 1212 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:03:36.0322 1212 lltdsvc - ok
19:03:36.0353 1212 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:03:36.0400 1212 lmhosts - ok
19:03:36.0446 1212 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:03:36.0462 1212 LSI_FC - ok
19:03:36.0478 1212 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:03:36.0493 1212 LSI_SAS - ok
19:03:36.0493 1212 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:03:36.0509 1212 LSI_SAS2 - ok
19:03:36.0509 1212 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:03:36.0524 1212 LSI_SCSI - ok
19:03:36.0540 1212 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:03:36.0618 1212 luafv - ok
19:03:36.0649 1212 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:03:36.0696 1212 Mcx2Svc - ok
19:03:36.0712 1212 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:03:36.0727 1212 megasas - ok
19:03:36.0743 1212 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:03:36.0758 1212 MegaSR - ok
19:03:36.0774 1212 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:03:36.0836 1212 MMCSS - ok
19:03:36.0868 1212 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:03:36.0946 1212 Modem - ok
19:03:37.0024 1212 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:03:37.0070 1212 monitor - ok
19:03:37.0164 1212 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:03:37.0211 1212 mouclass - ok
19:03:37.0289 1212 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:03:37.0398 1212 mouhid - ok
19:03:37.0429 1212 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:03:37.0445 1212 mountmgr - ok
19:03:37.0476 1212 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:03:37.0507 1212 MozillaMaintenance - ok
19:03:37.0538 1212 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:03:37.0554 1212 mpio - ok
19:03:37.0570 1212 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:03:37.0632 1212 mpsdrv - ok
19:03:37.0679 1212 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:03:37.0772 1212 MpsSvc - ok
19:03:37.0804 1212 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:03:37.0835 1212 MRxDAV - ok
19:03:37.0850 1212 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:37.0882 1212 mrxsmb - ok
19:03:37.0913 1212 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:37.0944 1212 mrxsmb10 - ok
19:03:37.0960 1212 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:37.0991 1212 mrxsmb20 - ok
19:03:38.0006 1212 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
19:03:38.0038 1212 msahci - ok
19:03:38.0053 1212 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:03:38.0069 1212 msdsm - ok
19:03:38.0116 1212 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:03:38.0147 1212 MSDTC - ok
19:03:38.0162 1212 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:03:38.0209 1212 Msfs - ok
19:03:38.0225 1212 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:03:38.0287 1212 mshidkmdf - ok
19:03:38.0303 1212 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:03:38.0318 1212 msisadrv - ok
19:03:38.0381 1212 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:03:38.0443 1212 MSiSCSI - ok
19:03:38.0459 1212 msiserver - ok
19:03:38.0474 1212 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:03:38.0537 1212 MSKSSRV - ok
19:03:38.0537 1212 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:38.0584 1212 MSPCLOCK - ok
19:03:38.0599 1212 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:03:38.0662 1212 MSPQM - ok
19:03:38.0693 1212 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:03:38.0708 1212 MsRPC - ok
19:03:38.0724 1212 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:03:38.0740 1212 mssmbios - ok
19:03:38.0755 1212 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:03:38.0818 1212 MSTEE - ok
19:03:38.0818 1212 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:03:38.0849 1212 MTConfig - ok
19:03:38.0849 1212 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:03:38.0864 1212 Mup - ok
19:03:38.0911 1212 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
19:03:39.0005 1212 napagent - ok
19:03:39.0052 1212 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:03:39.0130 1212 NativeWifiP - ok
19:03:39.0301 1212 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NAV C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
19:03:39.0317 1212 NAV - ok
19:03:39.0395 1212 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121220.004\ENG64.SYS
19:03:39.0426 1212 NAVENG - ok
19:03:39.0504 1212 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121220.004\EX64.SYS
19:03:39.0598 1212 NAVEX15 - ok
19:03:39.0691 1212 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NCO C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
19:03:39.0722 1212 NCO - ok
19:03:39.0754 1212 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:03:39.0800 1212 NDIS - ok
19:03:39.0832 1212 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:03:39.0878 1212 NdisCap - ok
19:03:39.0941 1212 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:40.0003 1212 NdisTapi - ok
19:03:40.0019 1212 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:40.0081 1212 Ndisuio - ok
19:03:40.0112 1212 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:40.0175 1212 NdisWan - ok
19:03:40.0190 1212 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:03:40.0268 1212 NDProxy - ok
19:03:40.0284 1212 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:03:40.0346 1212 NetBIOS - ok
19:03:40.0362 1212 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:03:40.0424 1212 NetBT - ok
19:03:40.0456 1212 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
19:03:40.0456 1212 Netlogon - ok
19:03:40.0487 1212 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:03:40.0549 1212 Netman - ok
19:03:40.0565 1212 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:03:40.0612 1212 netprofm - ok
19:03:40.0643 1212 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:03:40.0658 1212 NetTcpPortSharing - ok
19:03:40.0690 1212 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:03:40.0705 1212 nfrd960 - ok
19:03:40.0752 1212 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:03:40.0814 1212 NlaSvc - ok
19:03:40.0830 1212 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:03:40.0908 1212 Npfs - ok
19:03:40.0939 1212 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:03:41.0017 1212 nsi - ok
19:03:41.0033 1212 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:03:41.0111 1212 nsiproxy - ok
19:03:41.0173 1212 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:03:41.0267 1212 Ntfs - ok
19:03:41.0282 1212 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:03:41.0345 1212 Null - ok
19:03:41.0360 1212 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:03:41.0376 1212 nvraid - ok
19:03:41.0407 1212 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:03:41.0423 1212 nvstor - ok
19:03:41.0438 1212 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:03:41.0454 1212 nv_agp - ok
19:03:41.0470 1212 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:03:41.0501 1212 ohci1394 - ok
19:03:41.0516 1212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:03:41.0563 1212 p2pimsvc - ok
19:03:41.0579 1212 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:03:41.0610 1212 p2psvc - ok
19:03:41.0626 1212 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:03:41.0641 1212 Parport - ok
19:03:41.0672 1212 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:03:41.0688 1212 partmgr - ok
19:03:41.0688 1212 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:03:41.0719 1212 PcaSvc - ok
19:03:41.0750 1212 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
19:03:41.0766 1212 pci - ok
19:03:41.0782 1212 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:03:41.0797 1212 pciide - ok
19:03:41.0813 1212 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:03:41.0844 1212 pcmcia - ok
19:03:41.0844 1212 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:03:41.0860 1212 pcw - ok
19:03:41.0891 1212 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:03:41.0969 1212 PEAUTH - ok
19:03:42.0218 1212 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:03:42.0250 1212 PerfHost - ok
19:03:42.0312 1212 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
19:03:42.0421 1212 pla - ok
19:03:42.0484 1212 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:03:42.0546 1212 PlugPlay - ok
19:03:42.0577 1212 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:03:42.0608 1212 PNRPAutoReg - ok
19:03:42.0624 1212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:03:42.0655 1212 PNRPsvc - ok
19:03:42.0686 1212 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:03:42.0780 1212 PolicyAgent - ok
19:03:42.0811 1212 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:03:42.0874 1212 Power - ok
19:03:42.0920 1212 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:03:42.0998 1212 PptpMiniport - ok
19:03:43.0014 1212 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:03:43.0045 1212 Processor - ok
19:03:43.0076 1212 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
19:03:43.0108 1212 ProfSvc - ok
19:03:43.0123 1212 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:03:43.0139 1212 ProtectedStorage - ok
19:03:43.0170 1212 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:03:43.0248 1212 Psched - ok
19:03:43.0295 1212 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:03:43.0357 1212 ql2300 - ok
19:03:43.0357 1212 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:03:43.0373 1212 ql40xx - ok
19:03:43.0404 1212 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:03:43.0435 1212 QWAVE - ok
19:03:43.0451 1212 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:03:43.0482 1212 QWAVEdrv - ok
19:03:43.0498 1212 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:03:43.0560 1212 RasAcd - ok
19:03:43.0591 1212 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:03:43.0638 1212 RasAgileVpn - ok
19:03:43.0654 1212 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:03:43.0716 1212 RasAuto - ok
19:03:43.0732 1212 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:43.0810 1212 Rasl2tp - ok
19:03:43.0841 1212 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
19:03:43.0934 1212 RasMan - ok
19:03:43.0966 1212 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:44.0012 1212 RasPppoe - ok
19:03:44.0044 1212 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:03:44.0106 1212 RasSstp - ok
19:03:44.0137 1212 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:03:44.0200 1212 rdbss - ok
19:03:44.0215 1212 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:03:44.0246 1212 rdpbus - ok
19:03:44.0262 1212 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:44.0309 1212 RDPCDD - ok
19:03:44.0340 1212 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:03:44.0402 1212 RDPENCDD - ok
19:03:44.0418 1212 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:03:44.0465 1212 RDPREFMP - ok
19:03:44.0496 1212 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:03:44.0527 1212 RDPWD - ok
19:03:44.0558 1212 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:03:44.0574 1212 rdyboost - ok
19:03:44.0621 1212 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:03:44.0683 1212 RemoteAccess - ok
19:03:44.0714 1212 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:03:44.0777 1212 RemoteRegistry - ok
19:03:44.0792 1212 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:03:44.0855 1212 RpcEptMapper - ok
19:03:44.0886 1212 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:03:44.0933 1212 RpcLocator - ok
19:03:44.0964 1212 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
19:03:45.0026 1212 RpcSs - ok
19:03:45.0058 1212 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:03:45.0136 1212 rspndr - ok
19:03:45.0182 1212 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:03:45.0214 1212 RTL8167 - ok
19:03:45.0229 1212 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
19:03:45.0245 1212 SamSs - ok
19:03:45.0260 1212 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:03:45.0276 1212 sbp2port - ok
19:03:45.0307 1212 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:03:45.0385 1212 SCardSvr - ok
19:03:45.0385 1212 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:03:45.0448 1212 scfilter - ok
19:03:45.0494 1212 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
19:03:45.0572 1212 Schedule - ok
19:03:45.0619 1212 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:03:45.0666 1212 SCPolicySvc - ok
19:03:45.0682 1212 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:03:45.0728 1212 SDRSVC - ok
19:03:45.0775 1212 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:03:45.0853 1212 secdrv - ok
19:03:45.0853 1212 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
19:03:45.0916 1212 seclogon - ok
19:03:45.0947 1212 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:03:46.0009 1212 SENS - ok
19:03:46.0025 1212 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:03:46.0072 1212 SensrSvc - ok
19:03:46.0072 1212 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:03:46.0103 1212 Serenum - ok
19:03:46.0118 1212 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:03:46.0134 1212 Serial - ok
19:03:46.0150 1212 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:03:46.0181 1212 sermouse - ok
19:03:46.0212 1212 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
19:03:46.0274 1212 SessionEnv - ok
19:03:46.0274 1212 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:03:46.0306 1212 sffdisk - ok
19:03:46.0306 1212 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:03:46.0337 1212 sffp_mmc - ok
19:03:46.0337 1212 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:03:46.0399 1212 sffp_sd - ok
19:03:46.0399 1212 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:03:46.0415 1212 sfloppy - ok
19:03:46.0462 1212 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:03:46.0540 1212 SharedAccess - ok
19:03:46.0571 1212 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:03:46.0602 1212 ShellHWDetection - ok
19:03:46.0633 1212 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:03:46.0649 1212 SiSRaid2 - ok
19:03:46.0649 1212 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:03:46.0664 1212 SiSRaid4 - ok
19:03:46.0696 1212 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:03:46.0758 1212 Smb - ok
19:03:46.0789 1212 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:03:46.0820 1212 SNMPTRAP - ok
19:03:46.0836 1212 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:03:46.0852 1212 spldr - ok
19:03:46.0883 1212 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
19:03:46.0945 1212 Spooler - ok
19:03:47.0054 1212 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
19:03:47.0210 1212 sppsvc - ok
19:03:47.0226 1212 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:03:47.0288 1212 sppuinotify - ok
19:03:47.0382 1212 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\system32\drivers\NAVx64\1402000.013\SRTSP64.SYS
19:03:47.0429 1212 SRTSP - ok
19:03:47.0429 1212 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\NAVx64\1402000.013\SRTSPX64.SYS
19:03:47.0444 1212 SRTSPX - ok
19:03:47.0507 1212 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:03:47.0554 1212 srv - ok
19:03:47.0585 1212 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:03:47.0616 1212 srv2 - ok
19:03:47.0647 1212 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:03:47.0694 1212 srvnet - ok
19:03:47.0741 1212 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:03:47.0834 1212 SSDPSRV - ok
19:03:47.0850 1212 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:03:47.0928 1212 SstpSvc - ok
19:03:47.0944 1212 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:03:47.0959 1212 stexstor - ok
19:03:48.0022 1212 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
19:03:48.0084 1212 stisvc - ok
19:03:48.0115 1212 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:03:48.0131 1212 swenum - ok
19:03:48.0146 1212 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:03:48.0224 1212 swprv - ok
19:03:48.0287 1212 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS
19:03:48.0318 1212 SymDS - ok
19:03:48.0349 1212 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS
19:03:48.0412 1212 SymEFA - ok
19:03:48.0443 1212 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:03:48.0458 1212 SymEvent - ok
19:03:48.0505 1212 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS
19:03:48.0536 1212 SymIRON - ok
19:03:48.0552 1212 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\NAVx64\1402000.013\SYMNETS.SYS
19:03:48.0568 1212 SymNetS - ok
19:03:48.0614 1212 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
19:03:48.0677 1212 SysMain - ok
19:03:48.0708 1212 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:03:48.0739 1212 TabletInputService - ok
19:03:48.0755 1212 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
19:03:48.0833 1212 TapiSrv - ok
19:03:48.0864 1212 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:03:48.0911 1212 TBS - ok
19:03:48.0989 1212 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:03:49.0067 1212 Tcpip - ok
19:03:49.0114 1212 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:03:49.0176 1212 TCPIP6 - ok
19:03:49.0192 1212 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:03:49.0238 1212 tcpipreg - ok
19:03:49.0270 1212 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:03:49.0301 1212 TDPIPE - ok
19:03:49.0332 1212 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:03:49.0394 1212 TDTCP - ok
19:03:49.0410 1212 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:03:49.0472 1212 tdx - ok
19:03:49.0504 1212 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:03:49.0519 1212 TermDD - ok
19:03:49.0566 1212 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
19:03:49.0628 1212 TermService - ok
19:03:49.0660 1212 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:03:49.0722 1212 Themes - ok
19:03:49.0738 1212 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:03:49.0784 1212 THREADORDER - ok
19:03:49.0800 1212 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:03:49.0862 1212 TrkWks - ok
19:03:49.0925 1212 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:03:49.0987 1212 TrustedInstaller - ok
19:03:50.0003 1212 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:50.0065 1212 tssecsrv - ok
19:03:50.0096 1212 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:03:50.0143 1212 tunnel - ok
19:03:50.0159 1212 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:03:50.0174 1212 uagp35 - ok
19:03:50.0190 1212 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:03:50.0237 1212 udfs - ok
19:03:50.0268 1212 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:03:50.0284 1212 UI0Detect - ok
19:03:50.0299 1212 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
19:03:50.0315 1212 uliagpkx - ok
19:03:50.0330 1212 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:03:50.0377 1212 umbus - ok
19:03:50.0377 1212 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:03:50.0408 1212 UmPass - ok
19:03:50.0440 1212 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:03:50.0486 1212 upnphost - ok
19:03:50.0518 1212 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:03:50.0533 1212 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
19:03:50.0533 1212 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
19:03:50.0564 1212 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:50.0611 1212 usbccgp - ok
19:03:50.0611 1212 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:03:50.0658 1212 usbcir - ok
19:03:50.0674 1212 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:03:50.0689 1212 usbehci - ok
19:03:50.0705 1212 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:03:50.0736 1212 usbhub - ok
19:03:50.0752 1212 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:03:50.0783 1212 usbohci - ok
19:03:50.0814 1212 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:03:50.0830 1212 usbprint - ok
19:03:50.0861 1212 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:50.0892 1212 USBSTOR - ok
19:03:50.0908 1212 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:03:50.0923 1212 usbuhci - ok
19:03:50.0954 1212 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:03:51.0001 1212 usbvideo - ok
19:03:51.0048 1212 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:03:51.0126 1212 UxSms - ok
19:03:51.0142 1212 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
19:03:51.0157 1212 VaultSvc - ok
19:03:51.0204 1212 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
19:03:51.0235 1212 vdrvroot - ok
19:03:51.0266 1212 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
19:03:51.0313 1212 vds - ok
19:03:51.0329 1212 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:51.0344 1212 vga - ok
19:03:51.0360 1212 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:03:51.0422 1212 VgaSave - ok
19:03:51.0422 1212 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:03:51.0438 1212 vhdmp - ok
19:03:51.0454 1212 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
19:03:51.0469 1212 viaide - ok
19:03:51.0485 1212 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
19:03:51.0500 1212 volmgr - ok
19:03:51.0516 1212 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:03:51.0547 1212 volmgrx - ok
19:03:51.0563 1212 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
19:03:51.0578 1212 volsnap - ok
19:03:51.0594 1212 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:03:51.0610 1212 vsmraid - ok
19:03:51.0672 1212 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
19:03:51.0750 1212 VSS - ok
19:03:51.0766 1212 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:03:51.0812 1212 vwifibus - ok
19:03:51.0828 1212 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:03:51.0890 1212 vwififlt - ok
19:03:51.0922 1212 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:03:52.0000 1212 W32Time - ok
19:03:52.0015 1212 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:03:52.0046 1212 WacomPen - ok
19:03:52.0078 1212 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:03:52.0124 1212 WANARP - ok
19:03:52.0140 1212 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:03:52.0187 1212 Wanarpv6 - ok
19:03:52.0234 1212 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
19:03:52.0327 1212 wbengine - ok
19:03:52.0358 1212 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:03:52.0374 1212 WbioSrvc - ok
19:03:52.0421 1212 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:03:52.0483 1212 wcncsvc - ok
19:03:52.0499 1212 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:03:52.0530 1212 WcsPlugInService - ok
19:03:52.0561 1212 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:03:52.0577 1212 Wd - ok
19:03:52.0608 1212 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:03:52.0670 1212 Wdf01000 - ok
19:03:52.0686 1212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:03:52.0702 1212 WdiServiceHost - ok
19:03:52.0717 1212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:03:52.0733 1212 WdiSystemHost - ok
19:03:52.0764 1212 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
19:03:52.0811 1212 WebClient - ok
19:03:52.0842 1212 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:03:52.0904 1212 Wecsvc - ok
19:03:52.0920 1212 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:03:52.0998 1212 wercplsupport - ok
19:03:53.0029 1212 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:03:53.0076 1212 WerSvc - ok
19:03:53.0123 1212 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:53.0185 1212 WfpLwf - ok
19:03:53.0201 1212 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:03:53.0216 1212 WIMMount - ok
19:03:53.0248 1212 WinDefend - ok
19:03:53.0248 1212 WinHttpAutoProxySvc - ok
19:03:53.0310 1212 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:03:53.0388 1212 Winmgmt - ok
19:03:53.0482 1212 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
19:03:53.0606 1212 WinRM - ok
19:03:53.0653 1212 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:03:53.0700 1212 WinUsb - ok
19:03:53.0747 1212 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:03:53.0809 1212 Wlansvc - ok
19:03:53.0840 1212 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:03:53.0856 1212 WmiAcpi - ok
19:03:53.0887 1212 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:03:53.0934 1212 wmiApSrv - ok
19:03:53.0981 1212 WMPNetworkSvc - ok
19:03:54.0012 1212 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:03:54.0059 1212 WPCSvc - ok
19:03:54.0074 1212 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:03:54.0106 1212 WPDBusEnum - ok
19:03:54.0137 1212 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:03:54.0215 1212 ws2ifsl - ok
19:03:54.0246 1212 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
19:03:54.0308 1212 wscsvc - ok
19:03:54.0324 1212 WSearch - ok
19:03:54.0402 1212 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:03:54.0527 1212 wuauserv - ok
19:03:54.0558 1212 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:03:54.0589 1212 WudfPf - ok
19:03:54.0620 1212 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:03:54.0652 1212 WUDFRd - ok
19:03:54.0698 1212 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:03:54.0730 1212 wudfsvc - ok
19:03:54.0761 1212 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:03:54.0792 1212 WwanSvc - ok
19:03:54.0823 1212 ================ Scan global ===============================
19:03:54.0839 1212 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:03:54.0870 1212 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
19:03:54.0901 1212 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
19:03:54.0932 1212 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:03:54.0964 1212 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:03:54.0964 1212 [Global] - ok
19:03:54.0964 1212 ================ Scan MBR ==================================
19:03:54.0979 1212 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:03:55.0479 1212 \Device\Harddisk0\DR0 - ok
19:04:00.0721 1212 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
19:04:00.0924 1212 \Device\Harddisk2\DR2 - ok
19:04:00.0924 1212 ================ Scan VBR ==================================
19:04:00.0924 1212 [ 749118F126242396FDF59BA6B491338F ] \Device\Harddisk0\DR0\Partition1
19:04:00.0924 1212 \Device\Harddisk0\DR0\Partition1 - ok
19:04:00.0971 1212 [ 4DBEC9BCD5021CB1F4EC1806486C0179 ] \Device\Harddisk0\DR0\Partition2
19:04:00.0971 1212 \Device\Harddisk0\DR0\Partition2 - ok
19:04:01.0002 1212 [ 5315844ADB8322A9D66E2ADD5108EDD6 ] \Device\Harddisk0\DR0\Partition3
19:04:01.0002 1212 \Device\Harddisk0\DR0\Partition3 - ok
19:04:01.0002 1212 [ 9019E3F1BB5A212EB8B92956DFDAD366 ] \Device\Harddisk2\DR2\Partition1
19:04:01.0017 1212 \Device\Harddisk2\DR2\Partition1 - ok
19:04:01.0017 1212 ============================================================
19:04:01.0017 1212 Scan finished
19:04:01.0017 1212 ============================================================
19:04:01.0033 4628 Detected object count: 1
19:04:01.0033 4628 Actual detected object count: 1
19:04:35.0915 4628 C:\Windows\system32\Drivers\usbaapl64.sys - copied to quarantine
19:04:35.0930 4628 HKLM\SYSTEM\ControlSet001\services\USBAAPL64 - will be deleted on reboot
19:04:35.0962 4628 HKLM\SYSTEM\ControlSet002\services\USBAAPL64 - will be deleted on reboot
19:04:36.0118 4628 C:\Windows\system32\Drivers\usbaapl64.sys - will be deleted on reboot
19:04:36.0118 4628 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Delete
mit freundlichen Grueßen Horras jan |
|
20.12.2012, 20:35
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden Na es stand doch extra da, dass du sichergehen sollst auf auf SKIP stehen zu haben Zitat:
 Du hast dir offensichtlich den Apple Mobile Device USB Driver gelöscht AFAIK hat der TDSS-Killer noch keine vernünftige Recovery-Funktion
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.12.2012, 21:10
| #9 |
| | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden Soll ich den Scan erneut durchfuehren! |
|
20.12.2012, 21:14
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden Was soll das jetzt bringen?! Die Datei wurde gelöscht! Wunder dich also nicht, wenn irgendeine Apple-Hardware über USB nicht mehr richtig funktioniert oder so adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.12.2012, 21:49
| #11 |
| | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werdenCode:
ATTFilter # AdwCleaner v2.101 - Datei am 20/12/2012 um 21:47:44 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : Jan - JAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\Jan\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\mg2mqueh.default\prefs.js
Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B972ce4c6-7e08-4474-a285[...]
*************************
AdwCleaner[R1].txt - [872 octets] - [20/12/2012 21:47:44]
########## EOF - C:\AdwCleaner[R1].txt - [931 octets] ##########
|
|
20.12.2012, 22:32
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2012, 13:07
| #13 |
| | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden Hier ist der Log von AdwCleaner: Code:
ATTFilter # AdwCleaner v2.101 - Datei am 21/12/2012 um 12:46:45 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : Jan - JAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Jan\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\mg2mqueh.default\prefs.js
C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\mg2mqueh.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B972ce4c6-7e08-4474-a285[...]
*************************
AdwCleaner[R1].txt - [999 octets] - [20/12/2012 21:47:44]
AdwCleaner[R2].txt - [1058 octets] - [20/12/2012 21:48:01]
AdwCleaner[S1].txt - [1754 octets] - [21/12/2012 12:46:45]
########## EOF - C:\AdwCleaner[S1].txt - [1814 octets] ##########
Code:
ATTFilter OTL logfile created on: 21.12.2012 12:54:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 65,86% Memory free 7,73 Gb Paging File | 6,36 Gb Available in Paging File | 82,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 92,77 Gb Total Space | 6,33 Gb Free Space | 6,83% Space Free | Partition Type: NTFS Drive D: | 205,22 Gb Total Space | 11,30 Gb Free Space | 5,50% Space Free | Partition Type: NTFS Drive E: | 85,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.2.0.18\wincfi39.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NCO) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (Symantec Corporation) SRV - (NAV) -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NAV) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnets.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Ironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.sys (Symantec Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121220.004\ex64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121220.004\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121219.001\IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF D9 1E 6D CA D6 CD 01 [binary data] IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1152932176-3179621756-3359021054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2012.12.17 17:18:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2012.12.21 12:48:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 17:40:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 17:40:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.19 14:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions [2012.12.21 00:52:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\mg2mqueh.default\extensions [2012.11.14 02:05:05 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\mg2mqueh.default\extensions\DivXWebPlayer@divx.com.xpi [2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\mg2mqueh.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012.12.13 17:49:54 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\mg2mqueh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.12.09 17:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.09 17:40:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEF7CDEB-CB02-480D-A876-E30352C5E897}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.10 18:08:45 | 000,000,065 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell - "" = AutoRun O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell\AutoRun\command - "" = rundll32.exe url,FileProtocolHandler index.html O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.21 00:52:16 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\PutLockerDownloader [2012.12.21 00:52:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com [2012.12.21 00:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie2KDownloader.com [2012.12.20 19:04:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.12.20 18:46:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jan\Desktop\tdsskiller.exe [2012.12.20 18:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.20 18:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.20 18:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.20 18:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.12.20 18:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.20 18:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.12.20 18:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.12.19 19:44:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2012.12.17 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes [2012.12.17 20:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.17 20:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.17 20:08:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.17 20:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.17 18:31:26 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\NPE [2012.12.17 17:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012.12.17 17:17:57 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012.12.17 17:17:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64 [2012.12.17 17:17:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012 [2012.12.17 17:17:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe [2012.12.17 17:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe [2012.12.17 17:17:48 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.12.17 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.12.17 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.12.17 17:17:28 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.sys [2012.12.17 17:17:28 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.sys [2012.12.17 17:17:28 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.sys [2012.12.17 17:17:28 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnets.sys [2012.12.17 17:17:28 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Ironx64.sys [2012.12.17 17:17:28 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.sys [2012.12.17 17:17:28 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.sys [2012.12.17 17:17:28 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymELAM.sys [2012.12.17 17:17:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64 [2012.12.17 17:17:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1402000.013 [2012.12.17 17:17:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus [2012.12.17 17:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus [2012.12.17 17:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.12.17 17:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.12.17 17:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012.12.17 17:15:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.17 16:51:45 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.17 16:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.12.17 16:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.12.16 17:44:18 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Three Six Mafia - Last 2 Walk [2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\WinRAR [2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.16 17:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.16 17:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2012.12.14 19:19:07 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Avira [2012.12.14 19:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.14 19:13:17 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.14 19:13:17 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.14 19:13:17 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.12.14 19:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.14 19:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.12.13 17:48:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.13 17:48:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.13 17:48:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.13 17:48:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.13 17:48:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.13 17:48:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.13 17:48:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.13 17:48:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.13 17:48:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.13 17:48:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.13 17:48:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.13 17:48:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.13 17:48:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.13 17:48:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.13 17:48:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 18:21:01 | 000,000,000 | ---D | C] -- C:\Neuer Ordner [2012.12.12 16:33:11 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.12 16:33:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.12 16:33:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.12 16:33:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.12 16:33:06 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 16:33:06 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 16:33:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 16:33:05 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 16:33:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 16:33:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 16:33:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 16:33:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 16:33:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 16:33:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 16:33:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 16:33:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 16:33:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 16:33:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 16:33:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 16:33:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 16:33:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 16:33:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 16:33:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 16:33:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 16:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 16:33:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 16:33:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 16:33:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 16:33:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 16:33:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 16:32:52 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 16:32:52 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.09 17:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.27 19:30:46 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Neuer Ordner ========== Files - Modified Within 30 Days ========== [2012.12.21 12:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.21 12:55:56 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 12:55:56 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 12:48:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.21 12:48:01 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys [2012.12.21 00:52:01 | 000,000,928 | ---- | M] () -- C:\Users\Jan\Desktop\Movie2KDownloader.lnk [2012.12.20 21:45:34 | 000,547,175 | ---- | M] () -- C:\Users\Jan\Desktop\adwcleaner.exe [2012.12.20 18:59:21 | 000,014,308 | ---- | M] () -- C:\Users\Jan\Desktop\Die-ultimative-Bourne-Collection.jpg [2012.12.20 18:45:56 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jan\Desktop\tdsskiller.exe [2012.12.20 18:43:51 | 000,000,512 | ---- | M] () -- C:\Users\Jan\Desktop\MBR.dat [2012.12.20 18:33:05 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.20 18:33:05 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.20 18:33:05 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.20 18:33:05 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.20 18:33:05 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.20 18:17:51 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.20 18:16:00 | 002,029,707 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Cat.DB [2012.12.19 19:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2012.12.18 14:04:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.17 18:22:00 | 000,013,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\VT20121114.016 [2012.12.17 17:17:48 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.12.17 17:17:48 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.12.17 17:17:48 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.12.17 17:17:41 | 000,002,473 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2012.12.17 16:51:45 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.15 08:51:22 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.14 19:13:33 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.13 17:59:24 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.13 17:59:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.02 19:31:02 | 000,079,762 | ---- | M] () -- C:\Users\Jan\Documents\Mediathek.xml ========== Files Created - No Company Name ========== [2012.12.21 00:52:01 | 000,000,928 | ---- | C] () -- C:\Users\Jan\Desktop\Movie2KDownloader.lnk [2012.12.20 21:46:31 | 000,547,175 | ---- | C] () -- C:\Users\Jan\Desktop\adwcleaner.exe [2012.12.20 18:59:20 | 000,014,308 | ---- | C] () -- C:\Users\Jan\Desktop\Die-ultimative-Bourne-Collection.jpg [2012.12.20 18:43:51 | 000,000,512 | ---- | C] () -- C:\Users\Jan\Desktop\MBR.dat [2012.12.20 18:17:51 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.17 20:09:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.17 18:22:12 | 000,013,946 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\VT20121114.016 [2012.12.17 17:18:12 | 002,029,707 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Cat.DB [2012.12.17 17:17:53 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.cat [2012.12.17 17:17:53 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\ccSetx64.inf [2012.12.17 17:17:53 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02000.012\isolate.ini [2012.12.17 17:17:48 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.12.17 17:17:48 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.12.17 17:17:41 | 000,002,473 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2012.12.17 17:17:17 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA.inf [2012.12.17 17:17:17 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS.inf [2012.12.17 17:17:17 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymNet.inf [2012.12.17 17:17:17 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.inf [2012.12.17 17:17:17 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.inf [2012.12.17 17:17:17 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symELAM.inf [2012.12.17 17:17:17 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.inf [2012.12.17 17:17:17 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\Iron.inf [2012.12.17 17:17:05 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymELAM64.cat [2012.12.17 17:17:05 | 000,009,103 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymVTcer.dat [2012.12.17 17:17:05 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\ccSetx64.cat [2012.12.17 17:17:05 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtspx64.cat [2012.12.17 17:17:05 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymEFA64.cat [2012.12.17 17:17:05 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\symnet64.cat [2012.12.17 17:17:05 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\srtsp64.cat [2012.12.17 17:17:05 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\SymDS64.cat [2012.12.17 17:17:05 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\iron.cat [2012.12.17 17:17:05 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1402000.013\isolate.ini [2012.12.16 17:43:54 | 000,011,672 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArt_{EDA72DF6-1500-4258-8740-3E7AFE0DE3C7}_Large.jpg [2012.12.16 17:43:48 | 000,002,731 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArt_{EDA72DF6-1500-4258-8740-3E7AFE0DE3C7}_Small.jpg [2012.12.16 17:43:47 | 000,011,672 | -HS- | C] () -- C:\Users\Jan\Desktop\Folder.jpg [2012.12.16 17:43:47 | 000,002,731 | -HS- | C] () -- C:\Users\Jan\Desktop\AlbumArtSmall.jpg [2012.12.14 19:13:33 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.12 20:57:04 | 1448,495,104 | ---- | C] () -- C:\Users\Jan\Desktop\Planet der Affen Prevolution.avi [2012.12.12 20:56:26 | 735,027,200 | ---- | C] () -- C:\Users\Jan\Desktop\Paul - Ein Alien auf der Flucht.avi [2012.12.02 19:31:02 | 000,079,762 | ---- | C] () -- C:\Users\Jan\Documents\Mediathek.xml [2012.11.24 01:45:02 | 005,778,848 | ---- | C] () -- C:\Users\Jan\Desktop\Waka Flocka- _Vest On_ (Feat. Wooh Da Kid & Nino Cahootz) YScRoll.mp3 [2012.11.24 01:45:02 | 002,829,278 | ---- | C] () -- C:\Users\Jan\Desktop\WC - This is Los Angeles.mp3 [2012.11.24 01:45:01 | 008,279,438 | ---- | C] () -- C:\Users\Jan\Desktop\Sigma & Logistics - Dreams To Reality.mp3 [2012.11.24 01:45:01 | 005,639,388 | ---- | C] () -- C:\Users\Jan\Desktop\Not Meant For Me - Queen Of The Damned [Wayne Static].mp3 [2012.11.24 01:45:01 | 005,424,317 | ---- | C] () -- C:\Users\Jan\Desktop\MOK - Undercover [MW].mp3 [2012.11.24 01:45:00 | 007,045,705 | ---- | C] () -- C:\Users\Jan\Desktop\Jessie J - Nobody's Perfect (Netsky Remix).mp3 [2012.11.24 01:45:00 | 004,559,246 | ---- | C] () -- C:\Users\Jan\Desktop\11 Titelnummer 11.wma [2012.11.24 01:45:00 | 001,660,886 | ---- | C] () -- C:\Users\Jan\Desktop\03 Titelnummer 3.wma [2012.10.17 17:45:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 20 bytes -> C:\Users\Jan\Desktop\Planet der Affen Prevolution.avi:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Jan\Desktop\Paul - Ein Alien auf der Flucht.avi:Mac_Metadata < End of report > [/code] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.12.2012 12:54:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 65,86% Memory free
7,73 Gb Paging File | 6,36 Gb Available in Paging File | 82,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92,77 Gb Total Space | 6,33 Gb Free Space | 6,83% Space Free | Partition Type: NTFS
Drive D: | 205,22 Gb Total Space | 11,30 Gb Free Space | 5,50% Space Free | Partition Type: NTFS
Drive E: | 85,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1152932176-3179621756-3359021054-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090D390F-7383-4361-BC8C-7D750A54563A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1519FACC-CDDE-4968-ACBE-E7C5CD2289B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{163BDE6E-6513-4A65-93FD-7F23AABE1168}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1AD17639-BA51-4D27-A279-E37508EE65B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2522A9E4-D5E4-4AA5-BD30-8F5082F3995D}" = lport=137 | protocol=17 | dir=in | app=system |
"{3CF23A67-EC67-46A2-8D04-1102693F3057}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43037F74-54EE-4DF4-9145-3B9086C6E445}" = rport=445 | protocol=6 | dir=out | app=system |
"{4F5091BA-61CF-40A9-A2D1-16E45516666B}" = rport=138 | protocol=17 | dir=out | app=system |
"{55E19928-50D9-4EC7-982D-02C225DFE7C8}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5804A873-0D06-4AB7-AD63-894A31EA07EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{583F5D8C-29E3-48D3-BACD-CFBF86904EDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6A0990C4-8BC5-4494-88D7-A9827867DDA8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6FCAEA55-2813-48F7-9136-58D2155A7DA6}" = lport=139 | protocol=6 | dir=in | app=system |
"{725F54EC-BEC3-4741-B547-4FF6557FD752}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7577B339-3831-4DEE-AFBB-742996802F22}" = rport=10243 | protocol=6 | dir=out | app=system |
"{75AD9964-1B48-4A8A-BFBB-89FDADCDE727}" = lport=445 | protocol=6 | dir=in | app=system |
"{78EA6B2F-C983-4081-9265-BBCDEB236E81}" = rport=2869 | protocol=6 | dir=out | app=system |
"{935615CB-24EE-42AC-8225-AFBC612A3B11}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94F1D51D-A72F-4C5B-A768-8C085C4D4638}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9EC62D18-48FD-414E-B7ED-29D60666EEA1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A05A23C2-CFDD-41AC-BB38-410C2AEA2DCD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD8BE20A-66AD-4089-8A24-86DE9EA1EDCD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE3D6F83-471E-49EF-A134-D3F99CA51E84}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BA2BB74E-2519-4A42-9E82-ED656BF2642F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD9FFC8D-CBC8-4A89-AEF8-AF59C3555B72}" = rport=139 | protocol=6 | dir=out | app=system |
"{BECC9570-0C93-474E-8855-F7FD0DDDF61D}" = lport=138 | protocol=17 | dir=in | app=system |
"{C43F72EB-6347-4BDC-B64C-EFAA881003E5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DD32FEA1-AAB2-4B17-B220-E81516186154}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FAD69325-DED4-44AB-8390-34403EEFD74C}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AF86CC-599B-4B9A-B690-5F3196940458}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{022B6BD1-1CA9-484E-AB2C-D42A6AD7B8DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{095092C4-68C8-479C-B3F7-84EC9284AA47}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B7B3A41-7E69-4908-9D0D-47FD9DFA0B34}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2761702F-F1B2-4A46-A200-D744AEA43C7F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A9C4EA2-3278-4444-A7C0-5A367540A806}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3EFA0FC5-A466-4454-905C-FFDD4B58B1E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{477EFF3C-04EE-49E7-A415-B10148772D98}" = protocol=6 | dir=out | app=system |
"{4B798E4F-E119-42AC-8441-D71EBF584E49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{56C602E2-5379-4174-870E-3C08C249D74F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5D6EE5DC-BA29-40FB-A659-4DE4EC59CFF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6ABB24FF-451B-489A-B0F0-6CBB8611130A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C12368A-4104-4623-BB78-13B7A953475F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D720D8B-1C00-4741-92AF-D91AA5A7F1A8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{85BC6C11-1EB8-466C-ACC2-CD71F865304D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{880F9D04-5AC0-4E97-87FD-6EB9AD6CF225}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9AD12504-C3A4-49EA-88B1-71777957ED89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9D8F5229-4A2A-4C28-A3FE-3CB3E0C3EC64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9DE91E1B-66AF-480E-9052-C0DCCEF8D0B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA6D711C-CE55-41BF-A06E-8F6C97BC708E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AD07F79C-8C08-419E-AB0A-0BE365B4A607}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C199F8B4-71A9-4DCF-82D4-F1C97D341286}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C72EB03E-0D6B-4302-B534-44C3CE74CE58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDABF81D-9C22-4E53-97A5-5FC709D47E7D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D05412D1-57DB-4D72-8667-6E7E5B63C836}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB864C12-5C75-4C18-A073-2C52AEBC0137}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E35FD4C5-2E6A-493F-B843-83FB4908E449}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E79F9584-6690-4247-8736-A0CAFBF3D545}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{EC04A782-B97A-4B73-9984-4A23A6AA8A99}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED22A261-4902-477B-A505-43DE347B12CB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F290FBD1-58F9-4839-9348-BB2F5323D1C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F61E0BAB-B50D-4F34-8771-A0D394C1FB2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"NST" = Norton Identity Safe
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.12.2012 04:58:44 | Computer Name = Jan-PC | Source = VSS | ID = 12305
Description =
Error - 15.12.2012 04:58:45 | Computer Name = Jan-PC | Source = VSS | ID = 12305
Description =
Error - 15.12.2012 05:32:50 | Computer Name = Jan-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\Jan\downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 16.12.2012 11:45:21 | Computer Name = Jan-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Jan\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 16.12.2012 18:51:45 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.12.2012 18:51:45 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11591
Error - 16.12.2012 18:51:45 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11591
Error - 18.12.2012 14:24:13 | Computer Name = Jan-PC | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error
Error - 19.12.2012 09:54:56 | Computer Name = Jan-PC | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error
Error - 21.12.2012 07:35:34 | Computer Name = Jan-PC | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error
[ System Events ]
Error - 20.12.2012 20:11:41 | Computer Name = Jan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 21.12.2012 07:25:17 | Computer Name = Jan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 21.12.2012 07:25:17 | Computer Name = Jan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 21.12.2012 07:25:17 | Computer Name = Jan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 21.12.2012 07:29:33 | Computer Name = Jan-PC | Source = ipnathlp | ID = 34001
Description =
Error - 21.12.2012 07:44:21 | Computer Name = Jan-PC | Source = DCOM | ID = 10010
Description =
Error - 21.12.2012 07:48:08 | Computer Name = Jan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 21.12.2012 07:48:08 | Computer Name = Jan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 21.12.2012 07:48:08 | Computer Name = Jan-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 21.12.2012 07:52:30 | Computer Name = Jan-PC | Source = ipnathlp | ID = 34001
Description =
< End of report >
[/code] |
|
22.12.2012, 19:54
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werdenFixen mit OTL
Code:
ATTFilter :OTL
O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell - "" = AutoRun
O33 - MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\Shell\AutoRun\command - "" = rundll32.exe url,FileProtocolHandler index.html
:Files
C:\Users\Jan\Desktop\Movie2*
C:\Users\Jan\Desktop\MBR.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.12.2012, 22:55
| #15 |
| | recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werdenCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ef58ea7-476e-11e2-b7cf-b8ac6f51561b}\ not found.
File G:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b545dbfc-1879-11e2-bcec-806e6f6e6963}\ not found.
File rundll32.exe url,FileProtocolHandler index.html not found.
========== FILES ==========
File\Folder C:\Users\Jan\Desktop\Movie2* not found.
File\Folder C:\Users\Jan\Desktop\MBR.dat not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jan\Desktop\cmd.bat deleted successfully.
C:\Users\Jan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 466069 bytes
->FireFox cache emptied: 398401217 bytes
->Flash cache emptied: 18962 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158083581 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46424169 bytes
RecycleBin emptied: 40078 bytes
Total Files Cleaned = 575,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 12222012_224305
Files\Folders moved on Reboot...
File\Folder C:\Users\Jan\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\mg2mqueh.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\mg2mqueh.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\mg2mqueh.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\mg2mqueh.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\mg2mqueh.default\_CACHE_CLEAN_ moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu recycler 470a1245.exe Ordner auf Festplatte kann nicht mehr geöffnet werden |
| downloader, durchgeführt, escan, eset, externe festplatte, fehlermeldung, festplatte, found, installer, log, namen, nicht mehr, online, onlinescan, ordner, platte, recycler, recycler\, richtig, scan, system, version, volume, worm, youtube |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
