| |
| |||||||
Log-Analyse und Auswertung: "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.12.2012, 18:02
| #1 |
| |  "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Guten Tag, ich habe die Forensuche schon nach meinem Problem bemüht und habe einige Threads gefunden, die meine Symptome beschreiben. Gemäß den 7 Goldenen Regeln habe ich mich aber entschieden, den dort aufgeführten Problembehandlungen nicht zu folgen, da es sich teilweise auch um 32bit Systeme und andere Vorraussetzungen handelte. Seit einiger Zeit wird mein Laptop immer langsamer. Zuerst habe ich das auf zunehmende Verschmutzung und zu viel belegtem Speicherplatz geschoben, allerdings leistete eine äußerliche und eine digitale "Säuberung" keine Abhilfe. Dann fiel mir auf, dass wie im Betreff beschrieben beim Systemstart "C:\Windows\System32\cmd.exe" ausgeführt (Frage am Rande: ist das die Konsole?) wird. Leider geht das so schnell, dass ich weder lesen kann, was genau dort ausgeführt wird noch die Screenshot-Taste drücken konnte. Ich kenne mich mit Viren, Trojanern und Schadsoftware leider nicht aus und möchte euch daher bitten, einmal einen Blick auf meine OTL- und Extras-Loggs zu werfen: OTL logfile created on: 16.12.2012 17:29:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NAME_GEÄNDERT\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,87 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 77,66% Memory free 15,73 Gb Paging File | 13,80 Gb Available in Paging File | 87,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,16 Gb Total Space | 51,06 Gb Free Space | 11,42% Space Free | Partition Type: NTFS Drive D: | 3,69 Gb Total Space | 2,84 Gb Free Space | 77,06% Space Free | Partition Type: FAT32 Computer Name: NAME_GEÄNDERT | User Name: NAME_GEÄNDERT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.16 17:27:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NAME_GEÄNDERT\Desktop\OTL.exe PRC - [2012.12.16 17:25:32 | 000,050,477 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Defogger.exe PRC - [2012.08.09 11:27:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.14 13:43:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.14 13:43:36 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.05.14 13:43:36 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.14 13:43:36 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.14 13:43:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.17 16:29:06 | 002,245,632 | ---- | M] () -- C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe PRC - [2010.06.25 09:08:30 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.03.11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.09.30 13:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 13:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.05 09:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe PRC - [2009.09.05 09:17:52 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe PRC - [2009.09.05 09:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe PRC - [2009.08.07 13:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.07 13:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Modules (No Company Name) ========== MOD - [2012.12.16 17:25:32 | 000,050,477 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Defogger.exe MOD - [2011.01.17 16:29:06 | 002,245,632 | ---- | M] () -- C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010.06.25 09:08:30 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010.05.27 05:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.03.09 01:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom) SRV:64bit: - [2010.02.26 18:58:06 | 000,783,392 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009.11.02 12:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012.12.13 12:30:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.14 13:43:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.14 13:43:36 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFireWallService) SRV - [2012.05.14 13:43:36 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.14 13:43:36 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.14 13:43:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.24 01:01:27 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.11.15 00:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.09.30 13:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.09.30 13:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.05 09:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2009.08.07 13:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.07 13:47:55 | 000,140,936 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2012.11.07 13:47:55 | 000,114,168 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.05.14 13:43:37 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.14 13:43:37 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.05.09 22:05:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2011.12.08 05:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.08 00:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.12.07 14:12:19 | 000,036,400 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.15 08:26:34 | 000,012,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\trustms.sys -- (trustms) DRV:64bit: - [2010.06.25 18:13:18 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.25 18:12:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.25 18:12:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.25 18:12:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.25 18:12:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.06.03 20:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.27 06:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.05.27 06:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.27 05:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.01.25 00:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2009.12.02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.11.02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.10.26 05:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.23 03:25:22 | 000,144,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.09.22 00:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009.09.21 03:20:48 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.03 11:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.08.07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.07 08:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.05.19 14:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid) DRV:64bit: - [2008.04.24 11:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma) DRV:64bit: - [2007.04.25 11:50:04 | 000,036,864 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2007.02.16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: ALone-live%40ya.ru:1.3.8 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B87eab3b7-a707-4459-99ae-c2fa06cfa36b%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\NAME_GEÄNDERT\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\NAME_GEÄNDERT\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.19 14:58:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.19 14:58:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 00:03:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.08 00:03:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.02 12:44:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.02.24 21:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\Extensions [2011.02.24 21:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.13 13:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\Firefox\Profiles\c050l76i.default\extensions [2012.08.05 11:03:26 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\Firefox\Profiles\c050l76i.default\extensions\ALone-live@ya.ru [2012.09.16 13:23:34 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\Firefox\Profiles\c050l76i.default\extensions\ich@maltegoetz.de [2012.12.13 13:05:41 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\extensions\firebug@software.joehewitt.com.xpi [2012.12.11 22:27:27 | 000,011,097 | ---- | M] () (No name found) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi [2011.12.19 15:25:26 | 000,000,933 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\11-suche.xml [2011.12.19 15:25:26 | 000,002,419 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\englische-ergebnisse.xml [2011.12.19 15:25:26 | 000,010,525 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\gmx-suche.xml [2011.04.25 08:54:12 | 000,003,312 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\kinoto.xml [2011.12.19 15:25:26 | 000,002,457 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\lastminute.xml [2011.12.19 15:25:26 | 000,005,508 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\webde-suche.xml [2011.04.03 13:16:21 | 000,001,328 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\wikipedia-de.xml [2011.11.20 22:34:31 | 000,002,168 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\youtube-videosuche.xml [2012.12.08 00:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.08 00:03:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.08 00:03:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C050L76I.DEFAULT\EXTENSIONS\{87EAB3B7-A707-4459-99AE-C2FA06CFA36B}.XPI File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C050L76I.DEFAULT\EXTENSIONS\ALONE-LIVE@YA.RU File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C050L76I.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE [2012.12.08 00:03:14 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 21:43:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 14:04:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 21:43:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 21:43:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 21:43:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 21:43:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.01 14:46:27 | 000,001,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Trust Gaming Mouse] C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe () O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\NAME_GEÄNDERT\AppData\Local\Akamai\netsession_win.exe File not found O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [Google Update] "C:\Users\NAME_GEÄNDERT\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\NAME_GEÄNDERT\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C3FF725-A739-4FC4-8EFB-A011845BBEA2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.24 20:48:54 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{ad0f8237-fc73-11e0-b8b3-18f46abbc8bd}\Shell - "" = AutoRun O33 - MountPoints2\{ad0f8237-fc73-11e0-b8b3-18f46abbc8bd}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{ad0f823d-fc73-11e0-b8b3-18f46abbc8bd}\Shell - "" = AutoRun O33 - MountPoints2\{ad0f823d-fc73-11e0-b8b3-18f46abbc8bd}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{c6d86f2b-2eda-11e0-b5e1-18f46abbc8bd}\Shell - "" = AutoRun O33 - MountPoints2\{c6d86f2b-2eda-11e0-b5e1-18f46abbc8bd}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{e0240958-78e8-11e1-b867-1c750840180a}\Shell - "" = AutoRun O33 - MountPoints2\{e0240958-78e8-11e1-b867-1c750840180a}\Shell\AutoRun\command - "" = D:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.16 17:27:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\NAME_GEÄNDERT\Desktop\OTL.exe [2012.12.16 17:04:29 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\NAME_GEÄNDERT\Desktop\HijackThis.exe [2012.12.14 17:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.12.14 17:30:36 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Local\Google [2012.12.14 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\Desktop\two door cinema club [2012.12.13 19:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metro 2033 [2012.12.13 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\Desktop\Aufgabe Mu nkershu ttenplatz [2012.12.13 12:09:44 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2012.12.08 00:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.02 23:01:53 | 004,702,459 | ---- | C] (FileZilla Project) -- C:\Users\NAME_GEÄNDERT\Desktop\FileZilla_3.6.0.2_win32-setup.exe [2012.12.02 22:22:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.12.02 22:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.02 22:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.12.02 22:12:24 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Apple Computer [2012.12.02 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1 [2012.12.02 12:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.02 12:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.12.02 12:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.12.02 12:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.12.02 12:42:19 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Local\Apple [2012.12.02 12:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.12.02 12:03:13 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Local\Macromedia [2012.11.30 15:09:05 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Local\EgisTec IPS [2012.11.29 20:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.11.29 20:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.11.29 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.11.29 20:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.11.29 20:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.11.29 20:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.11.29 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.11.29 20:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.11.20 21:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2012.11.20 21:31:52 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Audacity [2012.11.20 21:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2012.11.20 21:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar [2012.11.20 21:21:40 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\TuneUp Software [2012.11.20 21:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.11.20 21:21:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.11.20 21:21:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.11.20 20:17:33 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder [2012.11.20 20:01:24 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Local\Spotify [2012.11.20 20:00:41 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Spotify [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\NAME_GEÄNDERT\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\NAME_GEÄNDERT\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\NAME_GEÄNDERT\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\NAME_GEÄNDERT\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2012.12.16 17:31:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2347292157-3042307878-621166202-1000UA.job [2012.12.16 17:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.16 17:27:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NAME_GEÄNDERT\Desktop\OTL.exe [2012.12.16 17:26:25 | 000,000,000 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\defogger_reenable [2012.12.16 17:25:32 | 000,050,477 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Defogger.exe [2012.12.16 17:21:22 | 000,312,506 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.jpg [2012.12.16 17:21:22 | 000,014,516 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\recently-used.xbel [2012.12.16 17:21:13 | 000,654,611 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.png [2012.12.16 17:20:07 | 006,221,923 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.xcf [2012.12.16 17:08:38 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.16 17:08:38 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.16 17:08:38 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.16 17:08:38 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.16 17:08:38 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.16 17:06:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.16 17:06:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.16 17:04:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\NAME_GEÄNDERT\Desktop\HijackThis.exe [2012.12.16 16:58:47 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.16 16:57:28 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.12.16 16:57:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.16 16:57:01 | 2039,566,335 | -HS- | M] () -- C:\hiberfil.sys [2012.12.14 18:35:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.14 16:53:22 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.12.14 14:31:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2347292157-3042307878-621166202-1000Core.job [2012.12.13 19:08:05 | 000,000,221 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Metro 2033.url [2012.12.13 18:48:59 | 074,331,423 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\metro2033.exe [2012.12.13 18:20:59 | 000,000,287 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\VersionChecker_17.xml [2012.12.13 17:47:28 | 008,196,545 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Tatorte_Städtebau_M14_ws_12_13.pdf [2012.12.13 16:46:01 | 000,468,797 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Aufgabe Mu nkershu ttenplatz .zip [2012.12.13 16:45:49 | 000,038,277 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\121217_4.2.Ue9.pdf [2012.12.13 12:13:04 | 005,200,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.11 23:21:21 | 000,039,204 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Protokoll_12_12_10.pdf [2012.12.11 22:42:14 | 000,007,597 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\Resmon.ResmonCfg [2012.12.11 20:20:44 | 000,225,402 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\spbg.png [2012.12.11 19:13:20 | 000,040,975 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\6155157840.jpg [2012.12.07 20:02:02 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT [2012.12.07 20:00:47 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT [2012.12.07 19:34:13 | 000,026,193 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\98804719.png [2012.12.03 22:52:55 | 000,073,613 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Protokoll_12_12_03.pdf [2012.12.02 23:02:13 | 004,702,459 | ---- | M] (FileZilla Project) -- C:\Users\NAME_GEÄNDERT\Desktop\FileZilla_3.6.0.2_win32-setup.exe [2012.12.02 22:53:52 | 000,207,131 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\sockel.skp [2012.12.02 21:51:04 | 000,197,820 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\fassade.skp [2012.12.02 20:56:33 | 000,165,717 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\fassade.skb [2012.12.02 19:42:27 | 000,141,982 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Sockelgroß.pdf [2012.12.02 17:18:23 | 000,065,216 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\fertig1.pdf [2012.11.29 20:55:42 | 001,591,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.21 20:14:51 | 000,001,482 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\RecConfig.xml ========== Files Created - No Company Name ========== [2012.12.16 17:26:25 | 000,000,000 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\defogger_reenable [2012.12.16 17:25:32 | 000,050,477 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Defogger.exe [2012.12.16 17:21:22 | 000,312,506 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.jpg [2012.12.16 17:21:22 | 000,014,516 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\recently-used.xbel [2012.12.16 17:21:12 | 000,654,611 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.png [2012.12.16 17:20:07 | 006,221,923 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.xcf [2012.12.13 19:08:05 | 000,000,221 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Metro 2033.url [2012.12.13 18:47:18 | 074,331,423 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\metro2033.exe [2012.12.13 17:47:06 | 008,196,545 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Tatorte_Städtebau_M14_ws_12_13.pdf [2012.12.13 16:46:01 | 000,468,797 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Aufgabe Mu nkershu ttenplatz .zip [2012.12.13 16:45:48 | 000,038,277 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\121217_4.2.Ue9.pdf [2012.12.13 12:01:45 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2012.12.13 12:01:45 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2012.12.13 12:01:42 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2012.12.13 12:01:40 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof [2012.12.13 12:01:37 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2012.12.11 23:21:20 | 000,039,204 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Protokoll_12_12_10.pdf [2012.12.11 20:20:43 | 000,225,402 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\spbg.png [2012.12.11 19:12:54 | 000,040,975 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\6155157840.jpg [2012.12.07 19:34:12 | 000,026,193 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\98804719.png [2012.12.03 22:52:54 | 000,073,613 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Protokoll_12_12_03.pdf [2012.12.02 22:53:49 | 000,207,131 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\sockel.skp [2012.12.02 21:04:22 | 000,165,717 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\fassade.skb [2012.12.02 20:56:11 | 000,197,820 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\fassade.skp [2012.12.02 19:42:27 | 000,141,982 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Sockelgroß.pdf [2012.12.02 17:18:22 | 000,065,216 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\fertig1.pdf [2012.12.02 12:42:16 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.11.20 21:31:35 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.11.20 21:01:20 | 000,001,482 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\RecConfig.xml [2012.11.20 20:01:24 | 000,001,800 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.11.12 00:40:30 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2012.07.12 15:16:55 | 000,000,397 | ---- | C] () -- C:\Windows\barcode.ini [2012.05.09 19:12:01 | 000,000,287 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\VersionChecker_17.xml [2012.04.03 16:58:49 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2012.03.28 16:19:42 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe [2012.03.27 11:16:34 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.01 17:17:00 | 000,000,507 | ---- | C] () -- C:\Windows\FanControl.INI [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.11.29 15:15:49 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.11.29 15:14:56 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.11.29 15:14:56 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.11.29 15:13:12 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3040CN.INI [2011.11.29 15:12:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011.11.29 15:12:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011.11.29 15:12:43 | 000,000,402 | ---- | C] () -- C:\Windows\Brownie.ini [2011.11.27 23:31:34 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2011.11.19 18:41:36 | 000,007,597 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\Resmon.ResmonCfg [2011.08.09 15:12:02 | 001,197,521 | ---- | C] () -- C:\Windows\unins000.exe [2011.08.09 15:12:01 | 000,018,104 | ---- | C] () -- C:\Windows\unins000.dat [2011.03.25 13:50:13 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI [2011.03.25 13:33:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Horn Section [2011.03.25 13:33:42 | 000,000,268 | RH-- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Helper Scripts [2011.03.25 13:33:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2011.03.25 13:33:42 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Image Manipulation [2011.03.25 13:31:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Home [2011.03.25 13:31:20 | 000,000,268 | RH-- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Halftone [2011.03.25 13:31:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011.03.25 13:31:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Morph [2011.03.09 23:17:46 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.02 15:34:37 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011.03.02 15:34:37 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.02.27 12:59:45 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.01.31 09:58:23 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.01.30 12:47:05 | 000,017,408 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\WebpageIcons.db [2011.01.26 15:35:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.09.13 10:22:18 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\lame_enc.dll [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.20 22:03:26 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Audacity [2011.12.24 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Autodesk [2012.02.21 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Canneverbe Limited [2012.11.10 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.12.08 21:26:12 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2012.04.25 17:32:52 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\DAEMON Tools Lite [2012.10.17 22:23:12 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\DVDVideoSoft [2012.03.02 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Engelmann Media [2012.12.02 20:01:36 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1 [2012.12.04 00:31:46 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\FileZilla [2012.12.14 18:38:26 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\foobar2000 [2012.04.25 17:46:53 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\gtk-2.0 [2011.03.21 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\hdbADS [2011.03.14 22:19:28 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\inkscape [2011.07.10 19:40:14 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\iWin [2011.12.25 15:33:23 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\MAGIX [2012.05.15 17:24:00 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\MAXON [2012.05.09 19:11:32 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Nemetschek [2011.03.25 13:44:36 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Nikon [2011.04.01 14:44:04 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\OCS [2012.11.20 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\OpenCandy [2011.03.10 19:44:45 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\OpenOffice.org [2011.04.01 14:44:07 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Opera [2012.11.09 22:15:39 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Origin [2012.09.09 17:23:09 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\PunkBuster [2012.02.02 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Samsung [2011.09.16 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Scribus [2012.11.21 18:58:58 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Spotify [2012.11.11 02:47:42 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.07.21 16:18:36 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Steganos [2012.03.06 16:17:03 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\STRATO [2011.02.24 21:13:48 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Thunderbird [2011.03.09 23:20:09 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\TP [2012.07.22 22:14:19 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\TS3Client [2012.11.20 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\TuneUp Software [2012.09.05 17:36:12 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Ubisoft [2011.04.25 13:46:25 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\UHS Reader [2011.02.02 15:46:21 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Vodafone ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 995 bytes -> C:\Program Files\Common Files\System:TH8FOh2G6prmGuxbbM3QvWGsK9 @Alternate Data Stream - 1154 bytes -> C:\ProgramData\Microsoft:bruQxKENphLyzm7o3ywzrgEn @Alternate Data Stream - 1072 bytes -> C:\ProgramData\Microsoft:SgtaQ6U52c0P19fTmWXIQx @Alternate Data Stream - 1060 bytes -> C:\Program Files\Common Files\System:A3GJ9w1iAfbpdQsMsiSIGQ @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:E50C1642 < End of report > OTL Extras logfile created on: 16.12.2012 17:29:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NAME_GEÄNDERT\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,87 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 77,66% Memory free 15,73 Gb Paging File | 13,80 Gb Available in Paging File | 87,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,16 Gb Total Space | 51,06 Gb Free Space | 11,42% Space Free | Partition Type: NTFS Drive D: | 3,69 Gb Total Space | 2,84 Gb Free Space | 77,06% Space Free | Partition Type: FAT32 Computer Name: LAPTOPNAME_GEÄNDERT | User Name: NAME_GEÄNDERT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02B2929B-DD48-4D8B-B489-3AE929CCF81C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{055EFC2A-5AB7-40AC-A035-F4E2EB7B1F07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{07795352-32B3-4F37-86CE-C6A17804F977}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{07E8261D-1615-459F-AD88-900AE509D22A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{11B33799-488E-449E-9A37-BD779E95EEBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1EED6C85-964E-47B5-A7A4-8A6D3A6A07BF}" = rport=10243 | protocol=6 | dir=out | app=system | "{223D29A0-72E2-4AC5-B35E-A2420EE645C4}" = lport=52296 | protocol=6 | dir=in | name=akamai netsession interface | "{2D6D56DA-DB19-4795-A013-5ABA990E5CC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{32DF8E43-325E-4217-9EC9-69600F0FDA45}" = rport=138 | protocol=17 | dir=out | app=system | "{32FDD80C-7FB7-41BF-ADA3-BBF7AFAF627B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{33101FF7-477E-4F78-A0FD-3742BE979B0E}" = lport=445 | protocol=6 | dir=in | app=system | "{339A80B8-3EB4-4A08-AEAD-2200BDA71BCF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{36669490-C31E-4607-8BE1-F9DFB11C3DA2}" = rport=139 | protocol=6 | dir=out | app=system | "{3A96BED1-2652-4898-ADAE-FC8E4E9058E3}" = rport=445 | protocol=6 | dir=out | app=system | "{3F16979C-1622-4628-A96B-D1BA8807619F}" = lport=137 | protocol=17 | dir=in | app=system | "{4428A35C-3E5B-4D5F-94FA-69D1121CF329}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{456E2D55-3E07-47A0-8876-580AC74C8DE2}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface | "{4CE12E95-441F-4115-B099-BAF0FF6F237F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4DF58AC9-8FD0-4289-BB6C-21D2FB02A0AD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{56391731-70CE-40AE-B743-76D9F64C263C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5CAC06BD-C125-4C7B-8C9C-81E28558377F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5CD443E7-FDFC-4D24-848E-B4E5EB2D6953}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{66659609-24F5-47B1-8056-56F0D6FD7B37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{726F3FBF-51BE-4068-B839-61A42B5A005A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7796B5B8-A575-4662-9053-2C4D7874A412}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7D74E4E3-4736-45AA-936D-972A6A0FC2E8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{80B50A6F-3592-4C5D-8B3A-C19943EB5723}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{81412B11-0BEF-40AC-AACA-3F0DA04C8D66}" = lport=139 | protocol=6 | dir=in | app=system | "{82B74C3A-2E8F-4632-B96A-C92F083ABC92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8D602881-4EB4-4CF5-B82E-2AADCC838FC9}" = rport=2869 | protocol=6 | dir=out | app=system | "{9973495A-641D-4808-840C-37C43F4348CD}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A7701F21-0C0A-4E42-B7C7-6FB79CA0FF77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A7F7ACE1-58AF-4562-85F3-B831F85359C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B6B63CA1-4EB6-48ED-B66B-45A6593F2E6D}" = rport=137 | protocol=17 | dir=out | app=system | "{B712F4D3-A550-4325-AB53-4DAEB1AD98F4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{BEEB6F8A-A61E-4CB5-9EDC-07813F9E304C}" = lport=2869 | protocol=6 | dir=in | app=system | "{C0A85FD6-94AB-4B24-9982-3B49D8DC0B9D}" = lport=2869 | protocol=6 | dir=in | app=system | "{C0BC0A37-3135-47E6-8AAF-BCD9F59453EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C8AFB68E-4DD2-4B4A-BEFC-77C3CA35C5F8}" = lport=2869 | protocol=6 | dir=in | app=system | "{CD31C071-1001-4D0F-978B-5E37D3BA7B65}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D7A8F50D-6F65-4F31-8CF8-026B0FDCD70D}" = lport=138 | protocol=17 | dir=in | app=system | "{DBF45C84-539A-4701-94AA-1DEF4128A2B9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{DFB289B0-81D6-4662-97E5-B038E7A263F5}" = lport=10243 | protocol=6 | dir=in | app=system | "{E21E7D45-012C-4B1A-8291-6BA2F8E205C7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E41537B5-5E77-4FED-8EF7-3149FA0F8798}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F3F1DF78-133F-4DDD-887F-DFE369D852BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F78F8842-E0E6-4817-A67F-8D5C4198F968}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FAD741A4-261F-4311-8695-6DD777F26AE4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01E2D5DC-8EAD-47E0-9B35-6E45232572DE}" = protocol=6 | dir=in | app=c:\users\NAME_GEÄNDERT\appdata\roaming\spotify\spotify.exe | "{038D33C8-21B1-47AA-BD8C-A6AE965B509A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{044942C0-2D53-46F4-9193-3DEA68E23D2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0928ED1E-1007-41B9-A6D3-3E8B4B186A93}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{0BC45127-A752-4278-9C64-8CB62DA44598}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{16046521-D32F-4D3B-9BF0-04A22AC29947}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{16E0D004-B974-43FD-A28E-B03FD5AE65C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1B6F1261-DE47-4C63-9509-DE1CF15E10DE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1E61FDAA-F024-474E-BF0C-F1843579B369}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{20232053-2D11-4D0F-AD25-306DCFC8EA2E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{2574234A-77D5-45AC-AC79-6F26B0C851B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{32C49D4D-67A1-4C6F-BA3E-99105CE192F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3C1ED6A4-9AA7-4D1D-B57E-50E2080BE3C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3F98ABB9-AC5E-4D26-9A85-3DF76A4D8021}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4752290B-9292-4E16-9160-29A3624DD49C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{48B0A4C5-C087-443E-BDF2-7D6383EB1093}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\counter-strike\hl.exe | "{4CC17B0D-1C17-4ED6-A927-979B3CD82837}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{4FCBA2BF-2FF5-4A1A-8727-B776BEF5BDF2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{525C611D-620D-4759-A365-70DA350B04D0}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{5BC65FC8-BC63-45E1-A8E7-6E245891979F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5C6FEE48-5CB1-4327-825A-7B61CE26729A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{64244320-52DB-480D-BCE3-1D14EA319982}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\half-life\hl.exe | "{675D4AE0-06E2-432B-B872-7FD80A1FDEFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{67A3AA9C-12BE-4533-95F9-781D77BD4EFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\counter-strike\hl.exe | "{698F9CAB-9CB7-4BA2-8C55-618DEF9CE714}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\counter-strike\hl.exe | "{71D3BB3E-CC36-4EDE-B5E9-DE7634A7A606}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7C79731C-E9FC-41DF-AC4E-92CA531CCD8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8307803C-D5F3-4E5E-B287-FEEE8A49A655}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{85BB8A48-D6EC-4366-B0E0-135CFECA0EFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{89545E90-F481-425B-B9FB-85EB88A97439}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{8A50CD82-2C58-4F4E-9F75-801368385EBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\half-life\hl.exe | "{8AF3EAD5-7140-4DBB-BBA8-833A386E654A}" = protocol=17 | dir=in | app=c:\users\NAME_GEÄNDERT\appdata\roaming\spotify\spotify.exe | "{8DCFC738-AE5E-4F2E-AF24-38FD78FBAB62}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{94A67968-82B8-4E69-A5BA-23B2E22F3306}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{998FB0DE-8E94-403A-ACD8-168A5EAAFAB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{9BD31108-5E6D-4553-AE34-E10CD055646D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{A2416981-9640-4617-9F1A-635FFE37D1ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A4813D14-00A7-474B-9947-6589CB380D8E}" = protocol=6 | dir=out | app=system | "{A5279394-A57F-48D8-86EA-9B91D9C9EC2F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AB9ABA5E-D1D4-4423-898E-EB9AF419BCA3}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe | "{B2B43DB8-DBF7-412C-9D9D-0307839E6589}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B49781BF-283E-4D4A-97BA-0B66E802C92C}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{B49A0E44-9972-4608-8EFF-0363237606A9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{B887FC44-4C17-44DF-9F12-37DBA172289C}" = protocol=6 | dir=in | app=c:\users\NAME_GEÄNDERT\appdata\local\akamai\netsession_win.exe | "{BC242BBB-3CCA-40AB-A908-AD40BF1CF387}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe | "{BC932557-3476-4534-855B-A57465268AF1}" = protocol=17 | dir=in | app=c:\users\NAME_GEÄNDERT\appdata\local\akamai\netsession_win.exe | "{BE490076-51FD-4F58-A66E-998294898344}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BF807712-F7F3-44A6-A69E-3CB555AEFA22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\counter-strike\hl.exe | "{C31E4F64-113A-4D41-968A-2F9B1305343F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C58ECF92-DA2F-4930-A0AE-A18227352260}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{DA9CE098-3D13-4C59-89E3-ABB96D4BD167}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E0F0B9AA-FD7A-4DBA-99DA-9EE93A70A0C7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E65D324D-40F3-4BF5-AF61-21DC5EBD807D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{ED28922D-94EC-4C6E-A7CF-699E8F444464}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F8BC7687-DED3-4BCD-9C14-1C1130A5FABE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F8CBD3FD-BCDC-4D83-8DBD-4A15ED4CA8D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{0099AD0F-9655-40AD-82FA-D1A49999BA56}G:\cod4\iw3mp.exe" = protocol=6 | dir=in | app=g:\cod4\iw3mp.exe | "TCP Query User{31FA47C3-A81C-466E-9BFD-05E006A61C11}C:\program files (x86)\reality pump\lost souls\lostsouls.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\lost souls\lostsouls.exe | "TCP Query User{37B0D8A2-A673-4E58-9E0D-FEA636226BB3}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | "TCP Query User{3CD33B8A-0C99-42B4-BD0C-ACBB8DD1ACD4}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | "TCP Query User{53E2A662-DB0E-424F-920E-C1BA865D5B69}C:\program files (x86)\lucasarts\grim\grim fandango launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\grim\grim fandango launcher.exe | "TCP Query User{5593D532-93F7-488A-A084-C75582B82C16}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | "TCP Query User{5BDC6BB6-91DD-4F59-9265-6272C7FC8BAE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{723647C4-CF53-4E6D-BC55-F96A648F8C33}C:\program files (x86)\microsoft games\crimson skies\crimson.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\crimson skies\crimson.icd | "TCP Query User{8AC72DBB-2526-4FFD-8A55-1A9024EECDB9}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{8FC1C5B9-E116-4403-A793-4F6444186CAF}C:\program files (x86)\steam\steamapps\mycs0178\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\team fortress 2\hl2.exe | "TCP Query User{9D97320E-6819-4B77-97EC-467BE592FEB1}C:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe | "TCP Query User{AABCE171-4195-4A6B-918C-FEE27827B67D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{BB73C522-3BE2-45C9-B2F0-D9B2AC8B1153}G:\cod4\iw3mphamachi 1.7.exe" = protocol=6 | dir=in | app=g:\cod4\iw3mphamachi 1.7.exe | "TCP Query User{BE2B1150-5288-4C59-AB2D-4D39834A5348}C:\windows\splwow64.exe" = protocol=6 | dir=in | app=c:\windows\splwow64.exe | "TCP Query User{CC700DB0-9495-4165-A472-F048A5A711B0}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{DB058794-3073-4BA9-A1E0-691226090E13}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{FB348A8F-36F7-459C-8D15-F56CB82C074E}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe | "UDP Query User{00824456-2C7B-4EDD-9085-5828FB07B335}C:\program files (x86)\microsoft games\crimson skies\crimson.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\crimson skies\crimson.icd | "UDP Query User{03B57896-5295-40C1-8B0F-DDAC363AC8EB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{102AF677-375E-4D44-B417-D1EBA7242BB0}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | "UDP Query User{2A37DC4D-47AB-4E15-9A2A-818EDBA919D9}C:\windows\splwow64.exe" = protocol=17 | dir=in | app=c:\windows\splwow64.exe | "UDP Query User{2D47751D-2AA4-4DF0-B751-E3B0E608F47C}G:\cod4\iw3mp.exe" = protocol=17 | dir=in | app=g:\cod4\iw3mp.exe | "UDP Query User{307EDF77-AED5-4758-966A-0B67EA1D65DB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{32121B2E-1FA6-4368-9F2A-A59669E054A2}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe | "UDP Query User{6EB63FAC-4999-47CD-AE7A-BE8FD037941E}C:\program files (x86)\reality pump\lost souls\lostsouls.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\lost souls\lostsouls.exe | "UDP Query User{7505E024-8EE0-4DB1-91C3-CD0EC9D60FDF}C:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe | "UDP Query User{83B0184B-9506-4A00-B70A-32A7A5E8BF4F}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | "UDP Query User{90C6A15B-366C-4BA5-962C-B96EAC6EA057}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | "UDP Query User{A86D539C-1CD4-4228-9453-FC2756828403}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{AC33C9A1-1D22-42AB-B558-7051DE84A7A3}C:\program files (x86)\lucasarts\grim\grim fandango launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\grim\grim fandango launcher.exe | "UDP Query User{B698B844-37F2-4DFF-8221-177B026D6725}C:\program files (x86)\steam\steamapps\mycs0178\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\team fortress 2\hl2.exe | "UDP Query User{C32F5303-9F9F-4388-8E10-7F4E34CDAA5A}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{DC6FE210-1A81-4C64-B576-B259363DC957}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{F8F71A07-6D29-44BA-B19C-F44D768DAD78}G:\cod4\iw3mphamachi 1.7.exe" = protocol=17 | dir=in | app=g:\cod4\iw3mphamachi 1.7.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{63591AAA-97F0-24A8-3EBD-174B5E35D6BF}" = ccc-utility64 "{63FC1F01-1232-B654-0C07-E1CD91B760E0}" = AMD Media Foundation Decoders "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{82C9101B-36EC-5821-DD8B-05480074A0B8}" = AMD Catalyst Install Manager "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 ) "GIMP-2_is1" = GIMP 2.8.0-rc1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02D0DF6E-BE8D-66B0-3C3F-ED0F395DF765}" = CCC Help Finnish "{032412BA-DE82-47C2-B414-A1C96822189B}" = Acer Arcade Instant On "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1395B38D-5889-19E5-D02E-BD1A02BF373B}" = CCC Help Spanish "{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver "{13D5F9B6-D70A-DCCA-A00D-E43839CDFA83}" = CCC Help Chinese Standard "{1410D707-A9C3-2E70-9476-2427EC18134F}" = CCC Help Turkish "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37 "{27996809-446F-7261-6C69-6B654C656F6E}" = "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{291E2930-2240-11E2-BC84-B8AC6F98CCE3}" = Google Earth Plug-in "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{35025CC2-7D0B-4C2C-9876-5E065731DF0F}" = Brother HL-3040CN "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3AA9D712-182E-409C-ABBE-8E47CF05D926}_is1" = Trust Gaming Mouse Driver V1.1 "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8 "{46AFD359-AAE9-2843-B7CE-10FB46C76E99}" = CCC Help German "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8 "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{57D5FAFB-30E8-63EB-D4F7-07298597578F}" = Catalyst Control Center "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™ "{5CAA69CD-9C1B-5604-B14B-8FAC2BC5E228}" = Catalyst Control Center InstallProxy "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7322467B-FAD1-5529-C4EF-7EA4BC17C0A2}" = CCC Help Korean "{74E4B282-F25A-53A1-BBA5-7A3EFB90FAF4}" = CCC Help Japanese "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{87C2FAFA-E830-E3B1-A50E-876D00939884}" = Vectorworks 2012 Hilfe "{8AC115AA-27D2-4024-6E7D-D9FCD93D0487}" = CCC Help Portuguese "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{91EDBF6E-2260-646A-4D80-CB0802132736}" = Catalyst Control Center Localization All "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931AED36-CF8A-F34F-8C13-5C19010DF6C6}" = CCC Help French "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E75789D-E176-A72B-DE9E-D2AE63FE601B}" = Catalyst Control Center Graphics Previews Common "{9F711CB6-8E76-63DA-6ABA-C21B7C839CA5}" = CCC Help Russian "{A0E52598-872B-9E9A-181F-1A80C6AA4493}" = CCC Help Italian "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF322EC1-3499-45FD-9EDD-DCC7FD5C18DF}" = Autodesk SketchBookExpress 2011 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2F23819-54DB-4077-991E-1A322477253B}" = Python 2.6 PyGTK 2.24.0 "{B8C90283-AF97-2AD8-7DE1-5296254468F4}" = PX Profile Update "{BFA7A60F-D018-AF0D-47E9-A13D0219E86A}" = CCC Help Thai "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3C35CB3-82B6-F36F-B39A-B2AFAA74F7D2}" = CCC Help Norwegian "{C47C2F4D-4419-D823-C272-325FD9B92415}" = CCC Help Czech "{C68C6E34-A103-F7BC-8682-C1C4190BAC1F}" = CCC Help Greek "{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6 "{D0251102-442C-6FE0-4FDC-2ACF2AD2A2A5}" = CCC Help English "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6 "{D2A90CAF-AF34-C526-D4C7-AE4FF4547B66}" = CCC Help Polish "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5C76964-F17B-7FCB-958F-1C067A2D217C}" = CCC Help Swedish "{E7E76AEC-266C-C1A0-E39B-21AB97402CA1}" = CCC Help Chinese Traditional "{E7F12C4C-9932-A039-4FAC-CAD1672EB633}" = CCC Help Hungarian "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EBE9A607-31AB-696D-5220-5098B61AA9B2}" = CCC Help Dutch "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FFAF4DB9-943E-97E5-051C-DC6C4E7094C0}" = CCC Help Danish "5513-1208-7298-9440" = JDownloader 0.9 "Acer Registration" = Acer Registration "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 2.0.2 "Avira AntiVir Desktop" = Avira Professional Security "DivX Setup.divx.com" = DivX-Setup "eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2012 Hilfe "FileZilla Client" = FileZilla Client 3.6.0.2 "foobar2000" = foobar2000 v1.1.15 "GPL Ghostscript 9.04" = GPL Ghostscript "Identity Card" = Identity Card "Inkscape" = Inkscape 0.48.1 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6 "InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection "LAME_is1" = LAME v3.99.3 (for Windows) "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de) "Origin" = Origin "Scribus 1.4.0" = Scribus 1.4.0rc5 "Steam App 10" = Counter-Strike "Steam App 43110" = Metro 2033 "Steam App 570" = Dota 2 "STRATO HiDrive" = STRATO HiDrive (remove only) "VLC media player" = VLC media player 1.1.11 "Wacom Tablet Driver" = Wacom Tablett "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "WinLiveSuite" = Windows Live Essentials "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30.11.2012 10:13:32 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Avira Antivirus | ID = 4129 Description = Das Update von LAPTOPNAME_GEÄNDERT (127.0.0.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen. Error - 30.11.2012 10:20:26 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: DivXMFSource.dll, Version: 1.0.0.72, Zeitstempel: 0x4cffcff8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000e5ec6 ID des fehlerhaften Prozesses: 0xc54 Startzeit der fehlerhaften Anwendung: 0x01cdcf042fa76e87 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll Berichtskennung: 15a31cc2-3af9-11e2-ba59-1c750840180a Error - 30.11.2012 10:21:06 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: DivXMFSource.dll, Version: 1.0.0.72, Zeitstempel: 0x4cffcff8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000e5ec6 ID des fehlerhaften Prozesses: 0x1154 Startzeit der fehlerhaften Anwendung: 0x01cdcf05dc113b02 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll Berichtskennung: 2d6e6df1-3af9-11e2-ba59-1c750840180a Error - 30.11.2012 10:21:56 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: DivXMFSource.dll, Version: 1.0.0.72, Zeitstempel: 0x4cffcff8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000e5ec6 ID des fehlerhaften Prozesses: 0xb50 Startzeit der fehlerhaften Anwendung: 0x01cdcf05f1ac8c9d Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll Berichtskennung: 4b022814-3af9-11e2-ba59-1c750840180a Error - 30.11.2012 10:22:31 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: DivXMFSource.dll, Version: 1.0.0.72, Zeitstempel: 0x4cffcff8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000e5ec6 ID des fehlerhaften Prozesses: 0x3c8 Startzeit der fehlerhaften Anwendung: 0x01cdcf060f435401 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll Berichtskennung: 5fe8336b-3af9-11e2-ba59-1c750840180a Error - 02.12.2012 06:49:13 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Avira Antivirus | ID = 4129 Description = Das Update von LAPTOPNAME_GEÄNDERT (127.0.0.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen. Error - 02.12.2012 07:38:43 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: VECTOR~2.EXE, Version: 17.0.3.0, Zeitstempel: 0x4f635e4a Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4cf4536a Ausnahmecode: 0xc0000005 Fehleroffset: 0x6898bb89 ID des fehlerhaften Prozesses: 0x808 Startzeit der fehlerhaften Anwendung: 0x01cdd0817b7addeb Pfad der fehlerhaften Anwendung: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE Pfad des fehlerhaften Moduls: QuickTime.qts Berichtskennung: d2bd2984-3c74-11e2-ba59-1c750840180a Error - 10.12.2012 14:37:30 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Avira Antivirus | ID = 4129 Description = Das Update von LAPTOPNAME_GEÄNDERT (127.0.0.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen. Error - 10.12.2012 20:14:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1574 Startzeit: 01cdd7059b2bf7e1 Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: a54a3bca-4327-11e2-9ae1-1c750840180a Error - 14.12.2012 11:40:03 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: VECTOR~2.EXE, Version: 17.0.3.0, Zeitstempel: 0x4f635e4a Name des fehlerhaften Moduls: VECTOR~2.EXE, Version: 17.0.3.0, Zeitstempel: 0x4f635e4a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0094ea5f ID des fehlerhaften Prozesses: 0x173c Startzeit der fehlerhaften Anwendung: 0x01cdda0427d892c6 Pfad der fehlerhaften Anwendung: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE Pfad des fehlerhaften Moduls: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE Berichtskennung: 8655e804-4604-11e2-902d-1c750840180a [ Media Center Events ] Error - 31.03.2011 11:25:03 | Computer Name = BjoernsAcer | Source = MCUpdate | ID = 0 Description = 17:25:03 - Fehler beim Herstellen der Internetverbindung. 17:25:03 - Serververbindung konnte nicht hergestellt werden.. Error - 31.03.2011 11:25:13 | Computer Name = BjoernsAcer | Source = MCUpdate | ID = 0 Description = 17:25:08 - Fehler beim Herstellen der Internetverbindung. 17:25:08 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 11:20:35 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 17:20:35 - Fehler beim Herstellen der Internetverbindung. 17:20:35 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 11:20:45 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 17:20:40 - Fehler beim Herstellen der Internetverbindung. 17:20:40 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 12:20:49 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 18:20:49 - Fehler beim Herstellen der Internetverbindung. 18:20:49 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 12:20:55 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 18:20:54 - Fehler beim Herstellen der Internetverbindung. 18:20:54 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 13:21:00 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 19:21:00 - Fehler beim Herstellen der Internetverbindung. 19:21:00 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 13:21:05 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 19:21:05 - Fehler beim Herstellen der Internetverbindung. 19:21:05 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 18:57:45 | Computer Name = blackbetty | Source = MCUpdate | ID = 0 Description = 00:57:45 - Fehler beim Herstellen der Internetverbindung. 00:57:45 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 18:57:54 | Computer Name = blackbetty | Source = MCUpdate | ID = 0 Description = 00:57:51 - Fehler beim Herstellen der Internetverbindung. 00:57:51 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 16.12.2012 12:00:20 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht. Error - 16.12.2012 12:29:48 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = ipnathlp | ID = 31004 Description = < End of report > Ich hoffe, ich habe keinen Schritt der Threaderstellung vergessen... Schonmal vielen Dank für die Hilfe! |
|
16.12.2012, 18:07
| #2 |
| /// Malware-holic   | "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Hi,
__________________genau, CMD ist die Komandozeile. Ne Reinigung von außen bringt auch keine Besserung, Probleme macht eher Dreck im Innern :-) download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
16.12.2012, 18:17
| #3 |
| | "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Wow, danke für die schnelle Antwort - da blieb ja nichtmal Zeit zum Kaffee holen!
__________________ Hier der Report, den der TDSSKiller ausgegeben hat: 18:13:33.0087 4248 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 18:13:33.0477 4248 ============================================================ 18:13:33.0477 4248 Current date / time: 2012/12/16 18:13:33.0477 18:13:33.0477 4248 SystemInfo: 18:13:33.0477 4248 18:13:33.0477 4248 OS Version: 6.1.7601 ServicePack: 1.0 18:13:33.0477 4248 Product type: Workstation 18:13:33.0477 4248 ComputerName: LAPTOPNAME_GEÄNDERT 18:13:33.0477 4248 UserName: NAME_GEÄNDERT 18:13:33.0477 4248 Windows directory: C:\Windows 18:13:33.0477 4248 System windows directory: C:\Windows 18:13:33.0477 4248 Running under WOW64 18:13:33.0477 4248 Processor architecture: Intel x64 18:13:33.0477 4248 Number of processors: 4 18:13:33.0477 4248 Page size: 0x1000 18:13:33.0477 4248 Boot type: Normal boot 18:13:33.0477 4248 ============================================================ 18:13:33.0867 4248 Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048 18:13:33.0882 4248 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:13:33.0882 4248 Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:13:33.0882 4248 ============================================================ 18:13:33.0882 4248 \Device\Harddisk1\DR1: 18:13:33.0898 4248 MBR partitions: 18:13:33.0898 4248 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00 18:13:33.0898 4248 \Device\Harddisk0\DR0: 18:13:33.0898 4248 MBR partitions: 18:13:33.0898 4248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2500800, BlocksNum 0x32000 18:13:33.0913 4248 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2533000, BlocksNum 0x37E52800 18:13:33.0913 4248 \Device\Harddisk1\DR1: 18:13:33.0913 4248 MBR partitions: 18:13:33.0913 4248 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00 18:13:33.0913 4248 ============================================================ 18:13:33.0929 4248 C: <-> \Device\Harddisk0\DR0\Partition2 18:13:33.0929 4248 ============================================================ 18:13:33.0929 4248 Initialize success 18:13:33.0929 4248 ============================================================ 18:13:37.0813 4632 ============================================================ 18:13:37.0813 4632 Scan started 18:13:37.0813 4632 Mode: Manual; SigCheck; TDLFS; 18:13:37.0813 4632 ============================================================ 18:13:38.0921 4632 ================ Scan system memory ======================== 18:13:38.0921 4632 System memory - ok 18:13:38.0921 4632 ================ Scan services ============================= 18:13:39.0155 4632 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:13:39.0186 4632 1394ohci - ok 18:13:39.0280 4632 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:13:39.0295 4632 ACPI - ok 18:13:39.0342 4632 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:13:39.0358 4632 AcpiPmi - ok 18:13:39.0561 4632 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:13:39.0576 4632 AdobeARMservice - ok 18:13:39.0748 4632 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:13:39.0763 4632 AdobeFlashPlayerUpdateSvc - ok 18:13:39.0826 4632 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 18:13:39.0841 4632 adp94xx - ok 18:13:39.0873 4632 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 18:13:39.0888 4632 adpahci - ok 18:13:39.0935 4632 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 18:13:39.0951 4632 adpu320 - ok 18:13:39.0966 4632 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:13:39.0997 4632 AeLookupSvc - ok 18:13:40.0075 4632 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:13:40.0091 4632 AFD - ok 18:13:40.0153 4632 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:13:40.0169 4632 agp440 - ok 18:13:40.0200 4632 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:13:40.0216 4632 ALG - ok 18:13:40.0247 4632 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:13:40.0263 4632 aliide - ok 18:13:40.0294 4632 [ F687D4976EFF550FB0BE45A5CB19F18F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 18:13:40.0309 4632 AMD External Events Utility - ok 18:13:40.0387 4632 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:13:40.0387 4632 amdide - ok 18:13:40.0419 4632 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 18:13:40.0434 4632 AmdK8 - ok 18:13:40.0575 4632 [ 74687C33C4AD25A975BBB1EA1E8B3884 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 18:13:40.0653 4632 amdkmdag - ok 18:13:40.0668 4632 [ C7F56ED86327A78E7F8A5CC503A98BD6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 18:13:40.0668 4632 amdkmdap - ok 18:13:40.0699 4632 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:13:40.0699 4632 AmdPPM - ok 18:13:40.0746 4632 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:13:40.0746 4632 amdsata - ok 18:13:40.0777 4632 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 18:13:40.0777 4632 amdsbs - ok 18:13:40.0809 4632 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:13:40.0809 4632 amdxata - ok 18:13:40.0933 4632 [ 9F1B3EB9B3D29E898C4D4AA5613CDFB2 ] AntiVirFireWallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe 18:13:40.0949 4632 AntiVirFireWallService - ok 18:13:40.0996 4632 [ 56BEB1292DC71E49C824455EC582BFCE ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 18:13:41.0011 4632 AntiVirMailService - ok 18:13:41.0089 4632 [ 7ABE4092C35E7D4596487DFA075D84E1 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 18:13:41.0089 4632 AntiVirSchedulerService - ok 18:13:41.0167 4632 [ 5A37FFA608AE126C9702F5C07E07FC08 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 18:13:41.0183 4632 AntiVirService - ok 18:13:41.0245 4632 [ 5F2F39626586536CA86F402A1C947463 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 18:13:41.0261 4632 AntiVirWebService - ok 18:13:41.0323 4632 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:13:41.0370 4632 AppID - ok 18:13:41.0386 4632 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:13:41.0417 4632 AppIDSvc - ok 18:13:41.0495 4632 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:13:41.0526 4632 Appinfo - ok 18:13:41.0573 4632 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 18:13:41.0573 4632 arc - ok 18:13:41.0589 4632 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 18:13:41.0604 4632 arcsas - ok 18:13:41.0760 4632 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 18:13:41.0760 4632 aspnet_state - ok 18:13:41.0791 4632 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:13:41.0823 4632 AsyncMac - ok 18:13:41.0916 4632 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:13:41.0932 4632 atapi - ok 18:13:41.0979 4632 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys 18:13:42.0025 4632 athr - ok 18:13:42.0181 4632 [ 74687C33C4AD25A975BBB1EA1E8B3884 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 18:13:42.0259 4632 atikmdag - ok 18:13:42.0353 4632 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:13:42.0400 4632 AudioEndpointBuilder - ok 18:13:42.0447 4632 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:13:42.0493 4632 AudioSrv - ok 18:13:42.0540 4632 [ C5B223B2C174147D00F64E0D783459C7 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys 18:13:42.0556 4632 avfwim - ok 18:13:42.0618 4632 [ C7B2A376DCF4E1528B26358A9B341F4C ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys 18:13:42.0634 4632 avfwot - ok 18:13:42.0681 4632 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 18:13:42.0681 4632 avgntflt - ok 18:13:42.0743 4632 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 18:13:42.0743 4632 avipbb - ok 18:13:42.0759 4632 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 18:13:42.0774 4632 avkmgr - ok 18:13:42.0837 4632 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:13:42.0852 4632 AxInstSV - ok 18:13:42.0899 4632 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 18:13:42.0915 4632 b06bdrv - ok 18:13:42.0946 4632 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:13:42.0961 4632 b57nd60a - ok 18:13:43.0071 4632 [ 2D659B569A76CDB83B815675A80D7096 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 18:13:43.0195 4632 BCM43XX - ok 18:13:43.0242 4632 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:13:43.0273 4632 BDESVC - ok 18:13:43.0320 4632 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:13:43.0398 4632 Beep - ok 18:13:43.0476 4632 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:13:43.0523 4632 BFE - ok 18:13:43.0601 4632 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 18:13:43.0648 4632 BITS - ok 18:13:43.0663 4632 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:13:43.0695 4632 blbdrive - ok 18:13:43.0757 4632 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:13:43.0788 4632 bowser - ok 18:13:43.0819 4632 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:13:43.0882 4632 BrFiltLo - ok 18:13:43.0882 4632 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:13:43.0897 4632 BrFiltUp - ok 18:13:43.0929 4632 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:13:43.0944 4632 Browser - ok 18:13:43.0975 4632 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:13:44.0007 4632 Brserid - ok 18:13:44.0022 4632 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:13:44.0053 4632 BrSerWdm - ok 18:13:44.0085 4632 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:13:44.0131 4632 BrUsbMdm - ok 18:13:44.0163 4632 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:13:44.0178 4632 BrUsbSer - ok 18:13:44.0241 4632 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 18:13:44.0303 4632 BthEnum - ok 18:13:44.0350 4632 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 18:13:44.0381 4632 BTHMODEM - ok 18:13:44.0412 4632 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 18:13:44.0428 4632 BthPan - ok 18:13:44.0490 4632 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 18:13:44.0537 4632 BTHPORT - ok 18:13:44.0599 4632 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:13:44.0646 4632 bthserv - ok 18:13:44.0693 4632 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 18:13:44.0740 4632 BTHUSB - ok 18:13:44.0771 4632 [ 73A1C54749FE4F0019241E36C796AB86 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys 18:13:44.0787 4632 btwampfl - ok 18:13:44.0802 4632 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 18:13:44.0802 4632 btwaudio - ok 18:13:44.0833 4632 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 18:13:44.0849 4632 btwavdt - ok 18:13:44.0943 4632 [ 4E6AC6475EF653BDFFDA67A74B9591D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 18:13:44.0974 4632 btwdins - ok 18:13:44.0989 4632 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 18:13:45.0005 4632 btwl2cap - ok 18:13:45.0021 4632 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 18:13:45.0036 4632 btwrchid - ok 18:13:45.0067 4632 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:13:45.0130 4632 cdfs - ok 18:13:45.0208 4632 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:13:45.0255 4632 cdrom - ok 18:13:45.0333 4632 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:13:45.0426 4632 CertPropSvc - ok 18:13:45.0473 4632 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 18:13:45.0504 4632 circlass - ok 18:13:45.0567 4632 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:13:45.0582 4632 CLFS - ok 18:13:45.0660 4632 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:13:45.0660 4632 clr_optimization_v2.0.50727_32 - ok 18:13:45.0691 4632 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:13:45.0691 4632 clr_optimization_v2.0.50727_64 - ok 18:13:45.0832 4632 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:13:45.0847 4632 clr_optimization_v4.0.30319_32 - ok 18:13:45.0894 4632 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:13:45.0894 4632 clr_optimization_v4.0.30319_64 - ok 18:13:45.0941 4632 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:13:45.0972 4632 CmBatt - ok 18:13:46.0003 4632 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:13:46.0019 4632 cmdide - ok 18:13:46.0066 4632 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 18:13:46.0097 4632 CNG - ok 18:13:46.0128 4632 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 18:13:46.0144 4632 Compbatt - ok 18:13:46.0206 4632 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:13:46.0253 4632 CompositeBus - ok 18:13:46.0269 4632 COMSysApp - ok 18:13:46.0300 4632 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 18:13:46.0300 4632 crcdisk - ok 18:13:46.0362 4632 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:13:46.0409 4632 CryptSvc - ok 18:13:46.0471 4632 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:13:46.0518 4632 DcomLaunch - ok 18:13:46.0565 4632 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:13:46.0627 4632 defragsvc - ok 18:13:46.0721 4632 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:13:46.0768 4632 DfsC - ok 18:13:46.0830 4632 [ 388039F99CE8769024EE0438352ACA99 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 18:13:46.0830 4632 dg_ssudbus - ok 18:13:46.0908 4632 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:13:46.0939 4632 Dhcp - ok 18:13:46.0986 4632 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:13:47.0017 4632 discache - ok 18:13:47.0049 4632 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 18:13:47.0049 4632 Disk - ok 18:13:47.0111 4632 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:13:47.0142 4632 Dnscache - ok 18:13:47.0189 4632 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:13:47.0251 4632 dot3svc - ok 18:13:47.0283 4632 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 18:13:47.0298 4632 Dot4 - ok 18:13:47.0345 4632 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys 18:13:47.0392 4632 Dot4Print - ok 18:13:47.0423 4632 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 18:13:47.0454 4632 dot4usb - ok 18:13:47.0501 4632 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:13:47.0548 4632 DPS - ok 18:13:47.0610 4632 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:13:47.0641 4632 drmkaud - ok 18:13:47.0704 4632 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:13:47.0735 4632 DXGKrnl - ok 18:13:47.0766 4632 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:13:47.0813 4632 EapHost - ok 18:13:47.0907 4632 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 18:13:48.0016 4632 ebdrv - ok 18:13:48.0094 4632 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:13:48.0141 4632 EFS - ok 18:13:48.0250 4632 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:13:48.0281 4632 ehRecvr - ok 18:13:48.0312 4632 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:13:48.0328 4632 ehSched - ok 18:13:48.0375 4632 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 18:13:48.0390 4632 elxstor - ok 18:13:48.0437 4632 [ DE9402E080E9E3C94A9FD3FCF65DE369 ] enecir C:\Windows\system32\DRIVERS\enecir.sys 18:13:48.0453 4632 enecir - ok 18:13:48.0468 4632 [ E17EB95358F396E27D573A1B20F891F8 ] enecirhid C:\Windows\system32\DRIVERS\enecirhid.sys 18:13:48.0499 4632 enecirhid ( UnsignedFile.Multi.Generic ) - warning 18:13:48.0499 4632 enecirhid - detected UnsignedFile.Multi.Generic (1) 18:13:48.0546 4632 [ 8492D808C79BD6FE439F77BE84956CDF ] enecirhidma C:\Windows\system32\DRIVERS\enecirhidma.sys 18:13:48.0562 4632 enecirhidma ( UnsignedFile.Multi.Generic ) - warning 18:13:48.0562 4632 enecirhidma - detected UnsignedFile.Multi.Generic (1) 18:13:48.0640 4632 [ C97DF8DBB45B2FF2B36317A6380CD177 ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe 18:13:48.0655 4632 ePowerSvc - ok 18:13:48.0671 4632 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:13:48.0702 4632 ErrDev - ok 18:13:48.0765 4632 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:13:48.0811 4632 EventSystem - ok 18:13:48.0827 4632 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:13:48.0858 4632 exfat - ok 18:13:48.0874 4632 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:13:48.0936 4632 fastfat - ok 18:13:49.0030 4632 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:13:49.0077 4632 Fax - ok 18:13:49.0123 4632 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 18:13:49.0139 4632 fdc - ok 18:13:49.0155 4632 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:13:49.0201 4632 fdPHost - ok 18:13:49.0217 4632 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:13:49.0264 4632 FDResPub - ok 18:13:49.0279 4632 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:13:49.0279 4632 FileInfo - ok 18:13:49.0326 4632 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:13:49.0373 4632 Filetrace - ok 18:13:49.0389 4632 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 18:13:49.0420 4632 flpydisk - ok 18:13:49.0482 4632 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:13:49.0482 4632 FltMgr - ok 18:13:49.0560 4632 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 18:13:49.0623 4632 FontCache - ok 18:13:49.0716 4632 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:13:49.0716 4632 FontCache3.0.0.0 - ok 18:13:49.0747 4632 [ 305380D5D33BFDEAAF14D73E969239FC ] FPSensor C:\Windows\system32\Drivers\FPSensor.sys 18:13:49.0763 4632 FPSensor - ok 18:13:49.0794 4632 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:13:49.0794 4632 FsDepends - ok 18:13:49.0857 4632 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:13:49.0872 4632 Fs_Rec - ok 18:13:49.0935 4632 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:13:49.0950 4632 fvevol - ok 18:13:49.0966 4632 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 18:13:49.0981 4632 gagp30kx - ok 18:13:49.0997 4632 ghsmdm - ok 18:13:50.0059 4632 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:13:50.0106 4632 gpsvc - ok 18:13:50.0169 4632 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 18:13:50.0169 4632 GREGService - ok 18:13:50.0356 4632 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:13:50.0356 4632 gupdate - ok 18:13:50.0403 4632 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:13:50.0418 4632 gupdatem - ok 18:13:50.0449 4632 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:13:50.0496 4632 hcw85cir - ok 18:13:50.0574 4632 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:13:50.0637 4632 HdAudAddService - ok 18:13:50.0668 4632 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:13:50.0699 4632 HDAudBus - ok 18:13:50.0746 4632 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 18:13:50.0761 4632 HECIx64 - ok 18:13:50.0777 4632 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 18:13:50.0793 4632 HidBatt - ok 18:13:50.0808 4632 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 18:13:50.0839 4632 HidBth - ok 18:13:50.0855 4632 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 18:13:50.0886 4632 HidIr - ok 18:13:50.0917 4632 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:13:50.0964 4632 hidserv - ok 18:13:51.0058 4632 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:13:51.0073 4632 HidUsb - ok 18:13:51.0120 4632 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:13:51.0167 4632 hkmsvc - ok 18:13:51.0229 4632 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:13:51.0261 4632 HomeGroupListener - ok 18:13:51.0307 4632 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:13:51.0339 4632 HomeGroupProvider - ok 18:13:51.0401 4632 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:13:51.0417 4632 HpSAMD - ok 18:13:51.0432 4632 HTCAND64 - ok 18:13:51.0495 4632 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:13:51.0541 4632 HTTP - ok 18:13:51.0588 4632 hwdatacard - ok 18:13:51.0651 4632 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:13:51.0651 4632 hwpolicy - ok 18:13:51.0729 4632 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 18:13:51.0744 4632 i8042prt - ok 18:13:51.0791 4632 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 18:13:51.0807 4632 IAANTMON - ok 18:13:51.0838 4632 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 18:13:51.0838 4632 iaStor - ok 18:13:51.0885 4632 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:13:51.0900 4632 iaStorV - ok 18:13:52.0009 4632 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 18:13:52.0025 4632 IDriverT ( UnsignedFile.Multi.Generic ) - warning 18:13:52.0025 4632 IDriverT - detected UnsignedFile.Multi.Generic (1) 18:13:52.0119 4632 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:13:52.0134 4632 idsvc - ok 18:13:52.0228 4632 [ 607013AF90E9107664F7204613DB5631 ] IGBASVC C:\Program Files (x86)\Acer Bio Protection\BASVC.exe 18:13:52.0290 4632 IGBASVC ( UnsignedFile.Multi.Generic ) - warning 18:13:52.0290 4632 IGBASVC - detected UnsignedFile.Multi.Generic (1) 18:13:52.0337 4632 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 18:13:52.0353 4632 iirsp - ok 18:13:52.0415 4632 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:13:52.0477 4632 IKEEXT - ok 18:13:52.0524 4632 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 18:13:52.0540 4632 Impcd - ok 18:13:52.0618 4632 [ FEADC18677A85A123E95A9B976101120 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:13:52.0696 4632 IntcAzAudAddService - ok 18:13:52.0727 4632 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:13:52.0727 4632 intelide - ok 18:13:52.0774 4632 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:13:52.0789 4632 intelppm - ok 18:13:52.0836 4632 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:13:52.0867 4632 IPBusEnum - ok 18:13:52.0930 4632 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:13:52.0977 4632 IpFilterDriver - ok 18:13:53.0086 4632 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:13:53.0101 4632 iphlpsvc - ok 18:13:53.0148 4632 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:13:53.0195 4632 IPMIDRV - ok 18:13:53.0242 4632 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:13:53.0273 4632 IPNAT - ok 18:13:53.0304 4632 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:13:53.0320 4632 IRENUM - ok 18:13:53.0367 4632 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:13:53.0382 4632 isapnp - ok 18:13:53.0429 4632 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:13:53.0445 4632 iScsiPrt - ok 18:13:53.0476 4632 [ 5BD76F820656AEAA2DCE66EED8DA84B9 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 18:13:53.0491 4632 JMCR - ok 18:13:53.0523 4632 [ E662CB468A1CFF3A57E120A212FADD57 ] johci C:\Windows\system32\DRIVERS\johci.sys 18:13:53.0538 4632 johci - ok 18:13:53.0585 4632 [ 08DD34F74D65E1C8F238565570952630 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 18:13:53.0601 4632 k57nd60a - ok 18:13:53.0616 4632 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:13:53.0632 4632 kbdclass - ok 18:13:53.0694 4632 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:13:53.0725 4632 kbdhid - ok 18:13:53.0757 4632 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:13:53.0772 4632 KeyIso - ok 18:13:53.0803 4632 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:13:53.0819 4632 KSecDD - ok 18:13:53.0866 4632 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:13:53.0881 4632 KSecPkg - ok 18:13:53.0913 4632 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:13:53.0960 4632 ksthunk - ok 18:13:54.0006 4632 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:13:54.0069 4632 KtmRm - ok 18:13:54.0178 4632 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:13:54.0225 4632 LanmanServer - ok 18:13:54.0318 4632 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:13:54.0381 4632 LanmanWorkstation - ok 18:13:54.0412 4632 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:13:54.0443 4632 lltdio - ok 18:13:54.0474 4632 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:13:54.0537 4632 lltdsvc - ok 18:13:54.0568 4632 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:13:54.0599 4632 lmhosts - ok 18:13:54.0662 4632 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 18:13:54.0677 4632 LMS - ok 18:13:54.0693 4632 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 18:13:54.0708 4632 LSI_FC - ok 18:13:54.0708 4632 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 18:13:54.0724 4632 LSI_SAS - ok 18:13:54.0724 4632 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:13:54.0740 4632 LSI_SAS2 - ok 18:13:54.0740 4632 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:13:54.0755 4632 LSI_SCSI - ok 18:13:54.0786 4632 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:13:54.0849 4632 luafv - ok 18:13:54.0896 4632 massfilter_hs - ok 18:13:54.0958 4632 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:13:54.0974 4632 Mcx2Svc - ok 18:13:54.0989 4632 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 18:13:55.0005 4632 megasas - ok 18:13:55.0005 4632 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 18:13:55.0020 4632 MegaSR - ok 18:13:55.0052 4632 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:13:55.0114 4632 MMCSS - ok 18:13:55.0114 4632 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:13:55.0145 4632 Modem - ok 18:13:55.0223 4632 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:13:55.0254 4632 monitor - ok 18:13:55.0317 4632 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:13:55.0332 4632 mouclass - ok 18:13:55.0364 4632 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:13:55.0395 4632 mouhid - ok 18:13:55.0457 4632 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:13:55.0457 4632 mountmgr - ok 18:13:55.0566 4632 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 18:13:55.0582 4632 MpFilter - ok 18:13:55.0644 4632 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:13:55.0660 4632 mpio - ok 18:13:55.0676 4632 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:13:55.0722 4632 mpsdrv - ok 18:13:55.0785 4632 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:13:55.0847 4632 MpsSvc - ok 18:13:55.0894 4632 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:13:55.0925 4632 MRxDAV - ok 18:13:55.0988 4632 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:13:56.0019 4632 mrxsmb - ok 18:13:56.0066 4632 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:13:56.0097 4632 mrxsmb10 - ok 18:13:56.0112 4632 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:13:56.0144 4632 mrxsmb20 - ok 18:13:56.0222 4632 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:13:56.0237 4632 msahci - ok 18:13:56.0253 4632 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:13:56.0253 4632 msdsm - ok 18:13:56.0284 4632 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:13:56.0300 4632 MSDTC - ok 18:13:56.0331 4632 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:13:56.0378 4632 Msfs - ok 18:13:56.0393 4632 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:13:56.0424 4632 mshidkmdf - ok 18:13:56.0487 4632 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:13:56.0502 4632 msisadrv - ok 18:13:56.0518 4632 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:13:56.0565 4632 MSiSCSI - ok 18:13:56.0580 4632 msiserver - ok 18:13:56.0596 4632 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:13:56.0627 4632 MSKSSRV - ok 18:13:56.0736 4632 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 18:13:56.0752 4632 MsMpSvc - ok 18:13:56.0768 4632 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:13:56.0830 4632 MSPCLOCK - ok 18:13:56.0861 4632 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:13:56.0908 4632 MSPQM - ok 18:13:56.0955 4632 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:13:56.0970 4632 MsRPC - ok 18:13:57.0017 4632 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:13:57.0017 4632 mssmbios - ok 18:13:57.0048 4632 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:13:57.0080 4632 MSTEE - ok 18:13:57.0095 4632 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 18:13:57.0126 4632 MTConfig - ok 18:13:57.0142 4632 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:13:57.0158 4632 Mup - ok 18:13:57.0220 4632 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:13:57.0267 4632 napagent - ok 18:13:57.0314 4632 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:13:57.0360 4632 NativeWifiP - ok 18:13:57.0407 4632 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:13:57.0438 4632 NDIS - ok 18:13:57.0485 4632 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:13:57.0532 4632 NdisCap - ok 18:13:57.0563 4632 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:13:57.0594 4632 NdisTapi - ok 18:13:57.0657 4632 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:13:57.0704 4632 Ndisuio - ok 18:13:57.0750 4632 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:13:57.0797 4632 NdisWan - ok 18:13:57.0860 4632 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:13:57.0922 4632 NDProxy - ok 18:13:57.0969 4632 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 18:13:57.0984 4632 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 18:13:57.0984 4632 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 18:13:58.0016 4632 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:13:58.0062 4632 NetBIOS - ok 18:13:58.0125 4632 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:13:58.0172 4632 NetBT - ok 18:13:58.0187 4632 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:13:58.0203 4632 Netlogon - ok 18:13:58.0234 4632 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:13:58.0296 4632 Netman - ok 18:13:58.0359 4632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:13:58.0359 4632 NetMsmqActivator - ok 18:13:58.0374 4632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:13:58.0390 4632 NetPipeActivator - ok 18:13:58.0406 4632 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:13:58.0452 4632 netprofm - ok 18:13:58.0499 4632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:13:58.0515 4632 NetTcpActivator - ok 18:13:58.0515 4632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:13:58.0515 4632 NetTcpPortSharing - ok 18:13:58.0546 4632 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 18:13:58.0562 4632 nfrd960 - ok 18:13:58.0640 4632 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 18:13:58.0640 4632 NisDrv - ok 18:13:58.0702 4632 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 18:13:58.0718 4632 NisSrv - ok 18:13:58.0764 4632 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:13:58.0796 4632 NlaSvc - ok 18:13:58.0827 4632 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:13:58.0858 4632 Npfs - ok 18:13:58.0874 4632 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:13:58.0905 4632 nsi - ok 18:13:58.0920 4632 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:13:58.0952 4632 nsiproxy - ok 18:13:59.0045 4632 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:13:59.0108 4632 Ntfs - ok 18:13:59.0123 4632 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:13:59.0170 4632 Null - ok 18:13:59.0201 4632 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:13:59.0217 4632 nvraid - ok 18:13:59.0248 4632 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:13:59.0248 4632 nvstor - ok 18:13:59.0310 4632 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:13:59.0326 4632 nv_agp - ok 18:13:59.0388 4632 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:13:59.0404 4632 ohci1394 - ok 18:13:59.0435 4632 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:13:59.0482 4632 p2pimsvc - ok 18:13:59.0498 4632 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:13:59.0513 4632 p2psvc - ok 18:13:59.0560 4632 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 18:13:59.0576 4632 Parport - ok 18:13:59.0622 4632 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:13:59.0638 4632 partmgr - ok 18:13:59.0654 4632 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:13:59.0685 4632 PcaSvc - ok 18:13:59.0700 4632 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:13:59.0716 4632 pci - ok 18:13:59.0763 4632 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:13:59.0778 4632 pciide - ok 18:13:59.0810 4632 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 18:13:59.0825 4632 pcmcia - ok 18:13:59.0841 4632 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:13:59.0841 4632 pcw - ok 18:13:59.0872 4632 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:13:59.0950 4632 PEAUTH - ok 18:14:00.0075 4632 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:14:00.0090 4632 PerfHost - ok 18:14:00.0168 4632 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:14:00.0262 4632 pla - ok 18:14:00.0324 4632 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:14:00.0340 4632 PlugPlay - ok 18:14:00.0371 4632 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 18:14:00.0371 4632 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 18:14:00.0371 4632 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 18:14:00.0387 4632 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:14:00.0418 4632 PNRPAutoReg - ok 18:14:00.0449 4632 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:14:00.0465 4632 PNRPsvc - ok 18:14:00.0527 4632 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:14:00.0574 4632 PolicyAgent - ok 18:14:00.0605 4632 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:14:00.0652 4632 Power - ok 18:14:00.0714 4632 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:14:00.0761 4632 PptpMiniport - ok 18:14:00.0792 4632 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 18:14:00.0808 4632 Processor - ok 18:14:00.0870 4632 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:14:00.0917 4632 ProfSvc - ok 18:14:00.0948 4632 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:14:00.0948 4632 ProtectedStorage - ok 18:14:01.0026 4632 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:14:01.0058 4632 Psched - ok 18:14:01.0089 4632 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 18:14:01.0151 4632 ql2300 - ok 18:14:01.0167 4632 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 18:14:01.0182 4632 ql40xx - ok 18:14:01.0198 4632 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:14:01.0229 4632 QWAVE - ok 18:14:01.0229 4632 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:14:01.0245 4632 QWAVEdrv - ok 18:14:01.0245 4632 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:14:01.0307 4632 RasAcd - ok 18:14:01.0354 4632 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:14:01.0385 4632 RasAgileVpn - ok 18:14:01.0416 4632 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:14:01.0448 4632 RasAuto - ok 18:14:01.0510 4632 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:14:01.0557 4632 Rasl2tp - ok 18:14:01.0619 4632 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:14:01.0666 4632 RasMan - ok 18:14:01.0713 4632 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:14:01.0760 4632 RasPppoe - ok 18:14:01.0791 4632 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:14:01.0838 4632 RasSstp - ok 18:14:01.0900 4632 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:14:01.0947 4632 rdbss - ok 18:14:01.0978 4632 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 18:14:01.0994 4632 rdpbus - ok 18:14:02.0009 4632 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:14:02.0072 4632 RDPCDD - ok 18:14:02.0072 4632 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:14:02.0134 4632 RDPENCDD - ok 18:14:02.0150 4632 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:14:02.0196 4632 RDPREFMP - ok 18:14:02.0274 4632 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 18:14:02.0306 4632 RdpVideoMiniport - ok 18:14:02.0352 4632 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:14:02.0368 4632 RDPWD - ok 18:14:02.0430 4632 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:14:02.0430 4632 rdyboost - ok 18:14:02.0462 4632 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:14:02.0508 4632 RemoteAccess - ok 18:14:02.0524 4632 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:14:02.0571 4632 RemoteRegistry - ok 18:14:02.0618 4632 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 18:14:02.0649 4632 RFCOMM - ok 18:14:02.0680 4632 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:14:02.0742 4632 RpcEptMapper - ok 18:14:02.0789 4632 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:14:02.0805 4632 RpcLocator - ok 18:14:02.0867 4632 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:14:02.0898 4632 RpcSs - ok 18:14:02.0930 4632 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:14:02.0976 4632 rspndr - ok 18:14:03.0008 4632 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 18:14:03.0023 4632 RTHDMIAzAudService - ok 18:14:03.0023 4632 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:14:03.0039 4632 SamSs - ok 18:14:03.0101 4632 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:14:03.0117 4632 sbp2port - ok 18:14:03.0148 4632 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:14:03.0195 4632 SCardSvr - ok 18:14:03.0242 4632 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:14:03.0288 4632 scfilter - ok 18:14:03.0351 4632 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:14:03.0429 4632 Schedule - ok 18:14:03.0476 4632 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:14:03.0507 4632 SCPolicySvc - ok 18:14:03.0554 4632 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 18:14:03.0600 4632 sdbus - ok 18:14:03.0647 4632 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:14:03.0663 4632 SDRSVC - ok 18:14:03.0710 4632 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:14:03.0772 4632 seclogon - ok 18:14:03.0819 4632 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:14:03.0850 4632 SENS - ok 18:14:03.0881 4632 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:14:03.0912 4632 SensrSvc - ok 18:14:03.0944 4632 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 18:14:03.0959 4632 Serenum - ok 18:14:03.0990 4632 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 18:14:04.0022 4632 Serial - ok 18:14:04.0068 4632 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 18:14:04.0084 4632 sermouse - ok 18:14:04.0146 4632 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:14:04.0193 4632 SessionEnv - ok 18:14:04.0256 4632 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:14:04.0287 4632 sffdisk - ok 18:14:04.0287 4632 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:14:04.0302 4632 sffp_mmc - ok 18:14:04.0302 4632 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:14:04.0334 4632 sffp_sd - ok 18:14:04.0349 4632 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 18:14:04.0396 4632 sfloppy - ok 18:14:04.0443 4632 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:14:04.0505 4632 SharedAccess - ok 18:14:04.0552 4632 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:14:04.0599 4632 ShellHWDetection - ok 18:14:04.0614 4632 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:14:04.0630 4632 SiSRaid2 - ok 18:14:04.0630 4632 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 18:14:04.0646 4632 SiSRaid4 - ok 18:14:04.0770 4632 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 18:14:04.0770 4632 SkypeUpdate - ok 18:14:04.0802 4632 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:14:04.0848 4632 Smb - ok 18:14:04.0880 4632 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:14:04.0911 4632 SNMPTRAP - ok 18:14:04.0926 4632 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:14:04.0926 4632 spldr - ok 18:14:04.0989 4632 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 18:14:05.0020 4632 Spooler - ok 18:14:05.0114 4632 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:14:05.0270 4632 sppsvc - ok 18:14:05.0316 4632 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:14:05.0348 4632 sppuinotify - ok 18:14:05.0410 4632 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:14:05.0426 4632 srv - ok 18:14:05.0457 4632 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:14:05.0519 4632 srv2 - ok 18:14:05.0550 4632 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:14:05.0566 4632 srvnet - ok 18:14:05.0613 4632 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:14:05.0660 4632 SSDPSRV - ok 18:14:05.0675 4632 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:14:05.0706 4632 SstpSvc - ok 18:14:05.0769 4632 [ AD42CA614E086BCADBD53FFFC404AC24 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 18:14:05.0784 4632 ssudmdm - ok 18:14:05.0878 4632 Steam Client Service - ok 18:14:05.0909 4632 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 18:14:05.0925 4632 stexstor - ok 18:14:06.0003 4632 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:14:06.0050 4632 stisvc - ok 18:14:06.0221 4632 [ DD7F11E64E90043B895724DBDC668CD7 ] STRATO HiDrive Service C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe 18:14:06.0221 4632 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - warning 18:14:06.0221 4632 STRATO HiDrive Service - detected UnsignedFile.Multi.Generic (1) 18:14:06.0268 4632 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:14:06.0284 4632 swenum - ok 18:14:06.0408 4632 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 18:14:06.0424 4632 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 18:14:06.0424 4632 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 18:14:06.0455 4632 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:14:06.0518 4632 swprv - ok 18:14:06.0564 4632 [ 5AEEC2BB8065B563ADBC88CA22588953 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 18:14:06.0580 4632 SynTP - ok 18:14:06.0658 4632 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:14:06.0736 4632 SysMain - ok 18:14:06.0798 4632 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:14:06.0814 4632 TabletInputService - ok 18:14:06.0970 4632 [ C0255D8E3ABE790694927624603F8F10 ] TabletServiceWacom C:\Windows\system32\Wacom_Tablet.exe 18:14:07.0157 4632 TabletServiceWacom - ok 18:14:07.0220 4632 [ BCD6A90D6FD757CE9C29DDC850F7F231 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 18:14:07.0251 4632 tap0901 - ok 18:14:07.0313 4632 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:14:07.0360 4632 TapiSrv - ok 18:14:07.0391 4632 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:14:07.0438 4632 TBS - ok 18:14:07.0532 4632 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:14:07.0594 4632 Tcpip - ok 18:14:07.0641 4632 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:14:07.0672 4632 TCPIP6 - ok 18:14:07.0734 4632 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:14:07.0750 4632 tcpipreg - ok 18:14:07.0781 4632 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:14:07.0797 4632 TDPIPE - ok 18:14:07.0859 4632 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:14:07.0875 4632 TDTCP - ok 18:14:07.0937 4632 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:14:07.0984 4632 tdx - ok 18:14:08.0031 4632 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:14:08.0046 4632 TermDD - ok 18:14:08.0109 4632 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:14:08.0171 4632 TermService - ok 18:14:08.0218 4632 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:14:08.0234 4632 Themes - ok 18:14:08.0265 4632 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:14:08.0296 4632 THREADORDER - ok 18:14:08.0327 4632 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:14:08.0358 4632 TrkWks - ok 18:14:08.0436 4632 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:14:08.0499 4632 TrustedInstaller - ok 18:14:08.0577 4632 [ 2670B4F69E530C9DE602488CA8C55AD3 ] trustms C:\Windows\system32\drivers\trustms.sys 18:14:08.0577 4632 trustms - ok 18:14:08.0639 4632 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:14:08.0686 4632 tssecsrv - ok 18:14:08.0733 4632 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:14:08.0764 4632 TsUsbFlt - ok 18:14:08.0842 4632 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:14:08.0889 4632 tunnel - ok 18:14:08.0951 4632 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 18:14:08.0951 4632 TurboB - ok 18:14:09.0014 4632 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 18:14:09.0029 4632 TurboBoost - ok 18:14:09.0045 4632 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 18:14:09.0045 4632 uagp35 - ok 18:14:09.0107 4632 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:14:09.0138 4632 udfs - ok 18:14:09.0170 4632 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:14:09.0185 4632 UI0Detect - ok 18:14:09.0216 4632 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:14:09.0232 4632 uliagpkx - ok 18:14:09.0279 4632 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 18:14:09.0310 4632 umbus - ok 18:14:09.0341 4632 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 18:14:09.0357 4632 UmPass - ok 18:14:09.0450 4632 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 18:14:09.0482 4632 UNS - ok 18:14:09.0528 4632 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe 18:14:09.0544 4632 Updater Service - ok 18:14:09.0591 4632 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:14:09.0638 4632 upnphost - ok 18:14:09.0700 4632 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 18:14:09.0716 4632 usbaudio - ok 18:14:09.0716 4632 usbbus - ok 18:14:09.0794 4632 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:14:09.0809 4632 usbccgp - ok 18:14:09.0872 4632 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:14:09.0887 4632 usbcir - ok 18:14:09.0903 4632 UsbDiag - ok 18:14:09.0903 4632 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 18:14:09.0934 4632 usbehci - ok 18:14:09.0996 4632 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:14:10.0028 4632 usbhub - ok 18:14:10.0028 4632 USBModem - ok 18:14:10.0074 4632 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:14:10.0121 4632 usbohci - ok 18:14:10.0152 4632 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:14:10.0184 4632 usbprint - ok 18:14:10.0215 4632 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:14:10.0230 4632 USBSTOR - ok 18:14:10.0308 4632 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:14:10.0324 4632 usbuhci - ok 18:14:10.0386 4632 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 18:14:10.0433 4632 usbvideo - ok 18:14:10.0464 4632 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:14:10.0511 4632 UxSms - ok 18:14:10.0558 4632 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:14:10.0558 4632 VaultSvc - ok 18:14:10.0574 4632 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:14:10.0574 4632 vdrvroot - ok 18:14:10.0636 4632 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:14:10.0698 4632 vds - ok 18:14:10.0745 4632 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:14:10.0761 4632 vga - ok 18:14:10.0776 4632 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:14:10.0823 4632 VgaSave - ok 18:14:10.0870 4632 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:14:10.0886 4632 vhdmp - ok 18:14:10.0948 4632 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:14:10.0948 4632 viaide - ok 18:14:10.0964 4632 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:14:10.0979 4632 volmgr - ok 18:14:11.0042 4632 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:14:11.0057 4632 volmgrx - ok 18:14:11.0073 4632 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:14:11.0088 4632 volsnap - ok 18:14:11.0120 4632 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 18:14:11.0135 4632 vsmraid - ok 18:14:11.0213 4632 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:14:11.0291 4632 VSS - ok 18:14:11.0307 4632 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:14:11.0338 4632 vwifibus - ok 18:14:11.0385 4632 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:14:11.0432 4632 vwififlt - ok 18:14:11.0463 4632 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 18:14:11.0478 4632 vwifimp - ok 18:14:11.0510 4632 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:14:11.0541 4632 W32Time - ok 18:14:11.0603 4632 [ 37E4600E2CDAD3C1A3613A25B97D457C ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys 18:14:11.0603 4632 wacmoumonitor - ok 18:14:11.0650 4632 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys 18:14:11.0650 4632 wacommousefilter - ok 18:14:11.0666 4632 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 18:14:11.0681 4632 WacomPen - ok 18:14:11.0712 4632 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys 18:14:11.0712 4632 wacomvhid - ok 18:14:11.0775 4632 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:14:11.0822 4632 WANARP - ok 18:14:11.0822 4632 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:14:11.0853 4632 Wanarpv6 - ok 18:14:11.0931 4632 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:14:11.0978 4632 wbengine - ok 18:14:12.0009 4632 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:14:12.0024 4632 WbioSrvc - ok 18:14:12.0071 4632 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:14:12.0118 4632 wcncsvc - ok 18:14:12.0149 4632 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:14:12.0165 4632 WcsPlugInService - ok 18:14:12.0180 4632 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 18:14:12.0196 4632 Wd - ok 18:14:12.0258 4632 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:14:12.0290 4632 Wdf01000 - ok 18:14:12.0305 4632 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:14:12.0336 4632 WdiServiceHost - ok 18:14:12.0352 4632 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:14:12.0368 4632 WdiSystemHost - ok 18:14:12.0414 4632 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:14:12.0446 4632 WebClient - ok 18:14:12.0492 4632 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:14:12.0508 4632 Wecsvc - ok 18:14:12.0539 4632 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:14:12.0602 4632 wercplsupport - ok 18:14:12.0633 4632 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:14:12.0680 4632 WerSvc - ok 18:14:12.0695 4632 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:14:12.0742 4632 WfpLwf - ok 18:14:12.0758 4632 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:14:12.0758 4632 WIMMount - ok 18:14:12.0789 4632 WinDefend - ok 18:14:12.0789 4632 WinHttpAutoProxySvc - ok 18:14:12.0867 4632 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:14:12.0882 4632 Winmgmt - ok 18:14:12.0976 4632 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll 18:14:13.0085 4632 WinRM - ok 18:14:13.0179 4632 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:14:13.0210 4632 WinUsb - ok 18:14:13.0241 4632 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:14:13.0288 4632 Wlansvc - ok 18:14:13.0444 4632 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:14:13.0491 4632 wlidsvc - ok 18:14:13.0538 4632 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:14:13.0569 4632 WmiAcpi - ok 18:14:13.0631 4632 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:14:13.0647 4632 wmiApSrv - ok 18:14:13.0678 4632 WMPNetworkSvc - ok 18:14:13.0709 4632 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:14:13.0709 4632 WPCSvc - ok 18:14:13.0772 4632 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:14:13.0787 4632 WPDBusEnum - ok 18:14:13.0818 4632 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:14:13.0865 4632 ws2ifsl - ok 18:14:13.0896 4632 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 18:14:13.0928 4632 wscsvc - ok 18:14:13.0928 4632 WSearch - ok 18:14:14.0037 4632 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:14:14.0130 4632 wuauserv - ok 18:14:14.0193 4632 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:14:14.0208 4632 WudfPf - ok 18:14:14.0240 4632 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:14:14.0271 4632 WUDFRd - ok 18:14:14.0318 4632 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:14:14.0333 4632 wudfsvc - ok 18:14:14.0364 4632 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:14:14.0380 4632 WwanSvc - ok 18:14:14.0411 4632 ================ Scan global =============================== 18:14:14.0442 4632 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:14:14.0489 4632 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 18:14:14.0505 4632 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 18:14:14.0536 4632 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:14:14.0567 4632 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:14:14.0567 4632 [Global] - ok 18:14:14.0567 4632 ================ Scan MBR ================================== 18:14:14.0567 4632 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 18:14:14.0739 4632 \Device\Harddisk1\DR1 - ok 18:14:14.0754 4632 [ 9C51D3FD2697BD2AE931BE1D6F1E6FFA ] \Device\Harddisk0\DR0 18:14:15.0191 4632 \Device\Harddisk0\DR0 - ok 18:14:15.0191 4632 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 18:14:15.0363 4632 \Device\Harddisk1\DR1 - ok 18:14:15.0363 4632 ================ Scan VBR ================================== 18:14:15.0363 4632 [ 65D78D257916AB0B90A43803481BFC9A ] \Device\Harddisk1\DR1\Partition1 18:14:15.0363 4632 \Device\Harddisk1\DR1\Partition1 - ok 18:14:15.0378 4632 [ 65D316E57884CFD5000111E3435A6CB8 ] \Device\Harddisk0\DR0\Partition1 18:14:15.0378 4632 \Device\Harddisk0\DR0\Partition1 - ok 18:14:15.0394 4632 [ 45C14CA7380C607610EF273E179FD7A9 ] \Device\Harddisk0\DR0\Partition2 18:14:15.0394 4632 \Device\Harddisk0\DR0\Partition2 - ok 18:14:15.0394 4632 [ 65D78D257916AB0B90A43803481BFC9A ] \Device\Harddisk1\DR1\Partition1 18:14:15.0394 4632 \Device\Harddisk1\DR1\Partition1 - ok 18:14:15.0394 4632 ============================================================ 18:14:15.0394 4632 Scan finished 18:14:15.0394 4632 ============================================================ 18:14:15.0410 3980 Detected object count: 8 18:14:15.0410 3980 Actual detected object count: 8 18:14:34.0145 3980 enecirhid ( UnsignedFile.Multi.Generic ) - skipped by user 18:14:34.0145 3980 enecirhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:14:34.0145 3980 enecirhidma ( UnsignedFile.Multi.Generic ) - skipped by user 18:14:34.0145 3980 enecirhidma ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:14:34.0145 3980 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 18:14:34.0145 3980 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:14:34.0145 3980 IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user 18:14:34.0145 3980 IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:14:34.0145 3980 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 18:14:34.0145 3980 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:14:34.0145 3980 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 18:14:34.0145 3980 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:14:34.0145 3980 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - skipped by user 18:14:34.0145 3980 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:14:34.0145 3980 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 18:14:34.0145 3980 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
16.12.2012, 18:25
| #4 | |
| /// Malware-holic | "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 18:54
| #5 |
| | "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Hier der Bericht: Combofix Logfile: Code:
ATTFilter ComboFix 12-12-14.01 - NAME_GEÄNDERT 16.12.2012 18:33:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8055.6202 [GMT 1:00]
ausgeführt von:: c:\users\NAME_GEÄNDERT\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Acer Bio Protection\PwdFilterV64.dll
c:\programdata\FullRemove.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-16 bis 2012-12-16 ))))))))))))))))))))))))))))))
.
.
2012-12-16 16:10 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6EAE501-FF98-49F2-95BD-B2456B682683}\mpengine.dll
2012-12-14 16:30 . 2012-12-14 16:30 -------- d-----w- c:\users\NAME_GEÄNDERT\AppData\Local\Google
2012-12-13 18:04 . 2012-12-13 18:04 -------- d-----w- c:\program files (x86)\Metro 2033
2012-12-13 11:09 . 2012-12-13 11:09 -------- d-----w- c:\windows\Migration
2012-12-13 11:02 . 2012-08-21 14:20 46080 ----a-w- c:\windows\SysWow64\ncobjapi.dll
2012-12-13 11:02 . 2012-08-21 13:49 58368 ----a-w- c:\windows\system32\ncobjapi.dll
2012-12-13 11:02 . 2012-08-21 13:12 74240 ----a-w- c:\windows\system32\wbem\NCProv.dll
2012-12-13 10:58 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 10:58 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-12-13 10:56 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-13 10:55 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 10:55 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 10:55 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 10:55 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 10:55 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 10:55 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 10:55 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 10:53 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 10:53 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-02 21:22 . 2012-12-02 21:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-02 21:22 . 2012-12-02 21:22 -------- d-----r- c:\program files (x86)\Skype
2012-12-02 21:12 . 2012-12-02 21:12 -------- d-----w- c:\users\NAME_GEÄNDERT\AppData\Roaming\Apple Computer
2012-12-02 19:01 . 2012-12-02 19:01 -------- d-----w- c:\users\NAME_GEÄNDERT\AppData\Roaming\eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1
2012-12-02 11:44 . 2012-12-02 11:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-02 11:44 . 2012-12-02 11:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-02 11:44 . 2012-12-02 11:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-02 11:44 . 2012-12-02 11:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-02 11:44 . 2012-12-02 11:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-02 11:44 . 2012-12-02 11:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-02 11:44 . 2012-12-02 11:44 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-02 11:44 . 2012-12-02 11:44 -------- d-----w- c:\program files (x86)\QuickTime
2012-12-02 11:44 . 2012-12-02 11:44 -------- d-----w- c:\programdata\Apple Computer
2012-12-02 11:42 . 2012-12-02 11:42 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-12-02 11:42 . 2012-12-02 11:42 -------- d-----w- c:\users\NAME_GEÄNDERT\AppData\Local\Apple
2012-12-02 11:42 . 2012-12-02 11:42 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-12-02 11:03 . 2012-12-02 11:03 -------- d-----w- c:\users\NAME_GEÄNDERT\AppData\Local\Macromedia
2012-11-30 14:09 . 2012-11-30 14:09 -------- d-----w- c:\users\NAME_GEÄNDERT\AppData\Local\EgisTec IPS
2012-11-29 19:56 . 2012-11-29 19:56 -------- d-----w- c:\programdata\ATI
2012-11-29 19:46 . 2012-11-29 19:46 -------- d-----w- c:\programdata\AMD
2012-11-29 19:46 . 2012-11-29 19:46 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-29 19:46 . 2012-11-29 19:46 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-29 19:46 . 2012-11-29 19:46 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-29 19:46 . 2012-11-29 19:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-11-29 19:44 . 2012-11-29 19:46 -------- d-----w- c:\program files\ATI Technologies
2012-11-20 20:43 . 2012-11-20 20:43 -------- d-----w- c:\program files (x86)\Lame For Audacity
2012-11-20 20:31 . 2012-11-20 21:03 -------- d-----w- c:\users\NAME_GEÄNDERT\AppData\Roaming\Audacity
2012-11-20 20:31 . 2012-11-20 20:31 -------- d-----w- c:\program files (x86)\Audacity
2012-11-20 20:22 . 2012-11-20 20:22 -------- d-----w- c:\program files (x86)\Windows Sidebar
2012-11-20 20:21 . 2012-11-20 20:21 -------- d-----w- c:\users\NAME_GEÄNDERT\AppData\Roaming\TuneUp Software
2012-11-20 20:21 . 2012-11-20 20:21 -------- d-----w- c:\programdata\TuneUp Software
2012-11-20 20:21 . 2012-11-20 20:21 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-11-20 20:21 . 2012-11-20 20:21 -------- d--h--w- c:\programdata\Common Files
2012-11-20 19:01 . 2012-11-21 17:58 -------- d-----w- c:\users\NAME_GEÄNDERT\AppData\Local\Spotify
2012-11-20 19:00 . 2012-11-21 17:58 -------- d-----w- c:\users\NAME_GEÄNDERT\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 11:30 . 2012-06-29 15:32 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 11:30 . 2012-06-29 15:32 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 10:59 . 2011-01-26 14:57 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-14 01:57 . 2012-12-13 10:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-12 06:42 . 2012-11-12 06:42 25299 ----a-w- c:\windows\SysWow64\BRLM03A.DLL
2012-11-07 12:47 . 2012-05-09 21:06 140936 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-11-07 12:47 . 2012-05-09 21:06 114168 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-29 13:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 13:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 13:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 14:34 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 14:34 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 14:34 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 14:34 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:47 . 2012-12-13 10:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-10-04 16:40 . 2012-12-13 10:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 14:34 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 14:34 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 14:34 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 14:34 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 14:34 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 14:34 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 14:34 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 14:34 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 14:34 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 14:34 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 14:34 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-15 14:32 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 14:32 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 13:32 . 2012-09-13 14:09 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 13:32 . 2011-02-05 21:26 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-03 1354736]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"Spotify Web Helper"="c:\users\NAME_GEÄNDERT\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-20 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3567616]
"Trust Gaming Mouse"="c:\program files (x86)\Trust Gaming Mouse\Mouse.exe" [2011-01-17 2245632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-25 342056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-25 39464]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-12-08 98616]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-04-25 36864]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-19 14848]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-24 6656]
R3 ghsmdm;Handset USB Modem;c:\windows\system32\DRIVERS\ghsmdm.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-12-08 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2009-09-21 20392]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-11-07 140936]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-09 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 203264]
S2 AntiVirFireWallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-14 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-02-26 783392]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-12-07 36400]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-09-05 3450368]
S2 STRATO HiDrive Service;STRATO HiDrive Service;c:\program files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [2011-11-14 32768]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-09 6245744]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-11-07 114168]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-09-23 144496]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-07 317480]
S3 trustms;Trust Mouse;c:\windows\system32\drivers\trustms.sys [2010-11-15 12416]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 11:30]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 13:22]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 13:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-26 496160]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\NAME_GEÄNDERT\AppData\Roaming\Mozilla\Firefox\Profiles\c050l76i.default\
FF - ExtSQL: 2012-10-20 21:57; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-11 22:27; {87eab3b7-a707-4459-99ae-c2fa06cfa36b}; c:\users\NAME_GEÄNDERT\AppData\Roaming\Mozilla\Firefox\Profiles\c050l76i.default\extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\NAME_GEÄNDERT\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Google Chrome - c:\users\NAME_GEÄNDERT\AppData\Local\Google\Chrome\Application\23.0.1271.91\Installer\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2347292157-3042307878-621166202-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,0f,7d,a0,fc,0c,86,33,8e,6c,d8,d6,af,5c,24,2a,9a,af,d3,07,b6,72,29,
a8,aa,7b,8f,30,58,e3,5e,cf,f7,33,8c,af,bd,3a,06,d4,7c,dd,90,43,4b,c4,15,b3,\
"??"=hex:68,95,12,fe,c2,cb,e4,6b,15,45,58,a9,cb,1b,34,3b
.
[HKEY_USERS\S-1-5-21-2347292157-3042307878-621166202-1000\Software\SecuROM\License information*]
"datasecu"=hex:31,30,1d,e4,64,83,f5,66,9d,58,fb,9c,60,b0,7d,c4,c7,57,35,f2,e6,
3c,60,18,b4,6c,84,99,d4,86,84,0c,cd,fc,e5,34,e1,f5,57,4c,af,9f,30,d5,c8,5d,\
"rkeysecu"=hex:1d,b7,c6,f6,7e,0a,ac,e2,1c,4e,c5,28,d6,b6,07,36
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:0e,07,56,c6,13,38,44,39,98,b4,94,01,20,09,69,1e,70,17,73,8c,78,
59,83,f4,2b,8f,a7,77,0f,67,0d,38,81,81,4e,d2,e2,ea,88,c9,1c,53,c2,48,f6,c2,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\SysWOW64\RunDll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-16 18:51:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-16 17:51
.
Vor Suchlauf: 13 Verzeichnis(se), 54.848.880.640 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 55.106.674.688 Bytes frei
.
- - End Of File - - 406772FDBEDEEB64A9A3EAA023F930B9
PS.: Es ist erstaunlich was ihr/du aus diesen Berichten lesen kannst. Größten Respekt! Geändert von Gepetto (16.12.2012 um 18:58 Uhr) Grund: Namenszensur |
|
16.12.2012, 19:55
| #6 |
| /// Malware-holic | "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Hi, noch nichts weiter Verdächtiges zu mindest. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt |
|
16.12.2012, 23:26
| #7 |
| | "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Hat ein paar Stunden gedauert aber hier ist der Bericht: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.16.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 NAME_GEÄNDERT :: LAPTOPNAME_GEÄNDERT [Administrator] 16.12.2012 20:01:47 mbam-log-2012-12-16 (20-01-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 551537 Laufzeit: 3 Stunde(n), 17 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files (x86)\Adobe\Adobe InDesign CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
18.12.2012, 13:41
| #8 |
| /// Malware-holic | "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Hi woher stammt deine Adobe InDesign Version?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 14:22
| #9 |
| | "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Hallo, bisher wusste ich nicht, dass ich eine AdobeIndesign-Version habe! Hatte mal zeitweise eine Testversion um zu gucken ob mir das Programm gefällt, mich dann aber dagegen entschieden. Können das Rückstände dieser Trial-Version sein? Beste Grüße und vielen Dank! |
|
19.12.2012, 15:31
| #10 |
| /// Malware-holic | "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Ja, warscheinlich. lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 15:46
| #11 |
| | "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Acer Bio Protection Egis Technology Inc. 07.12.2010 110MB 6.2.56 notwendig Acer Crystal Eye Webcam Suyin Optronics Corp 07.12.2010 5.2.5.3 notwendig Acer eRecovery Management Acer Incorporated 13.09.2010 4.05.3013 unnötig Acer PowerSmart Manager Acer Incorporated 13.09.2010 4.06.3009 notwendig Acer Registration Acer Incorporated 07.12.2010 1.03.3003 unbekannt Acer Updater Acer Incorporated 13.09.2010 1.02.3001 notwendig Acrobat.com Adobe Systems Incorporated 13.09.2010 1,60MB 1.6.65 unbekannt (reader?) Adobe AIR Adobe Systems Incorporated 11.11.2012 3.5.0.600 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.12.2012 6,00MB 11.5.502.135 notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 15.08.2012 121MB 10.1.4 notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 29.11.2012 26,2MB 8.0.873.0 notwendig? Apple Application Support Apple Inc. 02.12.2012 65,0MB 2.3 unnötig Apple Software Update Apple Inc. 02.12.2012 2,38MB 2.1.3.127 notwendig Audacity 2.0.2 Audacity Team 20.11.2012 43,5MB 2.0.2 notwendig Autodesk SketchBookExpress 2011 Autodesk 24.12.2011 105MB 5.00.0000 notwendig Avira Professional Security Avira 07.12.2012 124MB 12.1.9.1580 notwendig Battlefield 1942™ Electronic Arts 09.11.2012 1,21GB 1.6.20.0 notwendig Broadcom Gigabit NetLink Controller Broadcom Corporation 13.09.2010 460KB 12.26.01 notwendig Brother HL-3040CN Brother 29.11.2011 1.00 notwendig CCleaner Piriform 25.11.2012 3.25 notwendig CorelDRAW Graphics Suite 12 Corel Corporation 20.10.2011 319MB 12.0.0.458 notwendig Counter-Strike Valve 21.08.2011 notwendig DivX-Setup DivX, LLC 21.04.2011 2.5.0.8 notwendig Dota 2 14.09.2012 notwendig File Uploader Nikon 25.03.2011 1,64MB 1.2.0 unnötig FileZilla Client 3.6.0.2 FileZilla Project 02.12.2012 17,1MB 3.6.0.2 notwendig foobar2000 v1.1.15 Peter Pawlowski 11.10.2012 8,73MB 1.1.15 notwendig GIMP 2.8.0-rc1 The GIMP Team 05.05.2012 251MB 2.8.0 notwendig Google Earth Plug-in Google 19.12.2012 80,7MB 7.0.2.8415 unnötig Google SketchUp 8 Google, Inc. 22.10.2012 72,5MB 3.0.14358 notwendig GPL Ghostscript Artifex Software Inc. 27.11.2011 9.04 notwendig Identity Card Acer Incorporated 07.12.2010 1.00.3003 unbekannt Inkscape 0.48.1 29.08.2011 0.48.1 notwendig Intel(R) Management Engine Components Intel Corporation 07.12.2010 6.0.0.1179 notwendig? Intel(R) Turbo Boost Technology Driver Intel Corporation 07.12.2010 01.00.01.1002 notwendig? Intel® Matrix Storage Manager Intel Corporation 07.12.2010 notwendig? Java(TM) 6 Update 22 Oracle 10.03.2011 97,0MB 6.0.220 notwendig? Java(TM) 6 Update 37 Oracle 13.09.2012 95,7MB 6.0.370 notwendig? JMicron 1394 Filter Driver JMicron Technology Corp. 07.12.2010 1.00.06.00 unbekannt JMicron Flash Media Controller Driver JMicron Technology Corp. 07.12.2010 1.0.34.2 unbekannt LAME v3.99.3 (for Windows) 20.11.2012 1,52MB notwendig Macromedia Dreamweaver 8 Macromedia 05.12.2011 167MB 8.0.0.2751 notwendig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 16.12.2012 19,4MB 1.65.1.1000 notwendig Metro 2033 THQ 13.12.2012 notwendig --- Genaue Bedeutung der Microsoft Software ist mir unbekannt, wurde aber durch das automatische Update installiert --- Microsoft .NET Framework 4 Client Profile Microsoft Corporation 20.04.2012 38,8MB 4.0.30320 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 20.04.2012 2,93MB 4.0.30320 Microsoft .NET Framework 4 Extended Microsoft Corporation 20.04.2012 51,9MB 4.0.30320 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 20.04.2012 10,6MB 4.0.30320 Microsoft Security Essentials Microsoft Corporation 29.09.2012 4.1.522.0 Microsoft Silverlight Microsoft Corporation 15.05.2012 50,6MB 5.1.10411.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 07.12.2010 1,72MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 25.01.2012 252KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.08.2011 300KB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 05.03.2012 248KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 10.03.2011 788KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 21.08.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 13.09.2010 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10.03.2011 596KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.08.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 11.11.2012 13,8MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 11.05.2012 12,2MB 10.0.40219 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 26.01.2011 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.01.2011 1,33MB 4.20.9876.0 MSXML 4.0 SP3 Parser Microsoft Corporation 15.12.2011 1,47MB 4.30.2100.0 MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 11.07.2012 1,53MB 4.30.2114.0 MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 17.12.2011 1,53MB 4.30.2107.0 Mozilla Firefox 17.0.1 (x86 de) Mozilla 10.12.2012 42,3MB 17.0.1 notwendig Mozilla Thunderbird 16.0.1 (x86 de) Mozilla 21.11.2012 42,8MB 16.0.1 notwendig Nikon Message Center Nikon 25.03.2011 204KB 0.92.000 unnötig Nikon RAW Codec Nikon 25.03.2011 1.00.0000 notwendig Nikon Transfer Nikon 25.03.2011 47,0MB 1.4.0 notwendig No23 Recorder No23 20.11.2012 2,44MB 2.1.0.3 notwendig OpenOffice.org 3.4.1 Apache Software Foundation 17.09.2012 325MB 3.41.9593 notwendig Origin Electronic Arts, Inc. 09.11.2012 9.0.15.65 notwendig Phase 5 HTML-Editor Systemberatung Schommer 21.03.2011 3,72MB 5.6.2.3 notwendig Picture Control Utility Nikon 25.03.2011 18,9MB 1.1.5 notwendig Python 2.6 PyGTK 2.24.0 hxxp://www.pygtk.org/ 04.09.2011 161MB 2.24.0 notwendig Python 2.6.6 Python Software Foundation 04.09.2011 48,3MB 2.6.6150 notwendig QuickTime Apple Inc. 02.12.2012 73,1MB 7.73.80.64 notwendig Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 07.12.2010 6.0.1.5992 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 13.09.2010 6.0.1.6004 notwendig Samsung Kies Samsung Electronics Co., Ltd. 02.02.2012 204MB 2.1.1.11124_17 notwendig Scribus 1.4.0rc5 The Scribus Team 11.08.2011 1.4.0rc5 notwendig Sculptris Alpha 6 Pixologic 31.10.2012 14,5MB 0.6 notwendig Shape Collage Shape Collage Inc. 18.12.2012 notwendig Skype™ 6.0 Skype Technologies S.A. 02.12.2012 20,3MB 6.0.126 notwendig Spotify Spotify AB 20.11.2012 0.8.5.1333.g822e0de8 notwendig Steam Valve Corporation 21.08.2011 35,4MB 1.0.0.0 notwendig STRATO HiDrive (remove only) STRATO AG 06.03.2012 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 07.12.2010 14.0.4.0 unbekannt TeamSpeak 3 Client TeamSpeak Systems GmbH 07.08.2012 3.0.8.1 notwendig Trust Gaming Mouse Driver V1.1 09.08.2011 14,0MB notwendig Vectorworks 2012 Hilfe UNKNOWN 09.05.2012 1.0 notwendig ViewNX Nikon 25.03.2011 30,4MB 1.3.0 notwendig VLC media player 1.1.11 VideoLAN 27.10.2011 1.1.11 notwendig Wacom Tablett Wacom Technology Corp. 24.12.2011 notwendig WebTablet IE Plugin Wacom Technology Corp. 24.12.2011 1.1.0.4 notwendig WebTablet Netscape Plugin Wacom Technology Corp. 24.12.2011 1.1.0.3 notwendig WIDCOMM Bluetooth Software Broadcom Corporation 07.12.2010 183MB 6.3.0.6000 notwendig Windows Live Essentials Microsoft Corporation 19.08.2011 15.4.3538.0513 unbekannt Windows Live Sync Microsoft Corporation 07.12.2010 2,79MB 14.0.8117.416 unbekannt Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 ) Leaf Imaging Ltd. 14.07.2011 02/11/2010 unbekannt WinRAR 06.02.2011 notwendig Überwachungstool für die Intel® Turbo-Boost-Technik Intel 07.12.2010 1,13MB 1.0.186.6 unbekannt Bei "unbekannt" ist zumeist der Nutzen unbekannt. |
|
19.12.2012, 17:08
| #12 |
| /// Malware-holic | "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Avira: aktuell ist 2013, unbedingt upgraden, sollte kostenlos sein: Download Avira Professional Security, Version 2013 einfach drüber instalieren. wieso nutzt man als privat Person eig die Professional, da reichen eig auch die Normalen, vie Internet Security Deinstaliere: File Uploader Google Earth Java: beide downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Windows Live : alle für dich unnötigen öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt |
| akamai, antivir, avira, bho, c:\windows\system32\cmd.exe, error, fehler, firefox, flash player, frage, helper, hijack, home, install.exe, jdownloader, logfile, mywinlocker, plug-in, problem, programm, realtek, registry, scan, security, sketchup, spotify web helper, svchost.exe, system, teamspeak, trojaner, viren, windows |
Linear-Darstellung
