| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Explorer funktioniert nicht mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.01.2013, 15:09
| #1 |
 |  Windows Explorer funktioniert nicht mehr Hallo, ich habe seit neuestem bei meinem Laptop das Problem, dass wenn ich den Windows Explorer öffne und dann den Ordner Bilder öffne, kurze Zeit später die Meldung angezeigt bekomme, dass der Windows Explorer nicht funktioniert. Der wird dann geschlossen und wenn ich den Ordner dann wieder neu öffne, kommt das Problem erneut. Kann mir ein dabei weiterhelfen? |
|
05.01.2013, 15:14
| #2 |
| /// Malware-holic   | Windows Explorer funktioniert nicht mehr Hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
05.01.2013, 16:52
| #3 |
| | Windows Explorer funktioniert nicht mehr habe wie gewünscht den scan durchgeführt.
__________________Nun folgen die OTL.txt- und die Extra.txt-DateiOTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2013 16:06:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 68,25% Memory free 7,95 Gb Paging File | 6,53 Gb Available in Paging File | 82,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,30 Gb Total Space | 97,52 Gb Free Space | 52,34% Space Free | Partition Type: NTFS Drive D: | 254,45 Gb Total Space | 26,97 Gb Free Space | 10,60% Space Free | Partition Type: NTFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe (ASUS) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe (ASUS) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-618044182-2612779034-3158162430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-618044182-2612779034-3158162430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-618044182-2612779034-3158162430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-618044182-2612779034-3158162430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.9 FF - prefs.js..extensions.enabledAddons: url_advisor@kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: virtual_keyboard@kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: content_blocker@kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: anti_banner@kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: online_banking@kaspersky.com:13.0.1.4250 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.01.05 13:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.01.05 13:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.01.05 13:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.01.05 13:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.01.05 13:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 15:19:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 15:19:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.29 21:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012.12.12 19:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\o67xs3nx.default\extensions [2012.12.12 19:31:14 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\o67xs3nx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.05 13:28:50 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\o67xs3nx.default\searchplugins\icqplugin-1.xml [2011.11.18 17:08:51 | 000,001,056 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\o67xs3nx.default\searchplugins\icqplugin.xml [2012.08.19 17:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.05 13:25:23 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.01.05 13:25:23 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [2013.01.05 13:25:23 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM [2013.01.05 13:25:23 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM [2013.01.05 13:25:23 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM [2012.10.26 15:18:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.26 15:18:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - Extension: Modul zur Link-Untersuchung = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Anti-Banner = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-618044182-2612779034-3158162430-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-618044182-2612779034-3158162430-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKU\S-1-5-21-618044182-2612779034-3158162430-1000..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-618044182-2612779034-3158162430-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-618044182-2612779034-3158162430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E61E3FA8-FD97-4698-A41F-0D760D74FA69}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.05 15:54:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.01.05 14:04:57 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.01.05 14:04:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013.01.05 14:04:56 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.01.05 14:04:56 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013.01.05 13:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Easy [2013.01.05 13:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy [2012.12.14 18:07:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.14 18:07:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.14 18:07:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.14 18:07:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.14 18:07:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.14 18:07:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.14 18:07:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.14 18:07:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.14 18:07:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.14 18:07:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.14 18:07:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.14 18:07:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.14 18:07:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.14 18:07:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.14 18:07:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.13 18:14:48 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.13 18:14:47 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.13 18:14:47 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.13 18:14:46 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.13 18:14:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.13 18:14:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.13 18:14:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.13 18:14:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.13 18:14:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.13 18:14:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.13 18:14:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.13 18:14:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.13 18:14:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.13 18:14:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.13 18:14:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.13 18:14:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 18:14:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 18:14:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 18:14:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 18:14:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 18:14:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 18:14:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 18:14:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 18:14:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 18:14:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 18:14:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.13 18:14:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.13 18:14:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.13 18:14:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 18:14:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 18:14:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 18:14:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.13 18:14:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 18:14:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 18:14:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 18:14:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 18:14:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 18:14:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 18:14:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.13 18:14:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.13 18:14:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.13 18:14:24 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.13 18:14:24 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.12 18:34:41 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.12.12 18:34:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2010.11.18 20:27:34 | 000,162,816 | ---- | C] (Igor Pavlov) -- C:\Program Files (x86)\7z.sfx [2010.11.18 20:27:34 | 000,152,064 | ---- | C] (Igor Pavlov) -- C:\Program Files (x86)\7zCon.sfx [2010.11.18 20:24:20 | 001,422,336 | ---- | C] (Igor Pavlov) -- C:\Program Files (x86)\7z.dll [2010.11.18 20:11:38 | 000,387,072 | ---- | C] (Igor Pavlov) -- C:\Program Files (x86)\7zG.exe [2010.11.18 20:10:48 | 000,740,352 | ---- | C] (Igor Pavlov) -- C:\Program Files (x86)\7zFM.exe [2010.11.18 20:08:50 | 000,086,016 | ---- | C] (Igor Pavlov) -- C:\Program Files (x86)\7-zip.dll [2010.11.18 20:08:30 | 000,284,160 | ---- | C] (Igor Pavlov) -- C:\Program Files (x86)\7z.exe ========== Files - Modified Within 30 Days ========== [2013.01.05 16:01:00 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013.01.05 15:54:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.01.05 15:46:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.05 15:46:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.05 15:40:32 | 000,001,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk [2013.01.05 15:39:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.01.05 15:39:21 | 000,288,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.05 15:39:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.05 15:39:01 | 3202,449,408 | -HS- | M] () -- C:\hiberfil.sys [2013.01.05 13:46:50 | 000,000,879 | ---- | M] () -- C:\Users\****\Desktop\Registry Easy.lnk [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.13 17:56:59 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.13 17:56:59 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.12 19:23:13 | 001,550,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.12 19:23:13 | 000,665,632 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.12 19:23:13 | 000,627,474 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.12 19:23:13 | 000,133,812 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.12 19:23:13 | 000,110,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.12 18:49:56 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk [2012.12.12 18:49:56 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk ========== Files Created - No Company Name ========== [2013.01.05 13:46:50 | 000,000,879 | ---- | C] () -- C:\Users\****\Desktop\Registry Easy.lnk [2012.12.12 18:34:44 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.07.17 17:40:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011.12.04 18:22:46 | 000,006,144 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.04 13:55:13 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.22 20:19:48 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011.09.05 17:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.05 17:08:36 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.04.20 06:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.11.18 20:08:04 | 000,091,020 | ---- | C] () -- C:\Program Files (x86)\7-zip.chm [2010.09.10 10:41:54 | 000,000,333 | ---- | C] () -- C:\Program Files (x86)\descript.ion ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.10.03 17:52:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ASUS WebStorage [2012.04.21 18:04:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon [2012.11.13 18:17:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2012.11.13 17:47:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.26 15:01:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fox Dgital Copy [2012.01.20 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2011.10.03 20:39:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\IrfanView [2011.10.03 17:54:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nuance [2012.11.13 17:47:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenCandy [2012.09.19 16:12:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\pdfforge [2011.10.18 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Windows Live Writer [2011.10.03 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Zeon [2012.02.08 18:31:38 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Canon ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.08 18:31:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.10.11 20:39:03 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2011.10.03 20:31:10 | 000,000,000 | ---D | M] -- C:\AsusVibeData [2011.11.12 22:19:06 | 000,000,000 | ---D | M] -- C:\b6153aca53e1209801749af2748b1b [2009.07.29 07:03:34 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.09.05 17:20:44 | 000,000,000 | ---D | M] -- C:\eSupport [2011.09.05 17:04:02 | 000,000,000 | ---D | M] -- C:\Intel [2011.12.04 13:46:47 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.05 13:46:48 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.13 20:35:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.11.13 20:34:47 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.09.29 20:52:22 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.01.05 16:08:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.29 21:22:52 | 000,000,000 | ---D | M] -- C:\temp [2012.02.08 18:31:03 | 000,000,000 | R--D | M] -- C:\Users [2013.01.05 13:13:18 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2010.11.18 20:08:30 | 000,284,160 | ---- | M] (Igor Pavlov) -- C:\Program Files (x86)\7z.exe [2010.11.18 20:10:48 | 000,740,352 | ---- | M] (Igor Pavlov) -- C:\Program Files (x86)\7zFM.exe [2010.11.18 20:11:38 | 000,387,072 | ---- | M] (Igor Pavlov) -- C:\Program Files (x86)\7zG.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.17 17:43:21 | 000,000,266 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Messager.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.20 14:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe < MD5 for: IASTOR.SYS > [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.05 16:24:12 | 001,572,864 | -HS- | M] () -- C:\Users\****\NTUSER.DAT [2013.01.05 16:24:12 | 000,262,144 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG1 [2011.09.29 20:53:48 | 000,000,000 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG2 [2011.09.29 21:37:28 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.09.29 21:37:27 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.09.29 21:37:27 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.11.12 22:35:32 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{7700c7ab-0d75-11e1-b104-14dae9d360d0}.TM.blf [2011.11.12 22:35:32 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{7700c7ab-0d75-11e1-b104-14dae9d360d0}.TMContainer00000000000000000001.regtrans-ms [2011.11.12 22:35:32 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{7700c7ab-0d75-11e1-b104-14dae9d360d0}.TMContainer00000000000000000002.regtrans-ms [2011.09.29 20:53:48 | 000,000,020 | -HS- | M] () -- C:\Users\****\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.01.2013 16:06:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 68,25% Memory free
7,95 Gb Paging File | 6,53 Gb Available in Paging File | 82,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 97,52 Gb Free Space | 52,34% Space Free | Partition Type: NTFS
Drive D: | 254,45 Gb Total Space | 26,97 Gb Free Space | 10,60% Space Free | Partition Type: NTFS
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-618044182-2612779034-3158162430-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E27E3F-DCC7-49E3-9118-B8940D368395}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0F0BB74D-2816-4BE6-85F0-FE8A876679C3}" = rport=138 | protocol=17 | dir=out | app=system |
"{18B3300C-2006-442A-B3DC-E121E987BCA3}" = lport=445 | protocol=6 | dir=in | app=system |
"{35F38EA8-95CA-4DF1-8167-D596ACF5187F}" = rport=137 | protocol=17 | dir=out | app=system |
"{48D00E25-F6E5-4CF0-B757-36C7133C8069}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{67120E0C-4477-448A-BA4A-E871432C978E}" = lport=137 | protocol=17 | dir=in | app=system |
"{691DAC35-1C6A-4F6E-A65C-9AF64A11A0EB}" = lport=139 | protocol=6 | dir=in | app=system |
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{73B3BBE7-0821-4141-8D03-8CDAB9BFF21C}" = rport=445 | protocol=6 | dir=out | app=system |
"{8991CF88-626D-46A5-85C8-EFEC5689BA70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96678B57-A2A7-428F-80C8-ED90C385DEDC}" = rport=139 | protocol=6 | dir=out | app=system |
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BCA39A97-F0CA-4664-A03D-4EABD6597FEE}" = lport=138 | protocol=17 | dir=in | app=system |
"{BDA45174-4DA4-4BE7-9205-C9E4764FD2CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1073B209-AD5C-4F50-BAF1-C03025AB5466}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E8D497E-7084-458A-A02C-FA8F16A80083}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{31104DFE-E751-4926-8DF6-7AFA02C3FB86}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{37587DD4-8B0C-486A-A9E8-D914B0F785AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CB0D333-ECA9-4C2C-885F-2865B2D0CFFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{513791F2-737C-4106-B81F-AF50BEC7592C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5D6B8AE5-8063-4A2E-BCF0-AD99F593919A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{78C64FB1-5ACE-41A5-9083-58CDB97B6844}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7BF7DF47-53F3-47EF-B4E7-458832D47C2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{99F84285-C762-4E9B-BD4E-12058A89C47A}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{9F344CD2-8AFB-43EB-A11F-6F026A34AEFF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{AF1707CA-3342-433A-BF35-36FA8139D621}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2D499CB-96F1-4276-A9E9-39EA2510432F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B72E8360-0254-481F-818A-82448A90D0DB}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{BE9A9EB8-4EDE-4B2C-94CA-A3F3474996F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BFE5B31B-A055-4BF7-BDAA-0D78F703DA87}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{C0560C07-D9EB-41FB-A034-5F99E034C9B1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C1832004-3921-4706-BDD8-701537CB1F43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DDDD69A8-39B8-4741-88B8-4837F24E2A0C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F3AE7323-D968-4642-A1B9-BA7BD940FC37}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{F5E405BE-3661-4C81-A70B-9EAD56060032}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{FAF2D837-083F-4F61-9105-0CCA2808FE09}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FE2127E7-8AB3-479F-8D09-4484EC0C7713}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{5A2B29C4-321F-4841-A498-5D77EAE4D9F1}C:\program files (x86)\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"UDP Query User{D3D1613A-0132-4B25-80C3-0470B5B669C4}C:\program files (x86)\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety
"{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5409411D-CD72-432D-B823-1B520B24BD3C}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A7769D7A-C61F-E82B-DAF3-6BB9066BB157}" = ATI AVIVO64 Codecs
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D9D7384A-8014-EE99-279E-E9BA3F6C4836}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DC05D254-AA8E-94AD-3090-352A487BFC20}" = ccc-utility64
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EDBC8AED-78A3-424E-ADB6-C7B1424FFAFD}" = Studie zur Verbesserung von HP Photosmart 5510 series Produkten
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Registry Easy_is1" = Registry Easy v5.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0088C5D2-9BFE-5F0E-5810-32E34B73F628}" = CCC Help Polish
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{05F4470E-892C-942E-8040-2FA9E4D85BF2}" = Catalyst Control Center InstallProxy
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{089EB0B3-7FF3-6763-460C-65B4F0164114}" = CCC Help French
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{160943D0-90B0-9512-3379-25C798D03619}" = Catalyst Control Center Graphics Previews Common
"{165DCC81-45F0-5C16-66F0-A9E54F057C29}" = CCC Help Portuguese
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20F39491-0033-35BD-DA68-085ADADAC81D}" = CCC Help Swedish
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{24AFD6CC-B307-6A83-82E0-19C002E14C6E}" = Catalyst Control Center
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41182133-8E2C-F40D-9DB8-F77E2F8C1440}" = CCC Help Greek
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{457C569B-0759-BF31-1096-66E2330DA9E2}" = CCC Help Dutch
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4BD5115B-22FE-DBCA-65E9-D954E720B0F8}" = CCC Help Finnish
"{4CFE4591-2FEF-8C92-08EE-2150576CBF84}" = CCC Help Norwegian
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F69F1B4-21BB-B5C4-AF0D-1C00F455C843}" = CCC Help Thai
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51E2AC22-7987-FB36-9105-93582761E206}" = CCC Help Korean
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5834909F-948F-4D5A-A355-7C9AAA7C41FE}" = Catalyst Control Center - Branding
"{5C4DD28E-A1E7-DBB0-77F0-EBC3DE6F9EE5}" = CCC Help Russian
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BCA6828-CE6B-8B4E-FB7F-5A9F09BB1C3A}" = CCC Help Turkish
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{70CB9644-8F44-67D8-E1EB-A037C4A89F95}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F4B423E-EE7F-8472-FEB7-64BCB27897DF}" = CCC Help Hungarian
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{897E509E-030B-674F-82EA-37A92695CB81}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A09019EA-08C3-8833-3E30-1D02558B890F}" = CCC Help Danish
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A207E1D5-BBC7-58CC-AA37-47400962E1B4}" = CCC Help Italian
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4FD9C76-D0C2-ADFF-0CE6-747C79A34E78}" = CCC Help English
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B3515BC5-AA09-44C2-04A7-1FD85C268467}" = CCC Help Chinese Traditional
"{B5404EE2-D03C-B183-D0A8-12532AF65C22}" = Catalyst Control Center Localization All
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C47132E9-1669-236C-9AB8-7D7C15DA05EE}" = CCC Help Czech
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D26DA45D-42D5-DE79-F27E-8FE3E5FC0C44}" = CCC Help Chinese Standard
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DC549C3A-3D7E-469F-5A11-5B1F67BA16D2}" = CCC Help Spanish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Hilfe
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"dm-Fotowelt" = dm-Fotowelt
"Free Studio_is1" = Free Studio version 5.3.3
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"Mahjongg dimensions" = Mahjongg dimensions
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Plants vs Zombies" = Plants vs Zombies
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.08.2012 14:44:07 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3962
Error - 24.08.2012 14:44:07 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3962
Error - 24.08.2012 14:44:08 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 24.08.2012 14:44:08 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4992
Error - 24.08.2012 14:44:08 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4992
Error - 24.08.2012 14:44:09 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 24.08.2012 14:44:09 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6178
Error - 24.08.2012 14:44:09 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6178
Error - 24.08.2012 14:44:10 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 24.08.2012 14:44:10 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7192
Error - 24.08.2012 14:44:10 | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7192
[ System Events ]
Error - 18.12.2012 14:03:58 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 18.12.2012 14:50:46 | Computer Name = **** | Source = DCOM | ID = 10010
Description =
Error - 20.12.2012 09:14:22 | Computer Name = **** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Apple Mobile Device erreicht.
Error - 20.12.2012 09:14:22 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 20.12.2012 09:31:33 | Computer Name = **** | Source = DCOM | ID = 10010
Description =
Error - 05.01.2013 08:13:23 | Computer Name = **** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Apple Mobile Device erreicht.
Error - 05.01.2013 08:13:23 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 05.01.2013 09:48:36 | Computer Name = **** | Source = DCOM | ID = 10010
Description =
Error - 05.01.2013 10:39:26 | Computer Name = **** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Apple Mobile Device erreicht.
Error - 05.01.2013 10:39:26 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
|
|
05.01.2013, 19:29
| #4 |
| /// Malware-holic | Windows Explorer funktioniert nicht mehr hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 01:22
| #5 |
| | Windows Explorer funktioniert nicht mehr der tdsskiller hat nichts gefunden. hier der entsprechende log dazu Code:
ATTFilter 01:10:16.0630 4132 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:10:17.0379 4132 ============================================================
01:10:17.0379 4132 Current date / time: 2013/01/06 01:10:17.0379
01:10:17.0379 4132 SystemInfo:
01:10:17.0379 4132
01:10:17.0379 4132 OS Version: 6.1.7601 ServicePack: 1.0
01:10:17.0379 4132 Product type: Workstation
01:10:17.0379 4132 ComputerName: ****
01:10:17.0379 4132 UserName: ****
01:10:17.0379 4132 Windows directory: C:\Windows
01:10:17.0379 4132 System windows directory: C:\Windows
01:10:17.0379 4132 Running under WOW64
01:10:17.0379 4132 Processor architecture: Intel x64
01:10:17.0379 4132 Number of processors: 2
01:10:17.0379 4132 Page size: 0x1000
01:10:17.0379 4132 Boot type: Normal boot
01:10:17.0379 4132 ============================================================
01:10:19.0407 4132 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:10:19.0407 4132 ============================================================
01:10:19.0407 4132 \Device\Harddisk0\DR0:
01:10:19.0407 4132 MBR partitions:
01:10:19.0407 4132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
01:10:19.0454 4132 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
01:10:19.0454 4132 ============================================================
01:10:19.0626 4132 C: <-> \Device\Harddisk0\DR0\Partition1
01:10:19.0657 4132 D: <-> \Device\Harddisk0\DR0\Partition2
01:10:19.0657 4132 ============================================================
01:10:19.0657 4132 Initialize success
01:10:19.0657 4132 ============================================================
01:13:27.0762 4620 ============================================================
01:13:27.0762 4620 Scan started
01:13:27.0762 4620 Mode: Manual; SigCheck; TDLFS;
01:13:27.0762 4620 ============================================================
01:13:28.0199 4620 ================ Scan system memory ========================
01:13:28.0199 4620 System memory - ok
01:13:28.0199 4620 ================ Scan services =============================
01:13:28.0464 4620 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:13:28.0635 4620 1394ohci - ok
01:13:28.0760 4620 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:13:28.0807 4620 ACPI - ok
01:13:28.0854 4620 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:13:28.0947 4620 AcpiPmi - ok
01:13:29.0072 4620 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:13:29.0103 4620 AdobeARMservice - ok
01:13:29.0150 4620 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:13:29.0197 4620 adp94xx - ok
01:13:29.0228 4620 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:13:29.0275 4620 adpahci - ok
01:13:29.0306 4620 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:13:29.0337 4620 adpu320 - ok
01:13:29.0369 4620 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:13:29.0478 4620 AeLookupSvc - ok
01:13:29.0525 4620 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe
01:13:29.0571 4620 AFBAgent - ok
01:13:29.0618 4620 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:13:29.0681 4620 AFD - ok
01:13:29.0727 4620 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:13:29.0759 4620 agp440 - ok
01:13:29.0790 4620 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:13:29.0852 4620 ALG - ok
01:13:29.0883 4620 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:13:29.0915 4620 aliide - ok
01:13:29.0961 4620 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:13:30.0039 4620 AMD External Events Utility - ok
01:13:30.0071 4620 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:13:30.0102 4620 amdide - ok
01:13:30.0133 4620 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:13:30.0195 4620 AmdK8 - ok
01:13:30.0461 4620 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
01:13:30.0757 4620 amdkmdag - ok
01:13:30.0788 4620 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
01:13:30.0835 4620 amdkmdap - ok
01:13:30.0866 4620 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
01:13:30.0929 4620 AmdPPM - ok
01:13:30.0960 4620 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:13:31.0007 4620 amdsata - ok
01:13:31.0038 4620 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
01:13:31.0069 4620 amdsbs - ok
01:13:31.0100 4620 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:13:31.0131 4620 amdxata - ok
01:13:31.0178 4620 [ 92A848F962DA91C631147D566414BB7E ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
01:13:31.0209 4620 AmUStor - ok
01:13:31.0225 4620 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:13:31.0334 4620 AppID - ok
01:13:31.0365 4620 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:13:31.0459 4620 AppIDSvc - ok
01:13:31.0490 4620 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:13:31.0584 4620 Appinfo - ok
01:13:31.0662 4620 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:13:31.0677 4620 Apple Mobile Device - ok
01:13:31.0709 4620 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
01:13:31.0740 4620 arc - ok
01:13:31.0771 4620 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:13:31.0787 4620 arcsas - ok
01:13:31.0865 4620 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
01:13:31.0880 4620 ASLDRService - ok
01:13:31.0927 4620 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
01:13:31.0958 4620 ASMMAP64 - ok
01:13:32.0005 4620 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
01:13:32.0067 4620 asmthub3 - ok
01:13:32.0114 4620 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
01:13:32.0177 4620 asmtxhci - ok
01:13:32.0223 4620 [ 0CC5D45987A29D5F2806F4C344ACEA75 ] ASUS InstantOn C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
01:13:32.0255 4620 ASUS InstantOn - ok
01:13:32.0270 4620 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:13:32.0379 4620 AsyncMac - ok
01:13:32.0411 4620 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:13:32.0442 4620 atapi - ok
01:13:32.0535 4620 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
01:13:32.0645 4620 athr - ok
01:13:32.0738 4620 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
01:13:32.0754 4620 AtiHDAudioService - ok
01:13:32.0769 4620 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
01:13:32.0801 4620 ATKGFNEXSrv - ok
01:13:32.0847 4620 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
01:13:32.0879 4620 ATKWMIACPIIO - ok
01:13:32.0910 4620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:13:33.0019 4620 AudioEndpointBuilder - ok
01:13:33.0050 4620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:13:33.0113 4620 AudioSrv - ok
01:13:33.0284 4620 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
01:13:33.0331 4620 AVP - ok
01:13:33.0362 4620 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:13:33.0471 4620 AxInstSV - ok
01:13:33.0518 4620 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
01:13:33.0596 4620 b06bdrv - ok
01:13:33.0643 4620 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:13:33.0721 4620 b57nd60a - ok
01:13:33.0784 4620 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:13:33.0846 4620 BDESVC - ok
01:13:33.0877 4620 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:13:33.0971 4620 Beep - ok
01:13:34.0018 4620 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:13:34.0127 4620 BFE - ok
01:13:34.0174 4620 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:13:34.0252 4620 BITS - ok
01:13:34.0298 4620 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:13:34.0330 4620 blbdrive - ok
01:13:34.0392 4620 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:13:34.0423 4620 Bonjour Service - ok
01:13:34.0454 4620 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:13:34.0501 4620 bowser - ok
01:13:34.0532 4620 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
01:13:34.0610 4620 BrFiltLo - ok
01:13:34.0626 4620 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
01:13:34.0688 4620 BrFiltUp - ok
01:13:34.0704 4620 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:13:34.0782 4620 Browser - ok
01:13:34.0829 4620 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:13:34.0907 4620 Brserid - ok
01:13:34.0922 4620 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:13:34.0985 4620 BrSerWdm - ok
01:13:35.0016 4620 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:13:35.0063 4620 BrUsbMdm - ok
01:13:35.0094 4620 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:13:35.0156 4620 BrUsbSer - ok
01:13:35.0188 4620 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
01:13:35.0297 4620 BthEnum - ok
01:13:35.0328 4620 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:13:35.0390 4620 BTHMODEM - ok
01:13:35.0406 4620 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:13:35.0468 4620 BthPan - ok
01:13:35.0500 4620 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
01:13:35.0593 4620 BTHPORT - ok
01:13:35.0624 4620 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:13:35.0718 4620 bthserv - ok
01:13:35.0749 4620 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
01:13:35.0796 4620 BTHUSB - ok
01:13:35.0874 4620 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:13:35.0983 4620 cdfs - ok
01:13:35.0999 4620 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:13:36.0046 4620 cdrom - ok
01:13:36.0077 4620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:13:36.0186 4620 CertPropSvc - ok
01:13:36.0233 4620 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
01:13:36.0280 4620 circlass - ok
01:13:36.0326 4620 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:13:36.0373 4620 CLFS - ok
01:13:36.0436 4620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:13:36.0467 4620 clr_optimization_v2.0.50727_32 - ok
01:13:36.0529 4620 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:13:36.0560 4620 clr_optimization_v2.0.50727_64 - ok
01:13:36.0638 4620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:13:36.0654 4620 clr_optimization_v4.0.30319_32 - ok
01:13:36.0716 4620 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:13:36.0748 4620 clr_optimization_v4.0.30319_64 - ok
01:13:36.0779 4620 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:13:36.0841 4620 CmBatt - ok
01:13:36.0857 4620 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:13:36.0888 4620 cmdide - ok
01:13:36.0935 4620 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:13:37.0013 4620 CNG - ok
01:13:37.0060 4620 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:13:37.0075 4620 Compbatt - ok
01:13:37.0106 4620 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
01:13:37.0169 4620 CompositeBus - ok
01:13:37.0184 4620 COMSysApp - ok
01:13:37.0200 4620 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:13:37.0231 4620 crcdisk - ok
01:13:37.0278 4620 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:13:37.0325 4620 CryptSvc - ok
01:13:37.0372 4620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:13:37.0481 4620 DcomLaunch - ok
01:13:37.0528 4620 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:13:37.0621 4620 defragsvc - ok
01:13:37.0652 4620 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:13:37.0715 4620 DfsC - ok
01:13:37.0746 4620 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:13:37.0777 4620 Dhcp - ok
01:13:37.0808 4620 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:13:37.0918 4620 discache - ok
01:13:37.0964 4620 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
01:13:37.0996 4620 Disk - ok
01:13:38.0042 4620 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:13:38.0120 4620 Dnscache - ok
01:13:38.0152 4620 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:13:38.0261 4620 dot3svc - ok
01:13:38.0276 4620 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:13:38.0354 4620 DPS - ok
01:13:38.0370 4620 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:13:38.0432 4620 drmkaud - ok
01:13:38.0464 4620 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:13:38.0510 4620 DXGKrnl - ok
01:13:38.0542 4620 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:13:38.0635 4620 EapHost - ok
01:13:38.0744 4620 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
01:13:38.0900 4620 ebdrv - ok
01:13:38.0932 4620 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:13:38.0978 4620 EFS - ok
01:13:39.0056 4620 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:13:39.0134 4620 ehRecvr - ok
01:13:39.0166 4620 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:13:39.0228 4620 ehSched - ok
01:13:39.0290 4620 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:13:39.0337 4620 elxstor - ok
01:13:39.0368 4620 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:13:39.0400 4620 ErrDev - ok
01:13:39.0478 4620 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
01:13:39.0509 4620 ETD - ok
01:13:39.0540 4620 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:13:39.0618 4620 EventSystem - ok
01:13:39.0649 4620 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:13:39.0712 4620 exfat - ok
01:13:39.0758 4620 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:13:39.0821 4620 fastfat - ok
01:13:39.0868 4620 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:13:39.0946 4620 Fax - ok
01:13:39.0961 4620 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
01:13:40.0024 4620 fdc - ok
01:13:40.0055 4620 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:13:40.0148 4620 fdPHost - ok
01:13:40.0164 4620 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:13:40.0226 4620 FDResPub - ok
01:13:40.0258 4620 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:13:40.0273 4620 FileInfo - ok
01:13:40.0289 4620 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:13:40.0398 4620 Filetrace - ok
01:13:40.0414 4620 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
01:13:40.0429 4620 flpydisk - ok
01:13:40.0460 4620 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:13:40.0492 4620 FltMgr - ok
01:13:40.0538 4620 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:13:40.0616 4620 FontCache - ok
01:13:40.0663 4620 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:13:40.0694 4620 FontCache3.0.0.0 - ok
01:13:40.0710 4620 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:13:40.0741 4620 FsDepends - ok
01:13:40.0772 4620 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
01:13:40.0804 4620 fssfltr - ok
01:13:40.0882 4620 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
01:13:40.0960 4620 fsssvc - ok
01:13:40.0991 4620 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:13:41.0022 4620 Fs_Rec - ok
01:13:41.0053 4620 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:13:41.0100 4620 fvevol - ok
01:13:41.0116 4620 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:13:41.0147 4620 gagp30kx - ok
01:13:41.0162 4620 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:13:41.0194 4620 GEARAspiWDM - ok
01:13:41.0256 4620 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:13:41.0381 4620 gpsvc - ok
01:13:41.0396 4620 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:13:41.0443 4620 hcw85cir - ok
01:13:41.0490 4620 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:13:41.0552 4620 HdAudAddService - ok
01:13:41.0630 4620 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:13:41.0677 4620 HDAudBus - ok
01:13:41.0693 4620 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
01:13:41.0740 4620 HidBatt - ok
01:13:41.0771 4620 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:13:41.0818 4620 HidBth - ok
01:13:41.0849 4620 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
01:13:41.0896 4620 HidIr - ok
01:13:41.0927 4620 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:13:42.0020 4620 hidserv - ok
01:13:42.0052 4620 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:13:42.0114 4620 HidUsb - ok
01:13:42.0145 4620 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:13:42.0254 4620 hkmsvc - ok
01:13:42.0270 4620 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:13:42.0332 4620 HomeGroupListener - ok
01:13:42.0348 4620 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:13:42.0379 4620 HomeGroupProvider - ok
01:13:42.0410 4620 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:13:42.0426 4620 HpSAMD - ok
01:13:42.0473 4620 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:13:42.0582 4620 HTTP - ok
01:13:42.0613 4620 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:13:42.0629 4620 hwpolicy - ok
01:13:42.0644 4620 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:13:42.0676 4620 i8042prt - ok
01:13:42.0707 4620 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
01:13:42.0738 4620 iaStor - ok
01:13:42.0769 4620 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:13:42.0800 4620 iaStorV - ok
01:13:42.0878 4620 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:13:42.0941 4620 idsvc - ok
01:13:42.0972 4620 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:13:42.0988 4620 iirsp - ok
01:13:43.0034 4620 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:13:43.0097 4620 IKEEXT - ok
01:13:43.0237 4620 [ 718A4008EE5DA174400396B27509EF82 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:13:43.0315 4620 IntcAzAudAddService - ok
01:13:43.0346 4620 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:13:43.0362 4620 intelide - ok
01:13:43.0393 4620 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:13:43.0440 4620 intelppm - ok
01:13:43.0487 4620 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:13:43.0580 4620 IPBusEnum - ok
01:13:43.0612 4620 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:13:43.0674 4620 IpFilterDriver - ok
01:13:43.0736 4620 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:13:43.0814 4620 iphlpsvc - ok
01:13:43.0830 4620 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:13:43.0908 4620 IPMIDRV - ok
01:13:43.0924 4620 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:13:44.0017 4620 IPNAT - ok
01:13:44.0095 4620 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:13:44.0158 4620 iPod Service - ok
01:13:44.0189 4620 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:13:44.0236 4620 IRENUM - ok
01:13:44.0267 4620 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:13:44.0282 4620 isapnp - ok
01:13:44.0314 4620 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:13:44.0360 4620 iScsiPrt - ok
01:13:44.0376 4620 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:13:44.0392 4620 kbdclass - ok
01:13:44.0423 4620 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:13:44.0485 4620 kbdhid - ok
01:13:44.0516 4620 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
01:13:44.0532 4620 kbfiltr - ok
01:13:44.0548 4620 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:13:44.0579 4620 KeyIso - ok
01:13:44.0641 4620 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
01:13:44.0672 4620 kl1 - ok
01:13:44.0735 4620 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
01:13:44.0782 4620 KLIF - ok
01:13:44.0828 4620 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
01:13:44.0844 4620 KLIM6 - ok
01:13:44.0875 4620 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
01:13:44.0891 4620 klkbdflt - ok
01:13:44.0906 4620 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
01:13:44.0922 4620 klmouflt - ok
01:13:44.0938 4620 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
01:13:44.0953 4620 kltdi - ok
01:13:44.0984 4620 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
01:13:45.0000 4620 kneps - ok
01:13:45.0031 4620 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:13:45.0047 4620 KSecDD - ok
01:13:45.0078 4620 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:13:45.0094 4620 KSecPkg - ok
01:13:45.0125 4620 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:13:45.0203 4620 ksthunk - ok
01:13:45.0234 4620 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:13:45.0343 4620 KtmRm - ok
01:13:45.0374 4620 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
01:13:45.0406 4620 L1C - ok
01:13:45.0437 4620 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:13:45.0546 4620 LanmanServer - ok
01:13:45.0577 4620 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:13:45.0640 4620 LanmanWorkstation - ok
01:13:45.0686 4620 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:13:45.0764 4620 lltdio - ok
01:13:45.0796 4620 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:13:45.0874 4620 lltdsvc - ok
01:13:45.0905 4620 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:13:45.0983 4620 lmhosts - ok
01:13:46.0030 4620 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:13:46.0076 4620 LMS - ok
01:13:46.0108 4620 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:13:46.0139 4620 LSI_FC - ok
01:13:46.0154 4620 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:13:46.0170 4620 LSI_SAS - ok
01:13:46.0186 4620 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
01:13:46.0201 4620 LSI_SAS2 - ok
01:13:46.0217 4620 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:13:46.0232 4620 LSI_SCSI - ok
01:13:46.0248 4620 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:13:46.0326 4620 luafv - ok
01:13:46.0342 4620 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:13:46.0373 4620 Mcx2Svc - ok
01:13:46.0388 4620 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
01:13:46.0404 4620 megasas - ok
01:13:46.0435 4620 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
01:13:46.0466 4620 MegaSR - ok
01:13:46.0498 4620 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
01:13:46.0529 4620 MEIx64 - ok
01:13:46.0560 4620 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:13:46.0654 4620 MMCSS - ok
01:13:46.0669 4620 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:13:46.0747 4620 Modem - ok
01:13:46.0778 4620 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:13:46.0825 4620 monitor - ok
01:13:46.0856 4620 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:13:46.0888 4620 mouclass - ok
01:13:46.0919 4620 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:13:46.0966 4620 mouhid - ok
01:13:46.0981 4620 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:13:47.0028 4620 mountmgr - ok
01:13:47.0106 4620 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:13:47.0137 4620 MozillaMaintenance - ok
01:13:47.0168 4620 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:13:47.0215 4620 mpio - ok
01:13:47.0215 4620 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:13:47.0293 4620 mpsdrv - ok
01:13:47.0340 4620 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:13:47.0449 4620 MpsSvc - ok
01:13:47.0465 4620 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:13:47.0527 4620 MRxDAV - ok
01:13:47.0558 4620 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:13:47.0636 4620 mrxsmb - ok
01:13:47.0668 4620 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:13:47.0714 4620 mrxsmb10 - ok
01:13:47.0761 4620 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:13:47.0808 4620 mrxsmb20 - ok
01:13:47.0824 4620 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:13:47.0839 4620 msahci - ok
01:13:47.0855 4620 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:13:47.0886 4620 msdsm - ok
01:13:47.0902 4620 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:13:47.0948 4620 MSDTC - ok
01:13:47.0980 4620 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:13:48.0058 4620 Msfs - ok
01:13:48.0073 4620 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:13:48.0136 4620 mshidkmdf - ok
01:13:48.0151 4620 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:13:48.0167 4620 msisadrv - ok
01:13:48.0198 4620 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:13:48.0292 4620 MSiSCSI - ok
01:13:48.0292 4620 msiserver - ok
01:13:48.0338 4620 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:13:48.0401 4620 MSKSSRV - ok
01:13:48.0416 4620 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:13:48.0479 4620 MSPCLOCK - ok
01:13:48.0479 4620 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:13:48.0557 4620 MSPQM - ok
01:13:48.0572 4620 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:13:48.0604 4620 MsRPC - ok
01:13:48.0619 4620 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:13:48.0635 4620 mssmbios - ok
01:13:48.0650 4620 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:13:48.0728 4620 MSTEE - ok
01:13:48.0728 4620 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
01:13:48.0760 4620 MTConfig - ok
01:13:48.0791 4620 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:13:48.0806 4620 Mup - ok
01:13:48.0838 4620 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:13:48.0900 4620 napagent - ok
01:13:48.0962 4620 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:13:49.0009 4620 NativeWifiP - ok
01:13:49.0072 4620 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:13:49.0134 4620 NDIS - ok
01:13:49.0165 4620 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:13:49.0259 4620 NdisCap - ok
01:13:49.0290 4620 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:13:49.0352 4620 NdisTapi - ok
01:13:49.0352 4620 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:13:49.0415 4620 Ndisuio - ok
01:13:49.0446 4620 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:13:49.0508 4620 NdisWan - ok
01:13:49.0540 4620 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:13:49.0602 4620 NDProxy - ok
01:13:49.0633 4620 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:13:49.0711 4620 NetBIOS - ok
01:13:49.0727 4620 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:13:49.0789 4620 NetBT - ok
01:13:49.0820 4620 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:13:49.0836 4620 Netlogon - ok
01:13:49.0883 4620 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:13:49.0976 4620 Netman - ok
01:13:50.0008 4620 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:13:50.0086 4620 netprofm - ok
01:13:50.0117 4620 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:13:50.0132 4620 NetTcpPortSharing - ok
01:13:50.0164 4620 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:13:50.0179 4620 nfrd960 - ok
01:13:50.0210 4620 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:13:50.0257 4620 NlaSvc - ok
01:13:50.0273 4620 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:13:50.0320 4620 Npfs - ok
01:13:50.0351 4620 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:13:50.0444 4620 nsi - ok
01:13:50.0460 4620 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:13:50.0538 4620 nsiproxy - ok
01:13:50.0616 4620 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:13:50.0710 4620 Ntfs - ok
01:13:50.0741 4620 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:13:50.0819 4620 Null - ok
01:13:50.0881 4620 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:13:50.0912 4620 nvraid - ok
01:13:50.0928 4620 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:13:50.0944 4620 nvstor - ok
01:13:50.0975 4620 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:13:51.0022 4620 nv_agp - ok
01:13:51.0037 4620 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:13:51.0068 4620 ohci1394 - ok
01:13:51.0115 4620 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:13:51.0146 4620 ose - ok
01:13:51.0178 4620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:13:51.0224 4620 p2pimsvc - ok
01:13:51.0256 4620 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:13:51.0302 4620 p2psvc - ok
01:13:51.0334 4620 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
01:13:51.0365 4620 Parport - ok
01:13:51.0396 4620 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:13:51.0427 4620 partmgr - ok
01:13:51.0458 4620 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:13:51.0505 4620 PcaSvc - ok
01:13:51.0521 4620 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:13:51.0536 4620 pci - ok
01:13:51.0568 4620 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:13:51.0583 4620 pciide - ok
01:13:51.0614 4620 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:13:51.0630 4620 pcmcia - ok
01:13:51.0646 4620 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:13:51.0661 4620 pcw - ok
01:13:51.0692 4620 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:13:51.0786 4620 PEAUTH - ok
01:13:51.0880 4620 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:13:51.0926 4620 PerfHost - ok
01:13:52.0004 4620 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:13:52.0114 4620 pla - ok
01:13:52.0176 4620 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:13:52.0223 4620 PlugPlay - ok
01:13:52.0238 4620 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:13:52.0301 4620 PNRPAutoReg - ok
01:13:52.0316 4620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:13:52.0363 4620 PNRPsvc - ok
01:13:52.0410 4620 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:13:52.0504 4620 PolicyAgent - ok
01:13:52.0535 4620 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:13:52.0613 4620 Power - ok
01:13:52.0628 4620 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:13:52.0691 4620 PptpMiniport - ok
01:13:52.0706 4620 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
01:13:52.0738 4620 Processor - ok
01:13:52.0769 4620 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:13:52.0831 4620 ProfSvc - ok
01:13:52.0847 4620 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:13:52.0862 4620 ProtectedStorage - ok
01:13:52.0894 4620 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:13:52.0956 4620 Psched - ok
01:13:53.0034 4620 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:13:53.0096 4620 ql2300 - ok
01:13:53.0128 4620 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:13:53.0143 4620 ql40xx - ok
01:13:53.0174 4620 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:13:53.0237 4620 QWAVE - ok
01:13:53.0252 4620 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:13:53.0315 4620 QWAVEdrv - ok
01:13:53.0330 4620 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:13:53.0424 4620 RasAcd - ok
01:13:53.0471 4620 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:13:53.0564 4620 RasAgileVpn - ok
01:13:53.0596 4620 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:13:53.0689 4620 RasAuto - ok
01:13:53.0705 4620 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:13:53.0767 4620 Rasl2tp - ok
01:13:53.0814 4620 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:13:53.0908 4620 RasMan - ok
01:13:53.0939 4620 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:13:54.0001 4620 RasPppoe - ok
01:13:54.0032 4620 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:13:54.0126 4620 RasSstp - ok
01:13:54.0142 4620 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:13:54.0220 4620 rdbss - ok
01:13:54.0251 4620 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
01:13:54.0282 4620 rdpbus - ok
01:13:54.0313 4620 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:13:54.0376 4620 RDPCDD - ok
01:13:54.0391 4620 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:13:54.0454 4620 RDPENCDD - ok
01:13:54.0469 4620 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:13:54.0547 4620 RDPREFMP - ok
01:13:54.0578 4620 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:13:54.0641 4620 RDPWD - ok
01:13:54.0672 4620 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:13:54.0703 4620 rdyboost - ok
01:13:54.0734 4620 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:13:54.0797 4620 RemoteAccess - ok
01:13:54.0828 4620 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:13:54.0937 4620 RemoteRegistry - ok
01:13:54.0968 4620 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:13:55.0031 4620 RFCOMM - ok
01:13:55.0046 4620 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:13:55.0156 4620 RpcEptMapper - ok
01:13:55.0171 4620 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:13:55.0202 4620 RpcLocator - ok
01:13:55.0234 4620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:13:55.0296 4620 RpcSs - ok
01:13:55.0327 4620 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:13:55.0390 4620 rspndr - ok
01:13:55.0405 4620 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:13:55.0421 4620 SamSs - ok
01:13:55.0421 4620 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:13:55.0452 4620 sbp2port - ok
01:13:55.0483 4620 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:13:55.0530 4620 SCardSvr - ok
01:13:55.0546 4620 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:13:55.0608 4620 scfilter - ok
01:13:55.0639 4620 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:13:55.0733 4620 Schedule - ok
01:13:55.0748 4620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:13:55.0795 4620 SCPolicySvc - ok
01:13:55.0826 4620 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:13:55.0873 4620 SDRSVC - ok
01:13:55.0904 4620 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:13:55.0998 4620 secdrv - ok
01:13:56.0029 4620 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:13:56.0092 4620 seclogon - ok
01:13:56.0123 4620 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:13:56.0185 4620 SENS - ok
01:13:56.0216 4620 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:13:56.0248 4620 SensrSvc - ok
01:13:56.0263 4620 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
01:13:56.0294 4620 Serenum - ok
01:13:56.0326 4620 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
01:13:56.0372 4620 Serial - ok
01:13:56.0404 4620 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:13:56.0435 4620 sermouse - ok
01:13:56.0482 4620 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:13:56.0544 4620 SessionEnv - ok
01:13:56.0560 4620 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:13:56.0591 4620 sffdisk - ok
01:13:56.0606 4620 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:13:56.0638 4620 sffp_mmc - ok
01:13:56.0638 4620 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:13:56.0669 4620 sffp_sd - ok
01:13:56.0669 4620 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:13:56.0700 4620 sfloppy - ok
01:13:56.0731 4620 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:13:56.0840 4620 SharedAccess - ok
01:13:56.0872 4620 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:13:56.0965 4620 ShellHWDetection - ok
01:13:56.0996 4620 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
01:13:57.0028 4620 SiSGbeLH - ok
01:13:57.0074 4620 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
01:13:57.0090 4620 SiSRaid2 - ok
01:13:57.0106 4620 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:13:57.0121 4620 SiSRaid4 - ok
01:13:57.0168 4620 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:13:57.0199 4620 SkypeUpdate - ok
01:13:57.0230 4620 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:13:57.0308 4620 Smb - ok
01:13:57.0355 4620 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:13:57.0371 4620 SNMPTRAP - ok
01:13:57.0386 4620 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:13:57.0402 4620 spldr - ok
01:13:57.0433 4620 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:13:57.0480 4620 Spooler - ok
01:13:57.0574 4620 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:13:57.0698 4620 sppsvc - ok
01:13:57.0714 4620 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:13:57.0792 4620 sppuinotify - ok
01:13:57.0839 4620 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:13:57.0901 4620 srv - ok
01:13:57.0964 4620 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:13:57.0995 4620 srv2 - ok
01:13:58.0010 4620 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:13:58.0042 4620 srvnet - ok
01:13:58.0073 4620 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:13:58.0135 4620 SSDPSRV - ok
01:13:58.0151 4620 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:13:58.0229 4620 SstpSvc - ok
01:13:58.0244 4620 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
01:13:58.0260 4620 stexstor - ok
01:13:58.0291 4620 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
01:13:58.0322 4620 StillCam - ok
01:13:58.0354 4620 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:13:58.0400 4620 stisvc - ok
01:13:58.0432 4620 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:13:58.0447 4620 swenum - ok
01:13:58.0463 4620 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:13:58.0541 4620 swprv - ok
01:13:58.0603 4620 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:13:58.0712 4620 SysMain - ok
01:13:58.0728 4620 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:13:58.0790 4620 TabletInputService - ok
01:13:58.0806 4620 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:13:58.0900 4620 TapiSrv - ok
01:13:58.0931 4620 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:13:59.0009 4620 TBS - ok
01:13:59.0087 4620 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:13:59.0180 4620 Tcpip - ok
01:13:59.0258 4620 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:13:59.0321 4620 TCPIP6 - ok
01:13:59.0352 4620 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:13:59.0399 4620 tcpipreg - ok
01:13:59.0446 4620 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:13:59.0477 4620 TDPIPE - ok
01:13:59.0508 4620 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:13:59.0555 4620 TDTCP - ok
01:13:59.0586 4620 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:13:59.0664 4620 tdx - ok
01:13:59.0680 4620 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:13:59.0695 4620 TermDD - ok
01:13:59.0742 4620 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:13:59.0867 4620 TermService - ok
01:13:59.0898 4620 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:13:59.0945 4620 Themes - ok
01:13:59.0960 4620 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:14:00.0023 4620 THREADORDER - ok
01:14:00.0054 4620 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:14:00.0148 4620 TrkWks - ok
01:14:00.0179 4620 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:14:00.0288 4620 TrustedInstaller - ok
01:14:00.0319 4620 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:14:00.0382 4620 tssecsrv - ok
01:14:00.0397 4620 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:14:00.0444 4620 TsUsbFlt - ok
01:14:00.0460 4620 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
01:14:00.0491 4620 TsUsbGD - ok
01:14:00.0522 4620 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:14:00.0616 4620 tunnel - ok
01:14:00.0631 4620 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:14:00.0647 4620 uagp35 - ok
01:14:00.0662 4620 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:14:00.0787 4620 udfs - ok
01:14:00.0834 4620 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:14:00.0896 4620 UI0Detect - ok
01:14:00.0928 4620 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:14:00.0959 4620 uliagpkx - ok
01:14:00.0990 4620 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:14:01.0037 4620 umbus - ok
01:14:01.0068 4620 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
01:14:01.0099 4620 UmPass - ok
01:14:01.0224 4620 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
01:14:01.0302 4620 UNS - ok
01:14:01.0333 4620 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:14:01.0442 4620 upnphost - ok
01:14:01.0474 4620 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:14:01.0520 4620 USBAAPL64 - ok
01:14:01.0536 4620 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:14:01.0583 4620 usbccgp - ok
01:14:01.0630 4620 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:14:01.0692 4620 usbcir - ok
01:14:01.0723 4620 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
01:14:01.0770 4620 usbehci - ok
01:14:01.0817 4620 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:14:01.0864 4620 usbhub - ok
01:14:01.0879 4620 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:14:01.0926 4620 usbohci - ok
01:14:01.0973 4620 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:14:02.0020 4620 usbprint - ok
01:14:02.0051 4620 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:14:02.0082 4620 usbscan - ok
01:14:02.0113 4620 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:14:02.0160 4620 USBSTOR - ok
01:14:02.0191 4620 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:14:02.0222 4620 usbuhci - ok
01:14:02.0269 4620 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
01:14:02.0316 4620 usbvideo - ok
01:14:02.0347 4620 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:14:02.0441 4620 UxSms - ok
01:14:02.0456 4620 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:14:02.0488 4620 VaultSvc - ok
01:14:02.0519 4620 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:14:02.0534 4620 vdrvroot - ok
01:14:02.0566 4620 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:14:02.0644 4620 vds - ok
01:14:02.0675 4620 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:14:02.0722 4620 vga - ok
01:14:02.0737 4620 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:14:02.0831 4620 VgaSave - ok
01:14:02.0846 4620 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:14:02.0878 4620 vhdmp - ok
01:14:02.0878 4620 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:14:02.0893 4620 viaide - ok
01:14:02.0924 4620 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:14:02.0940 4620 volmgr - ok
01:14:02.0956 4620 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:14:02.0987 4620 volmgrx - ok
01:14:03.0002 4620 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:14:03.0034 4620 volsnap - ok
01:14:03.0065 4620 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:14:03.0112 4620 vsmraid - ok
01:14:03.0174 4620 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:14:03.0283 4620 VSS - ok
01:14:03.0283 4620 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:14:03.0330 4620 vwifibus - ok
01:14:03.0346 4620 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:14:03.0392 4620 vwififlt - ok
01:14:03.0439 4620 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:14:03.0533 4620 W32Time - ok
01:14:03.0564 4620 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:14:03.0611 4620 WacomPen - ok
01:14:03.0642 4620 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:14:03.0704 4620 WANARP - ok
01:14:03.0720 4620 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:14:03.0767 4620 Wanarpv6 - ok
01:14:03.0829 4620 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:14:03.0907 4620 WatAdminSvc - ok
01:14:03.0970 4620 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:14:04.0063 4620 wbengine - ok
01:14:04.0079 4620 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:14:04.0141 4620 WbioSrvc - ok
01:14:04.0172 4620 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:14:04.0235 4620 wcncsvc - ok
01:14:04.0266 4620 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:14:04.0297 4620 WcsPlugInService - ok
01:14:04.0360 4620 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
01:14:04.0391 4620 Wd - ok
01:14:04.0438 4620 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:14:04.0484 4620 Wdf01000 - ok
01:14:04.0516 4620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:14:04.0625 4620 WdiServiceHost - ok
01:14:04.0625 4620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:14:04.0687 4620 WdiSystemHost - ok
01:14:04.0718 4620 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:14:04.0781 4620 WebClient - ok
01:14:04.0812 4620 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:14:04.0921 4620 Wecsvc - ok
01:14:04.0952 4620 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:14:05.0015 4620 wercplsupport - ok
01:14:05.0030 4620 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:14:05.0108 4620 WerSvc - ok
01:14:05.0124 4620 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:14:05.0186 4620 WfpLwf - ok
01:14:05.0218 4620 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
01:14:05.0233 4620 WimFltr - ok
01:14:05.0280 4620 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:14:05.0311 4620 WIMMount - ok
01:14:05.0327 4620 WinDefend - ok
01:14:05.0327 4620 WinHttpAutoProxySvc - ok
01:14:05.0405 4620 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:14:05.0514 4620 Winmgmt - ok
01:14:05.0576 4620 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:14:05.0670 4620 WinRM - ok
01:14:05.0717 4620 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:14:05.0764 4620 WinUsb - ok
01:14:05.0795 4620 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:14:05.0842 4620 Wlansvc - ok
01:14:05.0904 4620 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:14:05.0935 4620 wlcrasvc - ok
01:14:06.0076 4620 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:14:06.0185 4620 wlidsvc - ok
01:14:06.0200 4620 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
01:14:06.0247 4620 WmiAcpi - ok
01:14:06.0278 4620 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:14:06.0341 4620 wmiApSrv - ok
01:14:06.0372 4620 WMPNetworkSvc - ok
01:14:06.0388 4620 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:14:06.0434 4620 WPCSvc - ok
01:14:06.0450 4620 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:14:06.0497 4620 WPDBusEnum - ok
01:14:06.0528 4620 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:14:06.0606 4620 ws2ifsl - ok
01:14:06.0637 4620 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:14:06.0684 4620 wscsvc - ok
01:14:06.0684 4620 WSearch - ok
01:14:06.0778 4620 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:14:06.0856 4620 wuauserv - ok
01:14:06.0887 4620 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:14:06.0934 4620 WudfPf - ok
01:14:06.0980 4620 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:14:07.0027 4620 WUDFRd - ok
01:14:07.0058 4620 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:14:07.0105 4620 wudfsvc - ok
01:14:07.0136 4620 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:14:07.0199 4620 WwanSvc - ok
01:14:07.0230 4620 ================ Scan global ===============================
01:14:07.0246 4620 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:14:07.0292 4620 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
01:14:07.0308 4620 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
01:14:07.0339 4620 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:14:07.0370 4620 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:14:07.0386 4620 [Global] - ok
01:14:07.0386 4620 ================ Scan MBR ==================================
01:14:07.0402 4620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:14:07.0838 4620 \Device\Harddisk0\DR0 - ok
01:14:07.0838 4620 ================ Scan VBR ==================================
01:14:07.0870 4620 [ 1AC1A0DF5506C185B97E5E631AF78847 ] \Device\Harddisk0\DR0\Partition1
01:14:07.0870 4620 \Device\Harddisk0\DR0\Partition1 - ok
01:14:07.0885 4620 [ 5A2D464EA1A95BE36AAFFBF3BC8AD857 ] \Device\Harddisk0\DR0\Partition2
01:14:07.0885 4620 \Device\Harddisk0\DR0\Partition2 - ok
01:14:07.0885 4620 ============================================================
01:14:07.0885 4620 Scan finished
01:14:07.0885 4620 ============================================================
01:14:07.0916 5072 Detected object count: 0
01:14:07.0916 5072 Actual detected object count: 0
|
|
06.01.2013, 17:48
| #6 | |
| /// Malware-holic | Windows Explorer funktioniert nicht mehr Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Windows Explorer funktioniert nicht mehr |
|
06.01.2013, 19:18
| #7 |
| | Windows Explorer funktioniert nicht mehr hier die logfile von combofix [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 13-01-05.01 - **** 06.01.2013 18:43:03.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4072.2772 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\7z.exe
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-06 bis 2013-01-06 ))))))))))))))))))))))))))))))
.
.
2013-01-06 17:54 . 2013-01-06 17:54 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-01-06 17:54 . 2013-01-06 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-06 17:48 . 2013-01-06 17:48 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E3A048F-E268-4C0D-972E-158768776A14}\offreg.dll
2013-01-06 16:29 . 2013-01-06 16:29 -------- d-----w- c:\users\****\AppData\Local\Western Digital
2013-01-05 13:04 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-05 13:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-01-05 13:04 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-05 13:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-01-05 12:46 . 2013-01-05 13:14 -------- d-----w- c:\program files\Registry Easy
2013-01-05 12:22 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E3A048F-E268-4C0D-972E-158768776A14}\mpengine.dll
2012-12-13 17:15 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 17:15 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 17:34 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-12 17:34 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 17:34 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 17:34 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-06 16:12 . 2011-09-29 19:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-12-14 17:10 . 2011-10-08 16:17 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-13 16:56 . 2012-04-12 19:58 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 16:56 . 2011-10-03 17:40 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-13 18:31 . 2012-09-15 14:32 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2012-11-13 18:31 . 2012-06-08 09:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-10-16 08:38 . 2012-12-13 17:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-13 17:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-13 17:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-21 17:09 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-21 17:09 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-21 17:09 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-21 17:09 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2010-11-18 19:27 . 2010-11-18 19:27 162816 ----a-w- c:\program files (x86)\7z.sfx
2010-11-18 19:27 . 2010-11-18 19:27 152064 ----a-w- c:\program files (x86)\7zCon.sfx
2010-11-18 19:24 . 2010-11-18 19:24 1422336 ----a-w- c:\program files (x86)\7z.dll
2010-11-18 19:11 . 2010-11-18 19:11 387072 ----a-w- c:\program files (x86)\7zG.exe
2010-11-18 19:10 . 2010-11-18 19:10 740352 ----a-w- c:\program files (x86)\7zFM.exe
2010-11-18 19:08 . 2010-11-18 19:08 86016 ----a-w- c:\program files (x86)\7-zip.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-09-23 4478784]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-13 356376]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-11-13 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-19 203776]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-06-02 64128]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-17 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-17 29528]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-06 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Fam. Frank\AppData\Roaming\Mozilla\Firefox\Profiles\o67xs3nx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\°®9*]
"7040211900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-06 19:11:23
ComboFix-quarantined-files.txt 2013-01-06 18:11
.
Vor Suchlauf: 11 Verzeichnis(se), 104.294.682.624 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 103.904.653.312 Bytes frei
.
- - End Of File - - 4A8C5C820E5C1727EAA431D82BB3986C
|
|
06.01.2013, 19:38
| #8 |
| /// Malware-holic | Windows Explorer funktioniert nicht mehr Sieht ok aus. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 21:52
| #9 |
| | Windows Explorer funktioniert nicht mehr malwarebytes hat nichts gefunden, hier das Ergebnis: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: **** [Administrator] 06.01.2013 20:41:11 mbam-log-2013-01-06 (20-41-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 401700 Laufzeit: 1 Stunde(n), 6 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
07.01.2013, 18:04
| #10 |
| /// Malware-holic | Windows Explorer funktioniert nicht mehr Hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.01.2013, 22:28
| #11 |
| | Windows Explorer funktioniert nicht mehr Nun die Liste von ccleaner. Ich hoffe es ist die richtige Liste... Code:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 02.10.2011 4,53MB 9.20.00.0 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 19.09.2012 6,00MB 11.4.402.278 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 notwendig Adobe Reader X (10.1.1) - Deutsch Adobe Systems Incorporated 02.10.2011 119,2MB 10.1.1 notwendig Alcor Micro USB Card Reader Alcor Micro Corp. 04.09.2011 2,96MB 1.2.0117.08443 unbekannt Apple Application Support Apple Inc. 25.10.2012 64,6MB 2.2.2 unbekannt Apple Mobile Device Support Apple Inc. 14.10.2012 23,7MB 6.0.0.59 unbekannt Apple Software Update Apple Inc. 17.05.2012 2,38MB 2.1.3.127 notwendig Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 04.09.2011 2,27MB 1.12.5.0 unbekannt ASUS AI Recovery ASUS 04.09.2011 6,96MB 1.0.13 unbekannt ASUS LifeFrame3 ASUS 04.09.2011 30,2MB 3.0.21 unbekannt ASUS Power4Gear Hybrid ASUS 04.09.2011 13,3MB 1.1.44 notwendig ASUS SmartLogon ASUS 04.09.2011 11,2MB 1.0.0011 unbekannt/unnötig ASUS Splendid Video Enhancement Technology ASUS 04.09.2011 24,5MB 1.02.0031 unbekannt ASUS Virtual Camera asus 04.09.2011 3,13MB 1.0.21 unbekannt ASUS WebStorage eCareme Technologies, Inc. 04.09.2011 3.0.84.161 unbekannt ASUS_Screensaver 04.09.2011 unbekannt AsusVibe2.0 ASUSTEK 02.10.2011 2.0.6.125 unbekannt Atheros Driver Installation Program Atheros 04.09.2011 9.0 unbekannt ATI Catalyst Install Manager ATI Technologies, Inc. 04.09.2011 22,5MB 3.0.825.0 notwendig ATK Package ASUS 04.09.2011 12,0MB 1.0.0008 unbekannt Bonjour Apple Inc. 17.05.2012 2,00MB 3.0.0.10 unnötig Bookworm Deluxe Oberon Media Inc. 04.09.2011 unbekannt CCleaner Piriform 02.10.2011 3.11 notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 13.12.2012 208MB 12.0.6612.1000 notwendig Control ActiveX de Windows Live Mesh para conexiones remotas Microsoft Corporation 11.04.2011 5,38MB 15.4.5722.2 unbekannt Controlo ActiveX do Windows Live Mesh para Ligações Remotas Microsoft Corporation 11.04.2011 5,38MB 15.4.5722.2 unbekannt Contrôle ActiveX Windows Live Mesh pour connexions à distance Microsoft Corporation 11.04.2011 5,38MB 15.4.5722.2 unbekannt Cooking Dash Oberon Media Inc. 04.09.2011 unbekannt CyberLink LabelPrint CyberLink Corp. 04.09.2011 137,6MB 2.5.1908 unbekannt CyberLink Power2Go CyberLink Corp. 04.09.2011 110,4MB 6.1.3602c unbekannt/unnötig dm-Fotowelt CEWE COLOR AG u Co. OHG 11.12.2012 392MB 5.0.1 notwendig ETDWare PS/2-X64 8.0.5.1_WHQL ELAN Microelectronic Corp. 04.09.2011 8.0.5.1 unbekannt Fast Boot ASUS 04.09.2011 1,47MB 1.0.9 unbekannt Free Studio version 5.3.3 DVDVideoSoft Ltd. 31.01.2012 707MB unnötig Free YouTube Download version 3.1.40.1031 DVDVideoSoft Ltd. 12.11.2012 57,0MB 3.1.40.1031 notwenig Game Park Console Oberon Media, Inc. 11.04.2011 29,5MB 6.2.1.1 unbekannt Governor of Poker Oberon Media Inc. 04.09.2011 unbekannt Hotel Dash Suite Success Oberon Media Inc. 04.09.2011 unbekannt HP Photo Creations HP Photo Creations 16.07.2012 40,0MB 1.0.0.5192 notwendig HP Photosmart 5510 series - Grundlegende Software für das Gerät Hewlett-Packard Co. 16.07.2012 131,0MB 25.0.621.0 notwendig HP Photosmart 5510 series Hilfe Hewlett Packard 16.07.2012 9,84MB 140.0.2.2 notwendig HP Update Hewlett-Packard 25.10.2012 3,98MB 5.003.001.001 notwendig iCloud Apple Inc. 14.10.2012 80,2MB 2.0.2.187 notwendig ICQ7.6 ICQ 02.10.2011 7.6 notwendig InstantOn ASUS 04.09.2011 4,16MB 2.1.0 unbekannt Intel(R) Control Center Intel Corporation 05.09.2011 1.2.1.1007 unbekannt Intel(R) Management Engine Components Intel Corporation 05.09.2011 7.0.0.1144 unbekannt IrfanView (remove only) Irfan Skiljan 02.10.2011 1,50MB 4.30 notwendig iTunes Apple Inc. 11.11.2012 180,2MB 10.7.0.21 notwendig Kaspersky Internet Security 2013 Kaspersky Lab 14.09.2012 13.0.1.4190 notwendig Mahjongg dimensions Oberon Media Inc. 04.09.2011 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 05.01.2013 18,5MB 1.70.0.1100 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 15.10.2011 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 15.10.2011 2,94MB 4.0.30319 unbekannt Microsoft Office 2010 Microsoft Corporation 11.04.2011 6,31MB 14.0.4763.1000 notwendig Microsoft Office File Validation Add-In Microsoft Corporation 03.03.2012 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 27.04.2012 0,50MB 2.0.4024.1 unbekannt Microsoft Office Standard Edition 2003 Microsoft Corporation 13.12.2012 920MB 11.0.8173.0 notwendig Microsoft Silverlight Microsoft Corporation 11.05.2012 100,3MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11.04.2011 1,70MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 0,25MB 8.0.50727.4053 unnötig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 02.10.2011 0,29MB 8.0.61001 unnötig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 11.04.2011 0,61MB 8.0.61000 unnötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 29.03.2012 0,59MB 9.0.30729 unnötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 01.04.2012 0,59MB 9.0.30729.6161 unnötig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 02.03.2012 13,7MB 10.0.30319 unnötig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.11.2011 16,5MB 10.0.40219 unnötig Mozilla Firefox 16.0.1 (x86 de) Mozilla 25.10.2012 38,6MB 16.0.1 notwendig Mozilla Maintenance Service Mozilla 25.10.2012 0,32MB 16.0.1 unbekannt PDFCreator Frank Heindörfer, Philip Chinery 18.09.2012 1.5.0 notwendig Plants vs Zombies Oberon Media Inc. 04.09.2011 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.09.2011 6.0.1.6392 notwendig Registry Easy v5.6 CheeseSoft Inc. 04.01.2013 15,9MB 5.6 notwendig Skype™ 5.10 Skype Technologies S.A. 14.09.2012 19,4MB 5.10.116 notwendig Sonic Focus Synopsys 04.09.2011 4,31MB 1.0.0.4 unbekannt Studie zur Verbesserung von HP Photosmart 5510 series Produkten Hewlett-Packard Co. 16.07.2012 8,29MB 25.0.621.0 unbekannt VLC media player 1.1.11 VideoLAN 02.10.2011 1.1.11 notwendig Windows Live Essentials Microsoft Corporation 30.04.2012 15.4.3555.0308 notwendig Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 11.04.2011 5,38MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 11.04.2011 5,38MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 11.04.2011 5,38MB 15.4.5722.2 unbekannt WinFlash ASUS 04.09.2011 0,84MB 2.31.0unbekannt unbekannt Wireless Console 3 ASUS 04.09.2011 2,44MB 3.0.19 notwendig World of Goo Oberon Media Inc. 04.09.2011 unbekannt Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις Microsoft Corporation 11.04.2011 5,38MB 15.4.5722.2 unbekannt Элемент управления Windows Live Mesh ActiveX для удаленных подключений Microsoft Corporation 11.04.2011 5,38MB 15.4.5722.2 unbekannt פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים Microsoft Corporation 11.04.2011 5,38MB 15.4.5722.2 unbekannt عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة Microsoft Corporation 11.04.2011 5,38MB 15.4.5722.2 unbekannt 適用遠端連線的 Windows Live Mesh ActiveX 控制項 Microsoft Corporation 11.04.2011 5,57MB 15.4.5722.2 unbekannt |
|
08.01.2013, 18:09
| #12 |
| /// Malware-holic | Windows Explorer funktioniert nicht mehr deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Bonjour Bookworm Control Controlo Contrôle Cooking CyberLink : beide ETDWare Free Studio Game Park Governor Hotel Plants vs Registry Easy : finger weg von der Registry, eine falsche Aktion dort, und du hast ein kaputtes Betriebssystem oder Programme. Sonic Studie World of Goo Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.01.2013, 21:25
| #13 |
| | Windows Explorer funktioniert nicht mehrCode:
ATTFilter # AdwCleaner v2.105 - Datei am 08/01/2013 um 21:20:50 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\o67xs3nx.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\o67xs3nx.default\searchplugins\icqplugin-1.xml
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\****\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\****\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.1 (de)
Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\o67xs3nx.default\prefs.js
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=");
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\x8okkvf0.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1645 octets] - [08/01/2013 21:20:50]
########## EOF - C:\AdwCleaner[R1].txt - [1705 octets] ##########
|
|
08.01.2013, 23:38
| #14 |
| /// Malware-holic | Windows Explorer funktioniert nicht mehr Hi, Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 17:18
| #15 |
| | Windows Explorer funktioniert nicht mehrCode:
ATTFilter # AdwCleaner v2.105 - Datei am 09/01/2013 um 17:06:59 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\o67xs3nx.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\o67xs3nx.default\searchplugins\icqplugin-1.xml
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\****\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\****\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.1 (de)
Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\o67xs3nx.default\prefs.js
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=");
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\x8okkvf0.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1726 octets] - [08/01/2013 21:20:50]
AdwCleaner[S1].txt - [1707 octets] - [09/01/2013 17:06:59]
########## EOF - C:\AdwCleaner[S1].txt - [1767 octets] ##########
|
|
Linear-Darstellung
